Zero Knowledge Protocols and Signatures from the Restricted Syndrome Decoding Problem
Gespeichert in:
| Titel: | Zero Knowledge Protocols and Signatures from the Restricted Syndrome Decoding Problem |
|---|---|
| Autoren: | Baldi, Marco, Bitzer, Sebastian, Pavoni, Alessio, Santini, Paolo, Wachter-Zeh, Antonia, Weger, Violetta |
| Weitere Verfasser: | Baldi, Marco, Bitzer, Sebastian, Pavoni, Alessio, Santini, Paolo, Wachter-Zeh, Antonia, Weger, Violetta |
| Verlagsinformationen: | SPRINGER INTERNATIONAL PUBLISHING AG |
| Publikationsjahr: | 2024 |
| Bestand: | Università Politecnica delle Marche: IRIS |
| Schlagwörter: | Code-based Cryptography, Post-Quantum Cryptography, Restricted Error, Signature Scheme, Syndrome Decoding Problem |
| Beschreibung: | The Restricted Syndrome Decoding Problem (R-SDP) corresponds to the Syndrome Decoding Problem (SDP) with the additional constraint that all entries of the solution error vector must live in a fixed subset of the finite field. In this paper, we study how this problem can be applied to the construction of signatures derived from Zero-Knowledge (ZK) protocols. First, we show that R-SDP appears to be well-suited for this type of application: ZK protocols relying on SDP can easily be modified to use R-SDP, resulting in significant reductions in the communication cost. We then introduce and analyze a variant of R-SDP, which we call R-SDP(G), with the property that solution vectors can be represented with a number of bits that is slightly larger than the security parameter (which clearly provides an ultimate lower bound). This enables the design of competitive ZK protocols. We show that existing ZK protocols can greatly benefit from the use of R-SDP, achieving signature sizes in the order of 7 kB, which are smaller than those of several other schemes submitted to NIST's additional call for post-quantum digital signatures. |
| Publikationsart: | conference object |
| Sprache: | English |
| Relation: | info:eu-repo/semantics/altIdentifier/isbn/9783031577215; info:eu-repo/semantics/altIdentifier/isbn/9783031577222; info:eu-repo/semantics/altIdentifier/wos/WOS:001274960100008; ispartofseries:Lecture Notes in Computer Science; ispartofbook:Public-Key Cryptography - PKC 2024; 27th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2024; volume:14602; firstpage:243; lastpage:274; numberofpages:32; serie:LECTURE NOTES IN COMPUTER SCIENCE; https://hdl.handle.net/11566/334572 |
| DOI: | 10.1007/978-3-031-57722-2_8 |
| Verfügbarkeit: | https://hdl.handle.net/11566/334572 https://doi.org/10.1007/978-3-031-57722-2_8 |
| Rights: | info:eu-repo/semantics/closedAccess |
| Dokumentencode: | edsbas.E571A2FC |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | The Restricted Syndrome Decoding Problem (R-SDP) corresponds to the Syndrome Decoding Problem (SDP) with the additional constraint that all entries of the solution error vector must live in a fixed subset of the finite field. In this paper, we study how this problem can be applied to the construction of signatures derived from Zero-Knowledge (ZK) protocols. First, we show that R-SDP appears to be well-suited for this type of application: ZK protocols relying on SDP can easily be modified to use R-SDP, resulting in significant reductions in the communication cost. We then introduce and analyze a variant of R-SDP, which we call R-SDP(G), with the property that solution vectors can be represented with a number of bits that is slightly larger than the security parameter (which clearly provides an ultimate lower bound). This enables the design of competitive ZK protocols. We show that existing ZK protocols can greatly benefit from the use of R-SDP, achieving signature sizes in the order of 7 kB, which are smaller than those of several other schemes submitted to NIST's additional call for post-quantum digital signatures. |
|---|---|
| DOI: | 10.1007/978-3-031-57722-2_8 |