Solving low-density subset sum problems
Journal of the ACM (JACM)
The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Zero-knowledge proofs of identity
Journal of Cryptology
An alternative to the Fiat-Shamir protocol
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Improved low-density subset sum algorithms
Computational Complexity
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract)
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A probabilistic algorithm for computing minimum weights of large error-correcting codes
IEEE Transactions on Information Theory - Part 1
Cryptanalysis of the Matsumoto and Imai Public Key Schemeof Eurocrypt‘98
Designs, Codes and Cryptography
A New \mathcal{NP}-Complete Problem and Public-Key Identification
Designs, Codes and Cryptography
Designs, Codes and Cryptography
Hi-index | 0.00 |
Zero-knowledge proofs were introduced in 1985, in a paper by Goldwasser, Micali and Rackoff ([6]). Their practical significance was soon demonstrated in the work of Fiat and Shamir ([4]), who turned zero-knowledge proofs of quadratic residuosity into efficient means of establishing user identities. Still, as is almost always the case in public-key cryptography, the Fiat-Shamir scheme relied on arithmetic operations on large numbers. In 1989, there were two attempts to build identification protocols that only use simple operations (see [11, 10]). One appeared in the EUROCRYPT proceedings and relies on the intractability of some coding problems, the other waa presented at the CRYPTO rump session and depends on the so-called Permuted Kernel problem (PKP). Unfortunately, the first of the schemes was not really practical. In the present paper, we propose a new identification scheme, based on error-correcting codes, which is zero-knowledge and is of practical value. Furthermore, we describe several variants, including one which has an identity based character. The security of our scheme depends on the hardness of decoding a word of given syndrome w.r.t. some binary linear error-correcting code.