The 1993 Stern authentication protocol is a code-based zeroknowledge protocol with cheating probability equal to 2/3 based on the syndrome decoding problem which permits to obtain a proof of knowledge of a small weight vector. This protocol was improved a few years later by Véron, who proposed a variation of the scheme based on the general syndrome decoding problem which leads to better results in term of communication. A few years later, the AGS protocol introduced a variation of the Véron protocol based on quasi-cyclic matrices. The AGS protocol permits to obtain an asymptotic cheating probability of 1/2 and a strong improvement in term of communications. In the present paper we propose two new contributions. First, a Quasi-Cyclic Stern proof of knowledge construction which constitutes an adaptation of the AGS scheme in a syndrome decoding context. The main interest of this adaptation is that at the difference of the regular (non quasi-cyclic) case, the Quasi-Cyclic Stern protocol is better in terms of communication than its Véron counterpart (the AGS protocol, which can be seen as a Quasi-Cyclic Véron protocol). The difference comes from the fact that a seed related optimization is better for QC-Stern than for QC-Véron. Secondly, we also propose a general new optimization to handle random seeds in this type of protocol. Overall, the two new optimizations we propose permit to gain about 17.5% in the length of communication compared to the previous best approach for this type of protocols. Such optimizations are of great matter in the ongoing context where a new signature call for proposals has been announced by the NIST and for which such zeroknowledge approaches are a real alternative, as it was shown in the first signature call for proposals of the NIST. At last, the paper also sums up the different known optimizations for such protocols and explain how our new approach can be adapted to other metrics.
No abstract
In this paper, we study code-based signatures constructed from Proof of Knowledge (PoK). This line of work can be traced back to Stern who introduces the first efficient PoK for the syndrome decoding problem in 1993 [Ste93]. Afterward, different variations were proposed in order to reduce signature's size. In practice, obtaining a smaller signature size relies on the interaction of two main considerations: (i) the underlying protocol and its soundness error and (ii) the type of optimizations which are compatible with a given protocol. In particular, optimizations related to the possibility to use random seeds instead of mere vectors have a great impact on the final signature length. Over the years, different variations were proposed to improve the Stern scheme such as the Veron scheme (with public key a noisy codeword rather than a syndrome) [Vér97], the AGS scheme which is a 5-pass protocol with cheating probability asymptotically equal to 1/2 [AGS11] and more recently the FJR approach which permits to decrease the cheating probability to 1/N but induces a performance overhead [FJR21]. Overall the length of the signature depends on a trade-off between: the scheme in itself, the possible optimizations and the cost of the implementation. For instance, depending on the application one may prefer a 30% shorter signature at the cost a ten times slower implementation rather than a longer signature but a faster implementation. The recent approaches which increase the cost of the implementation opens the door to many different type of trade-offs.In this paper we propose three new schemes and different trade-offs, which are all interesting in themselves, since depending on potential future optimizations a scheme may eventually become more efficient than another. All the schemes we propose use a trusted helper: a first scheme permits to get a 1/2 cheating probability, a second scheme permits to decrease the cheating probability in 1/N but with a different approach than the recent FJR scheme and at last a third scheme propose a Veron-like adaptation of the FJR scheme in which the public key is a noisy codeword rather than a syndrome. We provide an extensive comparison table which lists various trade-offs between our schemes and previous ones. The table shows the interest of our constructions for certain type of trade-offs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.