Welcome to the resource topic for 2024/1668

Title:
Modelings for generic PoK and Applications: Shorter SD and PKP based Signatures

Authors: Slim Bettaieb, Loïc Bidoux, Philippe Gaborit, Mukul Kulkarni

The Multi-Party Computation in the Head (MPCitH) paradigm has proven to be a versatile tool to design proofs of knowledge (PoK) based on variety of computationally hard problems. For instance, many post-quantum signatures have been designed from MPC based proofs combined with the Fiat-Shamir transformation. Over the years, MPCitH has evolved significantly with developments based on techniques such as threshold computing and other optimizations. Recently, Vector Oblivious Linear Evaluation (VOLE) and the VOLE in the Head framework has spurred further advances. In this work, we introduce three VOLE-friendly modelings for generic and communication efficient PoK to prove the knowledge of secret witness in the form of elementary vectors, vectors of Hamming weight at most \omega, and permutation matrices. Remarkably, these modelings scale logarithmically with respect to the original witness sizes. Specifically, our modeling for elementary vectors of size n transforms the witness size to \mathcal{O}(\log_2(n)), in case of vectors of size n and Hamming weight at most \omega the reduced witness is of size \mathcal{O}\left(\omega \log_2(n)\right) while our modeling for permutation matrix of size n \times n results in an (equivalent) witness of size \mathcal{O}(n\log_2(n)), which leads to small proofs in practice. To achieve this, we consider modelings with higher multiplicative depth d > 2. Even if this increases the proof size, we show that our approach compares favorably with existing proofs. Such design choices were mostly overlooked in previous comparable works, maybe because prior to the VOLEitH framework, multiplications were often emulated with Beaver’s triples causing the proof size to scale poorly with d. We also provide several applications for our modelings namely i) post-quantum signature schemes based on the \mathsf{SD} (Syndrome Decoding) problem and \mathsf{PKP} (Permuted Kernel Problem), ii) PoK of secrets key for code-based key encapsulation mechanism (KEM), and iii) ring signatures from \mathsf{SD} and \mathsf{PKP}. Our signatures based on \mathsf{SD} over \mathbb{F}_2 and \mathsf{PKP} feature sizes of 3.9 kB and 3.6 kB for NIST-I security level which is respectively 26\% and 38\% shorter than state-of-the-art alternatives. Our PoK of secret key of BIKE and HQC are twice shorter than similar PoK for Kyber. In addition, we obtain the smallest ring signature based on \mathsf{SD} and the first ring signature based on \mathsf{PKP}.

ePrint: https://eprint.iacr.org/2024/1668

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .