Skip to main content
Springer Nature Link
Log in

Zero Knowledge Protocols and Signatures from the Restricted Syndrome Decoding Problem

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2024 (PKC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14602))

Included in the following conference series:

Abstract

The Restricted Syndrome Decoding Problem (R-SDP) cor- responds to the Syndrome Decoding Problem (SDP) with the additional constraint that all entries of the solution error vector must live in a fixed subset of the finite field. In this paper, we study how this problem can be applied to the construction of signatures derived from Zero-Knowledge (ZK) protocols. First, we show that R-SDP appears to be well-suited for this type of application: ZK protocols relying on SDP can easily be modified to use R-SDP, resulting in significant reductions in the communication cost. We then introduce and analyze a variant of R-SDP, which we call R-SDP(G), with the property that solution vectors can be represented with a number of bits that is slightly larger than the security parameter (which clearly provides an ultimate lower bound). This enables the design of competitive ZK protocols. We show that existing ZK protocols can greatly benefit from the use of R-SDP, achieving signature sizes in the order of 7 kB, which are smaller than those of several other schemes submitted to NIST’s additional call for post-quantum digital signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Change history

  • 23 May 2024

    A correction has been published.

Notes

  1. 1.

    See, e.g., the official NIST call https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf.

  2. 2.

    A similar idea was already mentioned in [37], but it was not used in conjunction with a decoding problem.

  3. 3.

    Unless all \(k \times t\) matrices are singular, however, a random \(k\times t\) matrix has probability \(\prod _{i = 0}^{k-1}(1-q^{i-t})\ge (1-q^{-(t-k+1)})^k\) to be invertible.

  4. 4.

    https://github.com/secomms/RBG.

  5. 5.

    The provided code considers only one round of the protocol. Multiplying the timings by t (the number of parallel executions), we obtain a very reliable estimate of the overall required time.

  6. 6.

    Which we have collected from https://pqshield.github.io/nist-sigs-zoo/. Data are referred to October 15, 2023.

References

  1. Aaraj, N., et al.: PERK: PERmuted Kernels. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  2. Adj, G., et al.: MiRitH: MinRank in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  3. Aguilar Melchor, C., et al.: SDitH: Syndrome Decoding in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  4. Aragon, N., et al.: RYDE: Rank Decoding in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  5. Aragon, N., et al.: MIRA: MinRank in-the-Head. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  6. Baldi, M., et al.: LESS: Linear Equivalence Signature Scheme. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  7. Baldi, M., et al.: CROSS: codes and restricted objects signature scheme. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  8. Baldi, M., et al.: A new path to code-based signatures via identification schemes with restricted errors. arXiv preprint arXiv:2008.06403 (2020)

  9. Baldi, M., Bitzer, S., Pavoni, A., Santini, P., Wachter-Zeh, A., Weger, V.: Zero knowledge protocols and signatures from the restricted syndrome decoding problem. Cryptology ePrint Archive (2023)

    Google Scholar 

  10. Banegas, G., et al.: WAVE. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  11. Barg, S.: Some new NP-complete coding problems. Problemy Peredachi Informatsii 30(3), 23–28 (1994)

    MathSciNet  Google Scholar 

  12. Becker, A., Coron, J.-S., Joux, A.: Improved generic algorithms for hard knapsacks. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 364–385. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_21

    Chapter  Google Scholar 

  13. Berlekamp, E., McEliece, R., Van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)

    Article  MathSciNet  Google Scholar 

  14. Beullens, W.: Sigma protocols for MQ, PKP and SIS, and fishy signature schemes. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology – EUROCRYPT 2020: 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part III, pp. 183–211. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_7

    Chapter  Google Scholar 

  15. Bidoux, L., Gaborit, P.: Shorter signatures from proofs of knowledge for the SD, MQ, PKP and RSD Problems. arXiv preprint arXiv:2204.02915 (2022)

  16. Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.-P.: Statistical decoding 2.0: reducing decoding to LPN. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology – ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2022, Proceedings, Part IV, pp. 477–507. Springer Nature Switzerland, Cham (2022). https://doi.org/10.1007/978-3-031-22972-5_17

    Chapter  Google Scholar 

  17. Cayrel, P.-L., Véron, P., El Yousfi Alaoui, S.M.: A zero-knowledge identification scheme based on the q-ary syndrome decoding problem. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, pp. 171–186. Springer Berlin Heidelberg, Berlin, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_12

    Chapter  Google Scholar 

  18. Chailloux, A., Etinski, S.: On the (in) security of optimized stern-like signature schemes. Designs, Codes and Cryptography (2023)

    Google Scholar 

  19. Cho, J., No, J.S., Lee, Y., Kim, Y.S., Koo, Z.: Enhanced pqsigRM. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  20. Chou, T., et al.: MEDS: Matrix equivalence digital signature. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  21. Debris-Alazard, T., Sendrier, N., Tillich, J.P.: Wave: A new code-based signature scheme. In: Asiacrypt 2019 (2019)

    Google Scholar 

  22. Debris-Alazard, T., Tillich, J.P.: Statistical decoding. In: 2017 IEEE International Symposium on Information Theory (ISIT), pp. 1798–1802. IEEE (2017)

    Google Scholar 

  23. Dumer, I.I.: Two decoding algorithms for linear codes. Problemy Peredachi Informatsii 25(1), 24–32 (1989)

    MathSciNet  Google Scholar 

  24. Feneuil, T., Joux, A., Rivain, M.: Shared permutation for syndrome decoding: New zero-knowledge protocol and code-based signature, pp. 1–46. Designs, Codes and Cryptography pp (2022)

    Google Scholar 

  25. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  26. Gueron, S., Persichetti, E., Santini, P.: Designing a practical code-based signature scheme from zero-knowledge proofs with trusted setup. Cryptography 6(1), 5 (2022)

    Article  Google Scholar 

  27. Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass MQ-based identification to MQ-based signatures. IACR Cryptol. ePrint Arch. 2016, 708 (2016)

    Google Scholar 

  28. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: Proceedings of the Thirty-ninth Annual ACM Symposium on Theory Of Computing, pp. 21–30 (2007)

    Google Scholar 

  29. Jabri, A.A.: A statistical decoding algorithm for general linear block codes. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 1–8. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_1

    Chapter  Google Scholar 

  30. Kales, D., Zaverucha, G.: An attack on some signature schemes constructed from five-pass identification schemes. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_1

    Chapter  Google Scholar 

  31. Ritterhoff, S., et al.: FuLeeca: A Lee-based Signature Scheme. Submission to the NIST Post-Quantum Standardization project (2023)

    Google Scholar 

  32. Santini, P., Baldi, M., Chiaraluce, F.: Computational hardness of the permuted kernel and subcode equivalence problems. Cryptology ePrint Archive (2022)

    Google Scholar 

  33. Shamir, A.: An efficient identification scheme based on permuted kernels (extended abstract). In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 606–609. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_54

    Chapter  Google Scholar 

  34. Singleton, R.: Maximum distance \(q\)-nary codes. IEEE Trans. Inf. Theory 10(2), 116–118 (1964)

    Article  MathSciNet  Google Scholar 

  35. Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0019850

    Chapter  Google Scholar 

  36. Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_2

    Chapter  Google Scholar 

  37. Stern, J.: Designing identification schemes with keys of short size. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 164–173. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_18

    Chapter  Google Scholar 

  38. Weger, V., Khathuria, K., Horlemann, A.L., Battaglioni, M., Santini, P., Persichetti, E.: On the hardness of the Lee syndrome decoding problem. In: Advances in Mathematics of Communications (2022)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their helpful comments.

Violetta Weger is supported by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement no. 899987.

Marco Baldi is supported by the Italian Ministry of University’s PRIN 2022 program under the “Mathematical Primitives for Post Quantum Digital Signatures” (P2022J4HRR) and “POst quantum Identification and eNcryption primiTives: dEsign and Realization (POINTER)” (2022M2JLF2) projects funded by the European Union - Next Generation EU.

Sebastian Bitzer and Antonia Wachter-Zeh acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the program of “Souverän. Digital. Vernetzt.”. Joint project 6G-life, project identification number: 16KISK002.

Author information

Authors and Affiliations

  1. Department for Information Engineering, Polytechnic University of Marche, Brecce Bianche 12, 60131, Ancona, Italy

    Marco Baldi, Alessio Pavoni & Paolo Santini

  2. Institute for Communications Engineering, Technical University of Munich, Theresienstraße 90, 80333, Munich, Germany

    Sebastian Bitzer, Antonia Wachter-Zeh & Violetta Weger

Authors
  1. Marco Baldi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Bitzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessio Pavoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paolo Santini
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antonia Wachter-Zeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Violetta Weger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paolo Santini .

Editor information

Editors and Affiliations

  1. The University of Sydney, Sydney, NSW, Australia

    Qiang Tang

  2. The Australian National University, Acton, ACT, Australia

    Vanessa Teague

Ethics declarations

Declarations

The authors have no competing interests to declare that are relevant to the content of this article.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baldi, M., Bitzer, S., Pavoni, A., Santini, P., Wachter-Zeh, A., Weger, V. (2024). Zero Knowledge Protocols and Signatures from the Restricted Syndrome Decoding Problem. In: Tang, Q., Teague, V. (eds) Public-Key Cryptography – PKC 2024. PKC 2024. Lecture Notes in Computer Science, vol 14602. Springer, Cham. https://doi.org/10.1007/978-3-031-57722-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-57722-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-57721-5

  • Online ISBN: 978-3-031-57722-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships