MPCitH-based Signatures from Restricted Decoding Problems
Michele Battagliola, Sebastian Bitzer, Antonia Wachter-Zeh, Violetta Weger
TL;DR
This paper embeds the restricted decoding problem $ ext{E}$-SDP into TCitH and VOLEitH MPC-in-the-Head signature frameworks, leveraging CROSS and ternary full-weight decoding hardness. It provides a polynomial modeling of $ ext{E}$-SDP that yields substantial signature-size reductions, including more than a twofold improvement over CROSS-NIST submissions, and shows that ternary full-weight decoding attains sizes competitive with the smallest NIST candidates. By comparing across CROSS-SDP and ternary-SDP regimes, the work demonstrates that TCitH/VOLEitH can adapt to different decoding hardness assumptions to achieve favorable trade-offs between security and efficiency. The results indicate meaningful practical gains for post-quantum signatures, with available artifacts to reproduce the reported parameterizations.
Abstract
Threshold-Computation-in-the-Head (TCitH) and VOLE-in-the-Head (VOLEitH), two recent developments of the MPC-in-the-Head (MPCitH) paradigm, have significantly improved the performance of digital signature schemes in this framework. In this note, we embed the restricted decoding problem within these frameworks. We propose a structurally simple modeling that achieves competitive signature sizes. Specifically, by instantiating the restricted decoding problem with the same hardness assumption underlying CROSS, we reduce sizes by more than a factor of two compared to the NIST submission. Moreover, we observe that ternary full-weight decoding, closely related to the hardness assumption underlying WAVE, is a restricted decoding problem. Using ternary full-weight decoding, we obtain signature sizes comparable to the smallest MPCitH-based candidates in the NIST competition.