Vidéo pédagogique
Notice
Sous-titrage
Anglais
Langue :
Anglais
Crédits
Irene Marquez-Corbella (Intervention), Nicolas Sendrier (Intervention), Matthieu Finiasz (Intervention)
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
DOI : 10.60527/7j6c-xb35
Citer cette ressource :
Irene Marquez-Corbella, Nicolas Sendrier, Matthieu Finiasz. Inria. (2015, 5 mai). 5.5. Stern’s Zero-Knowledge Identification Scheme , in 5: Other cryptographic constructions relying on coding theory. [Vidéo]. Canal-U. https://doi.org/10.60527/7j6c-xb35. (Consultée le 15 mai 2025)
logo Inria
Inria - Institut national de recherche en sciences et technologies du numérique
S'abonner
Contacter

5.5. Stern’s Zero-Knowledge Identification Scheme

Réalisation : 5 mai 2015 - Mise en ligne : 21 février 2017
  • document 1 document 2 document 3
  • niveau 1 niveau 2 niveau 3
Descriptif

In this session, we aregoing to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is aZero-Knowledge Identification Scheme? An identification schemeallows a prover to prove his identity to a verifier. And the Zero-KnowledgeProtocol is an interactive protocol where one provesthe knowledge of something, without revealing any informationon this knowledge, on this element. So, Stern’s IdentificationScheme was invented in 1993 and security relies on thesyndrome decoding problem. Contrary to McEliece orthe CFS signature, it uses a random binary matrix which meansthat there is no trap inside it. Like otheridentification schemes, it can also be converted into a signaturescheme. The system parameters are a public binary matrix Hof size r * n and a weight w. Each user in the systemthat wants to be able to prove his identity picks a secretbinary vector e of length n and weight w, which can beseen as an error pattern, and computes thesyndrome of this vector e. This syndrome is publishedand is a kind of a public key. The identificationprotocol: the verifier knows the public key s and the proverhas to prove that he knows e such that s = H * e. And this has to be done withoutleaving any information about e. The identification schemeinvolves a prover and a verifier. The prover picks arandom vector y and a random permutation of theelements from 1 to n, σ. Then, it computes threecommitments c0, c1, c2 which are hashes are different elements thathe knows, depending of σ, y and e. And he sends these commitmentsto the verifier who stores them. Then, the verifier picks arandom value in 0, 1 or 2 and sends it to the prover. Depending on the value of b, theanswer of the prover will be different. If b = 0, the prover willreveal elements that allow the verifier to verifycommitments c1 and c2. These elements are thepermutation σ(y) and the permutation of the error vector σ(e).

Intervention
Thème
Disciplines :
Documentation
Support de présentation au format PDF

Dans la même collection

Voir tout

Avec les mêmes intervenants et intervenantes

Sur le même thème