Improved Identification Schemes Based on Error-Correcting Codes

As it is often the case in public-key cryptography, the first practical identification schemes were based on hard problems from number theory (factoring, discrete logarithms). The security of the proposed scheme depends on an NP-complete problem from the theory of error correcting codes:the syndrome decoding problem which relies on the hardness of decoding a binary word of given weight and given syndrome. Starting from Stern’s scheme [18], we define a dual version which, unlike the other schemes based on the SD problem, uses a generator matrix of a random linear binary code. This allows, among other things, an improvement of the transmission rate with regards to the other schemes. Finally, by using techniques of computation in a finite field, we show how it is possible to considerably reduce: — the complexity of the computations done by the prover (which is usually a portable device with a limited computing power), — the size of the data stored by the latter. Received March 10, 1995; revised version December 1, 1995