Improved identity-based identification using correcting codes
Pierre-Louis Cayrel2009, ArXiv
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In this paper, a new identity-based identification scheme based on error-correcting codes is proposed. Two well known code-based schemes are combined : the signature scheme by Courtois, Finiasz and Sendrier and an identification scheme by Stern. A proof of security for the scheme in the Random Oracle Model is given.
Related papers
Identity-based identification and signature schemes using correcting codes
In this paper, we propose a new identity-based identification (and signature) scheme based on error-correcting codes. This scheme is up to date the first identity-based scheme not based on number theory. The scheme combines two well known code-based schemes: the signature scheme of Courtois, Finiasz and Sendrier and the zero-knowledge authentication scheme of Stern (which may also be used for signature). The scheme inherits from the characteristics of the previous schemes: it has a large public key of order 1Mo and necessitates a certain number of exchange rounds. The scheme can also work in signature but leads to a very large signature of size 1Mo.
Improved code-based identification scheme
2010
We revisit the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and give a new 5-pass protocol for which the probability of the cheater is ≈ 1/2 (instead of 2/3 in the original Stern's proposal). Furthermore, we propose to use quasi-cyclic construction in order to dramatically reduce the size of the public key. The proposed scheme is zero-knowledge and relies on an NPcomplete problem coming from coding theory (namely the q-ary Syndrome Decoding problem). Taking into account a recent study of a generalization of Stern's information-set-decoding algorithm for decoding linear codes over arbitrary finite fields Fq, we suggest parameters so that the public key be 34Kbits while those of Stern's scheme is about 66Kbits. This provides a very practical identification (and possibly signature) scheme which is mostly attractive for lightweight cryptography.
Improved identification schemes based on error-correcting codes
Applicable Algebra in Engineering, Communication and Computing, 1997
As it is often the case in public-key cryptography, the first practical identification schemes were based on hard problems from number theory (factoring, discrete logarithms). The security of the proposed scheme depends on an NPcomplete problem from the theory of error correcting codes: the syndrome decoding problem which relies on the hardness of decoding a binary word of given weight and given syndrome. Starting from Stern's scheme [18], we define a dual version which, unlike the other schemes based on the SD problem, uses a generator matrix of a random linear binary code. This allows, among other things, an improvement of the transmission rate with regards to the other schemes. Finally, by using techniques of computation in a finite field, we show how it is possible to considerably reduce:-the complexity of the computations done by the prover (which is usually a portable device with a limited computing power),-the size of the data stored by the latter.
A new framework for the design and analysis of identity-based identification schemes
Theoretical Computer Science, 2008
Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can achieve security against impersonation under different levels of attacks, namely, passive attack (id-imp-pa), active attack (id-imp-aa) or concurrent attack (id-imp-ca). In particular, we show that an id-imp-pa secure IBI scheme can be built if there exists a trapdoor weakone-more relation and an honest verifier zero-knowledge proof with special soundness, while an id-imp-aa and id-imp-ca secure IBI scheme can be built if there exists a trapdoor strong-one-more relation and a Witness Dualism proof with Special Soundness (WD-SS). This new framework can capture IBI construction techniques that are not captured by other known frameworks. It also helps to construct new and efficient schemes. We demonstrate this by proposing two new IBI schemes, one achieving id-imp-pa, and the other one achieving both id-imp-aa and id-imp-ca, and neither of them can be captured by existing frameworks. 371 of attack, corresponding security models are normally formalized into two stages. In stage one, the adversary obtains communication transcripts between the prover and an honest verifier, or plays the role of a (possibly malicious) verifier while communicating with the prover for a number of times. In stage two, given the information collected in stage one, the adversary's goal is to impersonate the prover, that is, to make an honest verifier accept it as the prover.
Identity based identification from algebraic coding theory
2014
Cryptographic identification schemes allow a remote user to prove his/her identity to a verifier who holds some public information of the user, such as the user public key or identity. Most of the existing cryptographic identification schemes are based on number-theoretic hard problems such as Discrete Log and Factorization. This paper focuses on the design and analysis of identity based identification (IBI) schemes based on algebraic coding theory. We first revisit an existing code-based IBI scheme which is derived by combining the Courtois-Finiasz-Sendrier signature scheme and the Stern zero-knowledge identification scheme. Previous results have shown that this IBI scheme is secure under passive attacks. In this paper, we prove that the scheme in fact can resist active attacks. However, whether the scheme can be proven secure under concurrent attacks (the most powerful attacks against identification schemes) remains open. In addition, we show that it is difficult to apply the conventional OR-proof approach to this particular IBI scheme in order to obtain concurrent security. We then construct a special OR-proof variant of this scheme and prove that the resulting IBI scheme is secure under concurrent attacks.
A New Path to Code-based Signatures via Identification Schemes with Restricted Errors
ArXiv, 2020
In this paper we introduce a variant of the Syndrome Decoding Problem (SDP), that we call Restricted SDP (R-SDP), in which the entries of the searched vector are defined over a subset of the underlying finite field. We prove the NP-completeness of R-SDP, via a reduction from the canonical SDP, and describe how information set decoding algorithms can be adapted to solve this new problem. We study the properties of random codes under this new decoding perspective (in the fashion of traditional coding theory results), in order to derive the conditions upon which R-SDP has a unique solution with overwhelming probability. As a concrete application, we describe how Zero-Knowledge Identification (ZK-ID) schemes based on SDP can be tweaked to rely on R-SDP, and show that this leads to compact public keys as well as significantly reduced communication costs. Thus, these schemes offer an improved basis for the construction of code-based digital signature schemes derived from identification sc...
Cryptanalysis of two identiflcation schemes based on an ID-based cryptosystem
2005
Two identification schemes based on the Maurer-Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.
Cryptanalysis of two identification schemes based on an ID-based cryptosystem
IEE Proceedings - Communications, 2005
Two identification schemes based on the Maurer-Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.
An Improved Efficient Provable Secure Identity-Based Identification Scheme in the Standard Model
In 2008, Chin et al. proposed an efficient and provable secure identity-based identification scheme in the standard model. However, we discovered a subtle flaw in the security proof which renders the proof of security useless. While no weakness has been found in the scheme itself, a scheme that is desired would be one with an accompanying proof of security. In this paper, we provide a fix to the scheme to overcome the problem without affecting the efficiency as well as a new proof of security. In particular, we show that only one extra pre-computable pairing operation should be added into the commitment phase of the identification protocol to fix the proof of security under the same hard problems.
An Efficient and Provable Secure Identity-Based Identification Scheme in the Standard Model
We present an efficient and provable secure identity-based identification scheme in the standard model. Our proposed scheme is secure against impersonation under passive attack based on the Computational Diffie-Hellman assumption, and secure under active and concurrent attacks based on the One-More Computational Diffie-Hellman assumption.
On the security of a modified Beth identity-based identification scheme
In their seminal work for identity-based identification (IBI) schemes in 2004, Bellare et al. left open the question of whether the Beth identification scheme, and consequently the derived IBI scheme, can be proven secure against active and concurrent attackers. In 2008, Crescenzo answered the question in the positive by presenting a modified version of the Beth identification scheme as well as the corresponding derived IBI scheme. In this paper, we show that while the modified version of the Beth identification scheme proposed by Crescenzo is secure, an attack exists on the corresponding Beth-IBI scheme.
A k-Resilient Identity-Based Identification Scheme in the Standard Model
An identification scheme allows one party to prove himself or herself (the prover) to another party (the verifier) without revealing any information regarding his or her secret. The traditional public key cryptography setting utilizes certificates to bind a user with his public key, but certificate management has since become a problem on its own. An identity-based identification scheme does away with the certificate management problem by binding a user's public key to his or her identity string. In this paper, we present a k-resilient identity-based identification (IBI) scheme. We provide a reductionist proof of security approach to prove that our scheme is secure up to k-number of passive malicious attackers by assuming the discrete logarithm problem is intractable. Our proof of security is in the standard model -we do not assume that random oracles exist.
Security Proofs for Identity-Based Identification and Signature Schemes
Journal of Cryptology, 2009
This paper provides either security proofs or attacks for a large number of identity-based identification and signature schemes defined either explicitly or implicitly in existing literature. Underlying these is a framework that on the one hand helps explain how these schemes are derived, and on the other hand enables modular security analyses, thereby helping to understand, simplify and unify previous work. We also analyze a generic folklore construction that in particular yields identity-based identification and signature schemes without random oracles.
Fuzzy Identity-Based Identification Scheme
Communications in Computer and Information Science, 2009
We present a new type of Identity-Based Identification (IBI), namely Fuzzy Identity-Based Identification (FIBI). FIBI is an extension of traditional IBI where the identity (ID) is viewed as a set of values. In FIBI, identification is considered successful if and only if the ID set presented by the prover overlaps the verifier's ID set for certain distance metric d. The proposed scheme is secure against impersonation under passive attack based on the discrete logarithm assumption, and is secure against concurrent attack based on the one-more discrete logarithm assumption. We provide the security proof in the fuzzy selective-ID security model.
Efficient implementation of code-based identification/signatures schemes
2011
In this paper we present efficient implementations of several code-based identification schemes, namely the Stern scheme, the Veron scheme and the Cayrel-Veron-El Yousfi scheme. For a security of 80 bits, we obtain a signature in respectively 1.048 ms, 0.987 ms and 0.594 ms.
On concrete security treatment of signatures derived from identification
Lecture Notes in Computer Science, 1998
Signature schemes that are derived from three move identification schemes such as the Fiat-Shamir, Schnorr and modified E1Gamal schemes axe a typical class of the most practical signature schemes. The random oracle paradigm [1, 2, 12] is useful to prove the security of such a class of signature schemes [4, 12]. This paper presents a new key technique, "ID reduction", to show the concrete security result of this class of signature schemes under the random oracle paradigm. First, we apply this technique to the Schnorr and modified E1Gamal schemes, and show the "concrete security analysis" of these schemes. We then apply it to the multi-signature schemes.
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
Advances in Cryptology — CRYPTO’ 92
This paper presents a three-move interactive identification scheme and proves it to be as secure as t h e discrete logarithm problem. This provably secure scheme is almost as efficient as t,he Schnorr identification scheme, while the Schnorr scheme is not provably secure. This paper also presents another practical identification scheme which is proven to be as secure as the factoring problem arid is almost as efficient as the Guillou-Quisquater identification scheme: the Guillou-Quisquater scheme is not provably secure. We &so propose practical digital signature schemes based on these identification schemes. T h e signature schemes are almost as efficient as the Schnorr and Giiillou-Quisquater signature schemes, while the securit.y assumptions of our signature schemes are weaker than those of the Schnorr and Guillou-Quisquater.signature schemes. This paper also gives a theoretically generalized result: a threemove identification scheme can be constructed which is a s secure as the random-self-reducible problem. Moreover, this paper proposes a variant which is proven to be a s secure as the difficulty of solving both the discrete logarithm problem and the specific factoring problem simultaneously. Some other variants such as an identity-based variant and an elliptic curve variant are also proposed.
Hierarchical Identity-Based Identification Schemes
Hierarchical identity-based cryptography was introduced with the purpose of reducing the burden of a single Private Key Generator (PKG) and to limit damage to only domains whose lower-level PKGs are compromised. However, until now only security models and concrete schemes for hierarchical identity-based encryption and signature schemes are found in literature. In this paper, we propose the initial idea for hierarchical identity-based identification (HIBI) schemes. We provide the formal definition and security model for HIBI schemes and then proceed to propose a concrete HIBI scheme secure against passive attacks in the random oracle model under the Computational Diffie-Hellman assumption. We also prove the HIBI scheme secure against active and concurrent attacks in the random oracle model under the One-More Computational Diffie-Hellman assumption.
Java Implementation for Identity-Based Identification
There are a lot of papers on cryptography implementation but mostly on encryption and signature schemes.
Security Upgrade for a K-Resilient Identity-Based Identification Scheme in the Standard Model
In 2010, proposed an identity-based identification (IBI) scheme in the standard model which was resilient to a coalition of attackers conspiring together to break the scheme. They argued that the scheme was desirable due to its proof in the standard model, which is still rare in existing literature. Also desirable was that the proposed scheme was designed without bilinear pairings, which costs greatly in terms of operation costs, thereby allowing the scheme to run more efficiently. However, the proof of security for the proposed scheme was only against impersonation under passive attacks, where the adversary is only allowed to eavesdrop on conversations between honest parties during the identification protocol. In this paper, we upgrade the security proof to prove that the scheme is also secure against impersonation under active and concurrent attacks, showing that the scheme is still secure even if the adversary is to interact with honest parties during the attack.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.