A new signature scheme based on $(U|U+V)$ codes

We present here a new code-based digital signature scheme. This scheme uses (U |U + V ) codes, where both U and V are random. We prove that the scheme achieves existential unforgeability under adaptive chosen message attacks under two assumptions from coding theory, both strongly related to the hardness of decoding in a random linear code. The proof imposes a uniform distribution on the produced signatures, we show that this distribution is easily and efficiently achieved by rejection sampling. Our scheme is efficient to produce and verify signatures. For a (classical) security of 128 bits, the signature size is less than one kilobyte and the public key size a bit smaller than 2 megabytes. This gives the first practical signature scheme based on binary codes which comes with a security proof and which scales well with the security parameter: it can be shown that if one wants a security level of 2, then signature size is of order O(λ), public key size is of size O(λ), signature generation cost is of order O(λ), whereas signature verification cost is of order O(λ).