Update

sec-stern.tex

@@ -58,6 +58,7 @@ Ling, Nguyen, Stehlé and Wang~\cite{LNSW13} noticed that the \textsf{ZKAoK} of
 
 A technique to relax the constraints on the \textsf{ZKAoK} of \cref{le:zk-ktx} is the so-called ``Decomposition-Extension'' technique~\cite{LNSW13}\cite{LSS14,ELL+15,LLNW16} as explained in the introduction of this Section (\ref{sse:stern}).
 
+\index{Lattices!Inhomogeneous \SIS}
 To prove the knowledge of an \ISIS preimage, i.e. 
 the knowledge of a bounded vector $\mathbf{w} \in [-B,B]^m$ that satisfies relation~\eqref{eq:isis-stern-relation}, the goal is to rewrite $\mathbf w$ as $\bar{\mathbf w} = \mathbf K \cdot \mathbf w \bmod q$ with a public transfer matrix $\mathbf K$ such that $\bar{\mathbf w} \in \nbit^{m'}$ and of known numbers of elements equal to $j$ for $j \in \nbit$.
 This reduces to use \cref{le:zk-ktx} to prove the knowledge of $\bar{\mathbf w} \in \nbit^{m'}$ for public input $(\mathbf M \cdot \mathbf K, \mathbf v)$.
@@ -119,6 +120,7 @@ The resulting matrix $\mathbf{K}= \left[\mathbf{K}_{m,B}^{} \mid \mathbf 0^{m \t
   \caption{Stern-like \textsf{ZKAoK} for the relation $\mathrm{R_{abstract}}$.}
   \label{fig:Interactive-Protocol}
 \end{figure}
+\index{Zero Knowledge!Stern's protocol}
 
 
 Let $K$, $D$, $q$ be positive integers with $D \geq K$ and $q \geq 2$, and let $\mathsf{VALID}$ be a subset of $\mathbb{Z}^D$. Suppose that $\mathcal{S}$ is a finite set such that every element $\phi \in \mathcal{S}$ can be associated with a permutation $\Gamma_\phi \in \permutations_D$ satisfying the following conditions: