Paper 2021/478

TurboIKOS: Improved Non-interactive Zero Knowledge and Post-Quantum Signatures

Yaron Gvili, Julie Ha, Sarah Scheffler, Mayank Varia, Ziling Yang, and Xinyuan Zhang


In this work, we present a zero knowledge argument for general arithmetic circuits that is public-coin and constant rounds, so it can be made non-interactive and publicly verifiable with the Fiat-Shamir heuristic. The construction is based on the MPC-in-the-head paradigm, in which the prover jointly emulates all MPC protocol participants and can provide advice in the form of Beaver triples whose accuracy must be checked by the verifier. Our construction follows the Beaver triple sacrificing approach used by Baum and Nof [PKC 2020]. Our improvements reduce the communication per multiplication gate from 4 to 2 field elements, matching the performance of the cut-and-choose approach taken by Katz, Kolesnikov, and Wang [CCS 2018] and with lower additive overhead for some parameter settings. We implement our protocol and analyze its cost on Picnic-style post-quantum digital signatures based on the AES family of circuits.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ACNS 2021
zero knowledgedigital signatures
Contact author(s)
sscheff @ bu edu
2021-04-15: received
Short URL
Creative Commons Attribution


      author = {Yaron Gvili and Julie Ha and Sarah Scheffler and Mayank Varia and Ziling Yang and Xinyuan Zhang},
      title = {{TurboIKOS}: Improved Non-interactive Zero Knowledge and Post-Quantum Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2021/478},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.