Updates

sec-stern.tex

@@ -67,6 +67,8 @@ This reduces to use \cref{le:zk-ktx} to prove the knowledge of $\bar{\mathbf{w}}
 To construct such a transfer matrix $\mathbf{K}$,  \cite{LNSW13} showed that \textit{decomposing} a vector $\mathbf{x} \in [-B,B]^m$ as a vector $\tilde{\mathbf{x}} \in \nbit^{m \cdot \delta_B}$ and \textit{extending} the resulting vector into $\bar{\mathbf{x}} \in \mathsf{B}^3_{m \delta_B}$ leads to a new statement that can be proven using the variant of Stern's protocol described in~\cite{KTX08}.
 The resulting matrix $\mathbf{K}= \left[\mathbf{K}_{m,B}^{} \mid \mathbf{0}^{m \times 2m\delta_B}\right] \in \ZZ^{m \times 3m\delta_B}$, where $\mathbf{K}_{m,B}^{}$ is the \nbit-decomposition matrix $\mathbf{K}_{m,B} = \mathbf{I}_m \otimes \left[B_1 \mid \cdots \mid B_{\delta_B} \right]$ with $B_j^{} = \left\lfloor \frac{B + 2^{j-1}}{2^j} \right\rfloor$, for all $j \in \{1,\ldots,j\}$, can be computed from public parameters.
 
+In \cref{ch:ge-lwe}, we extend Stern-like protocols to handle statements where the matrix~$\mathbf M$ of~\eqref{eq:isis-stern-relation} is kept hidden. For this purpose, we define the decomposition-extension method in more detail in~\cref{se:decomposition-extensions-permutations}.
+
 
 \subsection{Abstraction of Stern's Protocol} \label{sse:stern-abstraction}
 \addcontentsline{tof}{subsection}{\protect\numberline{\thesubsection} Abstraction du protocole de Stern}