A new identification scheme based on syndrome decoding
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
New Technique for Decoding Codes in the Rank Metric and Its Cryptography Applications
Problems of Information Transmission
An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract)
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designing Identification Schemes with Keys of Short Size
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A New Identification Algorithm
Proceedings of the International Conference on Cryptography: Policy and Algorithms
Security Bounds for the Design of Code-Based Cryptosystems
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A zero-knowledge identification scheme based on the q-ary syndrome decoding problem
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Isometries for rank distance and permutation group of Gabidulin codes
IEEE Transactions on Information Theory
Hi-index | 0.00 |
In 1995, K. Chen proposed a 5-pass zero-knowledge identification protocol based on the rank distance. The protocol is a 5-pass protocol with cheating probability $\frac{1}{2}$ in the spirit of Shamir's PKP protocol and Stern's SD protocol, but it has the additional property of avoiding the use of a hash function. This latter feature is very interesting from a low-cost cryptography perspective, but it also raises the suspicion of being too good to be true. The contribution of this paper is twofold, first we show that the protocol's proof of zero-knowledge is flawed and we describe how to fully break the protocol in two different ways and in time polynomial in the size of the parameters. Secondly we propose a new zero-knowledge identification protocol for rank distance, for which we give a rigorous proof of zero-knowledge: however the proof requires the use of a hash function. The parameters of the new protocol are substantially improved compared to those of Chen's original protocol.