Statistical zero-knowledge and analysis of rank-metric zero-knowledge proofs of knowledge

A series of Stern-like Code-Based Zero-Knowledge Proofs of Knowledge (CBZKPoKs) in the rank setting have been proposed since 2011. These CBZKPoKs (RStern, RJKPT, RVDC, RankId, RCVE, RVéronID) are rank metric adaptations of Stern, JKPT, AGS, CVE, and Véron protocols in the Hamming setting. RVéronID h...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Theoretical computer science Ročník 952; s. 113731
Hlavní autoři: Song, Yongcheng, Zhang, Jiang, Huang, Xinyi, Wu, Wei, Yang, Haining
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier B.V 31.03.2023
Témata:
Code-based cryptography
Post-quantum cryptography
Rank metric
Zero-knowledge proof of knowledge
Code-based cryptography
Post-quantum cryptography
Rank metric
Zero-knowledge proof of knowledge
ISSN:0304-3975, 1879-2294
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:A series of Stern-like Code-Based Zero-Knowledge Proofs of Knowledge (CBZKPoKs) in the rank setting have been proposed since 2011. These CBZKPoKs (RStern, RJKPT, RVDC, RankId, RCVE, RVéronID) are rank metric adaptations of Stern, JKPT, AGS, CVE, and Véron protocols in the Hamming setting. RVéronID has been analyzed and the witness can be recovered because improper permutation leaks the information of witness. However, there are several open problems in the rest of rank metric CBZKPoKs: (1) statistical zero-knowledge property; (2) security and completeness. In this paper, we deeply analyze rank metric permutation and its cryptographic properties, and rigorously show that RStern and RJKPT can achieve statistical zero-knowledge property. We then analyze RVDC, RankId, and RCVE and show that they do not satisfy completeness and RVDC can be broken by the rank support learning attack. To repair and strengthen security, we reconstruct the rank metric protocols (RAGS and RVéron), in which two protocols work on random linear codes without the limitation of cyclic structure. The performance analysis shows that: their communication costs (20 KB and 26 KB) are the lowest among existing Stern-like CBZKPoKs for 128-bit security. When compared with lattice-based zero-knowledge proofs of knowledge with a non-negligible soundness error such as improved Stern (PKC 2013), Bootle et al. (CRYPTO 2019), and Beullens (EUROCRYPT 2020), our protocols perform a significant advantage in communication costs.
ISSN:0304-3975
1879-2294
DOI:10.1016/j.tcs.2023.113731