A code-based group signature scheme

It is notably challenging to design an efficient and secure signature scheme based on error-correcting codes. An approach to build such signature schemes is to derive it from an identification protocol through the Fiat-Shamir transform. All such protocols based on codes must be run several rounds, since each run of the protocol allows a cheating probability of either 2/3 or 1/2. The resulting signature size is proportional to the number of rounds, thus making the 1/2 cheating probability version more attractive. We present a signature scheme based on double circulant codes in the rank metric, derived from an identification protocol with cheating probability of 2/3. We reduced this probability to 1/2 to obtain the smallest signature among signature schemes based on the Fiat-Shamir paradigm, around 22 KBytes for 128 bit security level. Furthermore, among all code-based signature schemes, our proposal has the lowest value of signature plus public key size, and the smallest secret and public key sizes. We provide a security proof in the Random Oracle Model, implementation performances, and a comparison with the parameters of the most important code-based signature schemes.

show abstract

“…Remark: notice that Stern-like schemes as usually presented are only weaktestable zero knowledge (see [6,Sect. 3.2]).…”

Section: Zero-knowledgementioning

confidence: 99%

“…Sect. 6 shows a comparison of the parameters of our proposal and other well-known code-based signature schemes, and Sect. 8 draws the conclusions.…”

Section: Introductionmentioning

confidence: 99%

Improved Veron Identification and Signature Schemes in the Rank Metric

Bellini

Caullery

Gaborit

et al. 2019

2019 IEEE International Symposium on Information Theory (ISIT)

Self Cite

View full text Add to dashboard Cite

show abstract

“…For given n and k and for almost all codes a wbounded decoder fails for a proportion ≈ exp(−V n (w)/q n−k ) of the instances. If we choose an integer w > b GV , a wbounded decoder almost never fails 1 . We will speak of a complete 2 decoder.…”

Section: A Syndrome Decodingmentioning

confidence: 99%

“…2. The CFS problem 1 most of the time w = b GV is enough, exceptionally w = b GV + 1 2 the word complete is used here for convenience, the decoder may fail but for a negligible proportion of the instances 2) Security of CFS. : Parity check matrices of high rate Goppa codes can be distinguished from random matrices [6].…”

Section: B Trapdoor Digital Signature (Cfs and Parallel-cfs)mentioning

confidence: 99%

“…In this section we introduce a (new) Concatenated Stern authentication protocol. This protocol is a simple randomized generalization of a non-randomized concatenated protocol given in [1]. We refer to [1] for a discussion on the notion of information leaking and testability of the Stern protocol for a non-randomized version of the protocol makes sense.…”

Section: Concatenated Stern Authentication Protocolmentioning

confidence: 99%

See 1 more Smart Citation

A code-based blind signature

Blazy

Gaborit

Schrek

et al. 2017

2017 IEEE International Symposium on Information Theory (ISIT)

Self Cite

View full text Add to dashboard Cite

International audienceIn this paper we give the first blind signature protocol for code-based cryptography. Our approach is different from the classical original RSA based blind signature scheme, it is done in the spirit of the Fischlin approach [9] which is based on proofs of knowledge. To achieve our goal we consider a new tool for zero-knowledge (ZK) proofs, the Concatenated Stern ZK protocol, which permits to obtain an authentication protocol for concatenated matrices. A signature is then obtained from the usual Fiat-Shamir heuristic. We describe our blind signature protocol for cryptography based on Hamming metric and show how it can be extended to rank based cryptography. The security of our blind protocol is based on the security of a trapdoor function for the syndrome decoding problem: the CFS signature scheme for Hamming distance and on the more recent RankSign protocol for rank metric. We give proofs in the random oracle model (ROM) for our blind signature scheme, which rely on the Syndrome Decoding problem. The parameters we obtain for our protocol are practical for rank metric (200kBytes) for the signature length and 15kBytes for public key size) and a little less practical for Hamming distance

show abstract

A Code-Based Linkable Ring Signature Scheme

Branco

Mateus

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A code-based group signature scheme

Cited by 45 publications

References 33 publications

Improved Veron Identification and Signature Schemes in the Rank Metric

Improved Veron Identification and Signature Schemes in the Rank Metric

A code-based blind signature

A Code-Based Linkable Ring Signature Scheme

Contact Info

Product

Resources

About