Paper 2023/1573

Threshold Computation in the Head: Improved Framework for Post-Quantum Signatures and Zero-Knowledge Arguments

Thibauld Feneuil, CryptoExperts (France), Sorbonne University
Matthieu Rivain, CryptoExperts (France)

The MPC-in-the-Head paradigm is instrumental in building zero-knowledge proof systems and post-quantum signatures using techniques from secure multi-party computation. In this work, we extend and improve the recently proposed framework of MPC-in-the-Head based on threshold secret sharing, here called Threshold Computation in the Head. We first address the two main limitations of this framework, namely the degradation of the communication cost and the constraint on the number of parties. Our tweak of this framework makes it applicable to the previous MPCitH schemes (and in particular post-quantum signature candidates recently submitted to NIST) for which we obtain up to 50% timing improvements without degrading the signature size. Then we extend the TCitH framework to support quadratic (or higher degree) MPC round functions as well as packed secret sharing. We show the benefits of our extended framework for several applications. First, we provide post-quantum zero-knowledge arguments for arithmetic circuits which improve the state of the art in the "small to medium size" regime. Then we apply our extended framework to derive improved variants of the MPCitH candidates submitted to NIST. For most of them, we save between 5% and 37% of the signature size. We further propose a generic way to build efficient post-quantum ring signatures from any one-way function. When applying our TCitH framework to this design to concrete one-way functions, the obtained scheme outperforms all the previous proposals in the state of the art. For instance, our scheme instantiated with MQ achieves sizes below 6 KB and timings around 10 ms for a ring of 4000 users. Finally, we provide exact arguments for lattice problems. Our scheme is competitive with the state of the art and achieves proofs around 17 KB for LWE instances with similar security as Kyber512.

Note: [2024-02-16] extension of the framework to support packed secret sharings, new MPC protocol relying on packing, application of the framework to build zkpok for lattice instances, better comparison with VOLEitH and Ligero.

Available format(s)
Cryptographic protocols
Publication info
zero-knowledge proofsMPC-in-the-Headthreshold secret sharingpost-quantum signaturesring signatures
Contact author(s)
thibauld feneuil @ cryptoexperts com
matthieu rivain @ cryptoexperts com
2024-02-16: revised
2023-10-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Thibauld Feneuil and Matthieu Rivain},
      title = {Threshold Computation in the Head: Improved Framework for Post-Quantum Signatures and Zero-Knowledge Arguments},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1573},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.