Full cryptanalysis of the chen identification protocol

Authors:
Philippe Gaborit;Julien Schrek;Gilles Zémor
Affiliations:
Université de Limoges, XLIM-DMI, Limoges Cedex, France;Université de Limoges, XLIM-DMI, Limoges Cedex, France;Institut Mathématiques de Bordeaux UMR 5251 - Université Bordeaux I, Talence, France
Venue:
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Year:
2011

Citing 9
Cited 0

A new identification scheme based on syndrome decoding

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
New Technique for Decoding Codes in the Rank Metric and Its Cryptography Applications

Problems of Information Transmission
An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract)

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designing Identification Schemes with Keys of Short Size

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A New Identification Algorithm

Proceedings of the International Conference on Cryptography: Policy and Algorithms
Security Bounds for the Design of Code-Based Cryptosystems

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A zero-knowledge identification scheme based on the q-ary syndrome decoding problem

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Isometries for rank distance and permutation group of Gabidulin codes

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 1995, K. Chen proposed a 5-pass zero-knowledge identification protocol based on the rank distance. The protocol is a 5-pass protocol with cheating probability $\frac{1}{2}$ in the spirit of Shamir's PKP protocol and Stern's SD protocol, but it has the additional property of avoiding the use of a hash function. This latter feature is very interesting from a low-cost cryptography perspective, but it also raises the suspicion of being too good to be true. The contribution of this paper is twofold, first we show that the protocol's proof of zero-knowledge is flawed and we describe how to fully break the protocol in two different ways and in time polynomial in the size of the parameters. Secondly we propose a new zero-knowledge identification protocol for rank distance, for which we give a rigorous proof of zero-knowledge: however the proof requires the use of a hash function. The parameters of the new protocol are substantially improved compared to those of Chen's original protocol.