A code-based blind signature

The full scheme uses committed oblivious transfer (COT) [ 11 ] and zero-knowledge proofs of knowledge [ 17 ] to compute the Hamming distance in malicious model.. Each scheme has

Schemes based on problems as syndrome decoding or decoding random codes are well studied for years and there doesn't exist polynomial time algorithm to solve those problems even in

Schemes based on problems as syndrome decoding or decoding random codes are well studied for years and there doesn't exist polynomial time algorithm to solve those problems even in

Overall our protocol has a very short public key size, a signature length linear

The situation is even worse for Hamming metric, Persichetti proposed to use a similar approach for issuing only a single signature [22], but the sparsity of the challenge vector c

The security of the scheme build is based on two problems: the difficulty of decoding a random linear code [ BMvT78 ] and the difficulty of recovering a decoding algorithm from a

Interestingly, some recent work [CD17] has shown that these two properties (namely statistical in- distinguishability of the signatures and the syndromes associated to the code

Functionality: Our scheme is the first lattice-based group signature that supports membership revocation.. As discussed above, this is a desirable functionality for any group