Dual Support Decomposition in the Head: Shorter Signatures from Rank SD and MinRank

Loïc Bidoux; Thibauld Feneuil; Philippe Gaborit; Romaric Neveu; Matthieu Rivain

Paper 2024/541

Dual Support Decomposition in the Head: Shorter Signatures from Rank SD and MinRank

Loïc Bidoux

, Technology Innovation Institute

Thibauld Feneuil

, CryptoExperts (France)

Philippe Gaborit

, University of Limoges

Romaric Neveu, University of Limoges

Matthieu Rivain

, CryptoExperts (France)

Abstract

The MPC-in-the-Head (MPCitH) paradigm is widely used for building post-quantum signature schemes, as it provides a versatile way to design proofs of knowledge based on hard problems. Over the years, the MPCitH landscape has changed significantly, with the most recent improvement coming from VOLE-in-the-Head (VOLEitH) and Threshold-Computation-in-the-Head (TCitH). While a straightforward application of these frameworks already improve the existing MPCitH-based signatures, we show in this work that we can adapt the arithmetic constraints representing the underlying security assumptions (here called the modeling) to achieve smaller sizes using these new techniques. More precisely, we explore existing modelings for the rank syndrome decoding (RSD) and MinRank problems and we introduce a new modeling, named dual support decomposition, which achieves better sizes with the VOLEitH and TCitH frameworks by minimizing the size of the witnesses. While this modeling is naturally more efficient than the other ones for a large set of parameters, we show that it is possible to go even further and explore new areas of parameters. With these new modeling and parameters, we obtain low-size witnesses which drastically reduces the size of the ``arithmetic part'' of the signature. We apply our new modeling to both TCitH and VOLEitH frameworks and compare our results to RYDE, MiRitH, and MIRA signature schemes. We obtain signature sizes below 4 kB for 128 bits of security with N=256 parties (a.k.a. leaves in the GGM trees) and going as low as $\approx$ 3.5 kB with N=2048, for both RSD and MinRank. This represents an improvement of more than 1.5 kB compared to the original submissions to the 2023 NIST call for additional signatures. We also note that recent techniques optimizing the sizes of GGM trees are applicable to our schemes and further reduce the signature sizes by a few hundred bytes, bringing them arround 3 kB (for 128 bits of security with N=2048).

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint.
Keywords: code-based rank-metric MPC-in-the-Head post-quantum signatures
Contact author(s): loic bidoux @ tii ae
thibauld feneuil @ cryptoexperts com
gaborit @ unilim fr
romaric neveu @ unilim fr
matthieu rivain @ cryptoexperts com
History: 2024-04-08: approved; 2024-04-07: received; See all versions
Short URL: https://ia.cr/2024/541
License: CC BY

BibTeX

@misc{cryptoeprint:2024/541,
      author = {Loïc Bidoux and Thibauld Feneuil and Philippe Gaborit and Romaric Neveu and Matthieu Rivain},
      title = {Dual Support Decomposition in the Head: Shorter Signatures from Rank SD and MinRank},
      howpublished = {Cryptology ePrint Archive, Paper 2024/541},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/541}},
      url = {https://eprint.iacr.org/2024/541}
}