Paper 2023/1760

Biscuit: New MPCitH Signature Scheme from Structured Multivariate Polynomials

Luk Bettale, IDEMIA, France
Delaram Kahrobaei, Queens College, City University of New York, USA
Ludovic Perret, Sorbonne University, France
Javier Verbel, Technology Innovation Institute, UAE

This paper describes Biscuit, a new multivariate-based signature scheme derived using the MPC-in-the-Head (MPCitH) approach. The security of Biscuit is related to the problem of solving a set of structured quadratic algebraic equations. These equations are highly compact and can be evaluated using very few multiplications (one multiplication per equation). The core of Biscuit is a rather simple MPC protocol for secure multiplications using standard optimized multiplicative triples. This paper also includes several improvements toward the initial version of Biscuit submitted to the NIST PQC standardization process for additional signature schemes. Notably, we introduce a new hypercube variant of Biscuit, refine the security analysis with recent third-party attacks, and present a new AVX2 implementation of Biscuit.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ACNS 2024
Post-QuantumDigital SignatureMPC-in-the-HeadMultivariate Polynomial
Contact author(s)
luk bettale @ idemia com
delaram kahrobaei @ qc cuny edu
ludovic perret @ lip6 fr
javier verbel @ tii ae
2024-02-11: last of 2 revisions
2023-11-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Luk Bettale and Delaram Kahrobaei and Ludovic Perret and Javier Verbel},
      title = {Biscuit: New MPCitH Signature Scheme from Structured Multivariate Polynomials},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1760},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.