In this paper, we construct two statistical zero-knowledge authentication protocols for smart cards based on general assumptions. The first protocol can only resist active attacks, where the smart card does not take part in more than one authentication session at a time. To make the protocol secure against quantum attacks, we instantiate it using lattice-based primitives. The instantiation is then compared to previous lattice-based authentication protocols with a zero-knowledge--like structure. We show that in most respects, our protocol is superior to the best previous protocol, due to Lyubashevsky. Specifically, we improve the communication and computation complexities by a factor of 5 and 30, respectively, while cutting the storage requirements by half. Although the \emph{theoretical} round complexity of Lyubashevsky's protocol is marginally better, we show that our protocol has a much better \emph{practical} round complexity. Finally, as Lyubashevsky's protocol is secure against concurrent attacks, we present a second protocol which uses trapdoor commitments, and is resilient against concurrent attacks as well. We show how to instantiate the second protocol using lattice-based primitives. To the best of our knowledge, this is the first construction of trapdoor commitments based on lattices.
↧