Abstract
The Restricted Syndrome Decoding Problem (R-SDP) cor- responds to the Syndrome Decoding Problem (SDP) with the additional constraint that all entries of the solution error vector must live in a fixed subset of the finite field. In this paper, we study how this problem can be applied to the construction of signatures derived from Zero-Knowledge (ZK) protocols. First, we show that R-SDP appears to be well-suited for this type of application: ZK protocols relying on SDP can easily be modified to use R-SDP, resulting in significant reductions in the communication cost. We then introduce and analyze a variant of R-SDP, which we call R-SDP(G), with the property that solution vectors can be represented with a number of bits that is slightly larger than the security parameter (which clearly provides an ultimate lower bound). This enables the design of competitive ZK protocols. We show that existing ZK protocols can greatly benefit from the use of R-SDP, achieving signature sizes in the order of 7 kB, which are smaller than those of several other schemes submitted to NIST’s additional call for post-quantum digital signatures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Change history
23 May 2024
A correction has been published.
Notes
- 1.
See, e.g., the official NIST call https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf.
- 2.
A similar idea was already mentioned in [37], but it was not used in conjunction with a decoding problem.
- 3.
Unless all \(k \times t\) matrices are singular, however, a random \(k\times t\) matrix has probability \(\prod _{i = 0}^{k-1}(1-q^{i-t})\ge (1-q^{-(t-k+1)})^k\) to be invertible.
- 4.
- 5.
The provided code considers only one round of the protocol. Multiplying the timings by t (the number of parallel executions), we obtain a very reliable estimate of the overall required time.
- 6.
Which we have collected from https://pqshield.github.io/nist-sigs-zoo/. Data are referred to October 15, 2023.
References
Aaraj, N., et al.: PERK: PERmuted Kernels. Submission to the NIST Post-Quantum Standardization project (2023)
Adj, G., et al.: MiRitH: MinRank in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)
Aguilar Melchor, C., et al.: SDitH: Syndrome Decoding in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)
Aragon, N., et al.: RYDE: Rank Decoding in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)
Aragon, N., et al.: MIRA: MinRank in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)
Baldi, M., et al.: LESS: Linear Equivalence Signature Scheme. Submission to the NIST Post-Quantum Standardization project (2023)
Baldi, M., et al.: CROSS: codes and restricted objects signature scheme. Submission to the NIST Post-Quantum Standardization project (2023)
Baldi, M., et al.: A new path to code-based signatures via identification schemes with restricted errors. arXiv preprint arXiv:2008.06403 (2020)
Baldi, M., Bitzer, S., Pavoni, A., Santini, P., Wachter-Zeh, A., Weger, V.: Zero knowledge protocols and signatures from the restricted syndrome decoding problem. Cryptology ePrint Archive (2023)
Banegas, G., et al.: WAVE. Submission to the NIST Post-Quantum Standardization project (2023)
Barg, S.: Some new NP-complete coding problems. Problemy Peredachi Informatsii 30(3), 23–28 (1994)
Becker, A., Coron, J.-S., Joux, A.: Improved generic algorithms for hard knapsacks. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 364–385. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_21
Berlekamp, E., McEliece, R., Van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)
Beullens, W.: Sigma protocols for MQ, PKP and SIS, and fishy signature schemes. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology – EUROCRYPT 2020: 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part III, pp. 183–211. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_7
Bidoux, L., Gaborit, P.: Shorter signatures from proofs of knowledge for the SD, MQ, PKP and RSD Problems. arXiv preprint arXiv:2204.02915 (2022)
Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.-P.: Statistical decoding 2.0: reducing decoding to LPN. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology – ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2022, Proceedings, Part IV, pp. 477–507. Springer Nature Switzerland, Cham (2022). https://doi.org/10.1007/978-3-031-22972-5_17
Cayrel, P.-L., Véron, P., El Yousfi Alaoui, S.M.: A zero-knowledge identification scheme based on the q-ary syndrome decoding problem. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, pp. 171–186. Springer Berlin Heidelberg, Berlin, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_12
Chailloux, A., Etinski, S.: On the (in) security of optimized stern-like signature schemes. Designs, Codes and Cryptography (2023)
Cho, J., No, J.S., Lee, Y., Kim, Y.S., Koo, Z.: Enhanced pqsigRM. Submission to the NIST Post-Quantum Standardization project (2023)
Chou, T., et al.: MEDS: Matrix equivalence digital signature. Submission to the NIST Post-Quantum Standardization project (2023)
Debris-Alazard, T., Sendrier, N., Tillich, J.P.: Wave: A new code-based signature scheme. In: Asiacrypt 2019 (2019)
Debris-Alazard, T., Tillich, J.P.: Statistical decoding. In: 2017 IEEE International Symposium on Information Theory (ISIT), pp. 1798–1802. IEEE (2017)
Dumer, I.I.: Two decoding algorithms for linear codes. Problemy Peredachi Informatsii 25(1), 24–32 (1989)
Feneuil, T., Joux, A., Rivain, M.: Shared permutation for syndrome decoding: New zero-knowledge protocol and code-based signature, pp. 1–46. Designs, Codes and Cryptography pp (2022)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Gueron, S., Persichetti, E., Santini, P.: Designing a practical code-based signature scheme from zero-knowledge proofs with trusted setup. Cryptography 6(1), 5 (2022)
Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass MQ-based identification to MQ-based signatures. IACR Cryptol. ePrint Arch. 2016, 708 (2016)
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: Proceedings of the Thirty-ninth Annual ACM Symposium on Theory Of Computing, pp. 21–30 (2007)
Jabri, A.A.: A statistical decoding algorithm for general linear block codes. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 1–8. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_1
Kales, D., Zaverucha, G.: An attack on some signature schemes constructed from five-pass identification schemes. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_1
Ritterhoff, S., et al.: FuLeeca: A Lee-based Signature Scheme. Submission to the NIST Post-Quantum Standardization project (2023)
Santini, P., Baldi, M., Chiaraluce, F.: Computational hardness of the permuted kernel and subcode equivalence problems. Cryptology ePrint Archive (2022)
Shamir, A.: An efficient identification scheme based on permuted kernels (extended abstract). In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 606–609. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_54
Singleton, R.: Maximum distance \(q\)-nary codes. IEEE Trans. Inf. Theory 10(2), 116–118 (1964)
Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0019850
Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_2
Stern, J.: Designing identification schemes with keys of short size. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 164–173. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_18
Weger, V., Khathuria, K., Horlemann, A.L., Battaglioni, M., Santini, P., Persichetti, E.: On the hardness of the Lee syndrome decoding problem. In: Advances in Mathematics of Communications (2022)
Acknowledgements
The authors would like to thank the anonymous reviewers for their helpful comments.
Violetta Weger is supported by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement no. 899987.
Marco Baldi is supported by the Italian Ministry of University’s PRIN 2022 program under the “Mathematical Primitives for Post Quantum Digital Signatures” (P2022J4HRR) and “POst quantum Identification and eNcryption primiTives: dEsign and Realization (POINTER)” (2022M2JLF2) projects funded by the European Union - Next Generation EU.
Sebastian Bitzer and Antonia Wachter-Zeh acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the program of “Souverän. Digital. Vernetzt.”. Joint project 6G-life, project identification number: 16KISK002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
Declarations
The authors have no competing interests to declare that are relevant to the content of this article.
Rights and permissions
Copyright information
© 2024 International Association for Cryptologic Research
About this paper
Cite this paper
Baldi, M., Bitzer, S., Pavoni, A., Santini, P., Wachter-Zeh, A., Weger, V. (2024). Zero Knowledge Protocols and Signatures from the Restricted Syndrome Decoding Problem. In: Tang, Q., Teague, V. (eds) Public-Key Cryptography – PKC 2024. PKC 2024. Lecture Notes in Computer Science, vol 14602. Springer, Cham. https://doi.org/10.1007/978-3-031-57722-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-57722-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57721-5
Online ISBN: 978-3-031-57722-2
eBook Packages: Computer ScienceComputer Science (R0)
