5.5. Stern’s Zero-Knowledge Identification Scheme
- document 1 document 2 document 3
- niveau 1 niveau 2 niveau 3
- audio 1 audio 2 audio 3
Descriptif
In this session, we aregoing to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is aZero-Knowledge Identification Scheme? An identification schemeallows a prover to prove his identity to a verifier. And the Zero-KnowledgeProtocol is an interactive protocol where one provesthe knowledge of something, without revealing any informationon this knowledge, on this element. So, Stern’s IdentificationScheme was invented in 1993 and security relies on thesyndrome decoding problem. Contrary to McEliece orthe CFS signature, it uses a random binary matrix which meansthat there is no trap inside it. Like otheridentification schemes, it can also be converted into a signaturescheme. The system parameters are a public binary matrix Hof size r * n and a weight w. Each user in the systemthat wants to be able to prove his identity picks a secretbinary vector e of length n and weight w, which can beseen as an error pattern, and computes thesyndrome of this vector e. This syndrome is publishedand is a kind of a public key. The identificationprotocol: the verifier knows the public key s and the proverhas to prove that he knows e such that s = H * e. And this has to be done withoutleaving any information about e. The identification schemeinvolves a prover and a verifier. The prover picks arandom vector y and a random permutation of theelements from 1 to n, σ. Then, it computes threecommitments c0, c1, c2 which are hashes are different elements thathe knows, depending of σ, y and e. And he sends these commitmentsto the verifier who stores them. Then, the verifier picks arandom value in 0, 1 or 2 and sends it to the prover. Depending on the value of b, theanswer of the prover will be different. If b = 0, the prover willreveal elements that allow the verifier to verifycommitments c1 and c2. These elements are thepermutation σ(y) and the permutation of the error vector σ(e).
Intervenant
Thème
Notice
Documentation
Dans la même collection
-
5.7. The Fast Syndrome-Based (FSB) Hash FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a
-
5.6. An Efficient Provably Secure One-Way FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and
-
5.4. Parallel-CFSMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute
-
5.3. Attacks against the CFS SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is
-
5.2. The Courtois-Finiasz-Sendrier (CFS) ConstructionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document
-
5.1. Code-Based Digital SignaturesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key
Avec les mêmes intervenants
-
5.7. The Fast Syndrome-Based (FSB) Hash FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a
-
5.6. An Efficient Provably Secure One-Way FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and
-
5.4. Parallel-CFSMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute
-
5.3. Attacks against the CFS SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is
-
5.2. The Courtois-Finiasz-Sendrier (CFS) ConstructionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document
-
5.1. Code-Based Digital SignaturesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key
-
4.9. Goppa codes still resistMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that
-
4.8. Attack against Algebraic Geometry codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n
-
4.7. Attack against Reed-Muller codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm
-
4.6. Attack against GRS codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by
-
4.5. Error-Correcting PairsMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,
-
4.4. Attack against subcodes of GRS codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will talk about using subcodes of a Generalized Reed–Solomon code for the McEliece Cryptosystem. Recall that to avoid the attack of Sidelnikov and Shestakov, Berger and
Sur le même thème
-
"Le mathématicien Petre (Pierre) Sergescu, historien des sciences, personnalité du XXe siècle"HerléaAlexandre
Alexandre HERLEA est membre de la section « Sciences, histoire des sciences et des techniques et archéologie industrielle » du CTHS. Professeur émérite des universités, membre effectif de l'Académie
-
Retour d'expérience sur l'utilisation croisée de plusieurs archives de fouillesTufféryChristophe
Dans le cadre d'une thèse de doctorat engagée depuis 2019, une étude historiographique et épistémologique des effets des dispositifs numériques sur l'archéologie et sur les archéologues au cours des
-
Information Structures for Privacy and FairnessPalamidessiCatuscia
Information Structures for Privacy and Fairness
-
Le Creativ’Lab, au cœur de la robotique et de l’intelligence artificielle (ASR N°18 - LORIA)HénaffPatrickLefebvreSylvain
Le LORIA, laboratoire phare de la Grande Région dans le domaine de l’informatique, propose de rendre la recherche plus ouverte, plus collaborative, plus ambitieuse… en un mot, plus créative, à travers
-
AI and Human Decision-Making: An Interdisciplinary PerspectiveCastellucciaClaude
This seminar will talk about some of the privacy risks of these systems and will describe some recent attacks. It will also discuss why they sometimes fail to deliver. Finally, we will also show that
-
Webinaire sur la rédaction des PGDLouvetViolaine
Rédaction des Plans de Gestion de Données (PGD) sous l’angle des besoins de la communauté mathématique.
-
Les algorithmes de Parcoursup
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Algorithmes d'aide à la décision publique / Ouverture
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Quelques enjeux autour des algorithmes d'aide à la décision publique
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Un nouveau système de répartition des greffons cardiaques utilisant un algorithme
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Règles, calcul et politique : investigation des choix de programmation inaperçus pour les aides au …
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Algorithmes de décision publique : élaboration, évaluation et évolutions
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l