One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures

Carsten Baum; Ward Beullens; Shibam Mukherjee; Emmanuela Orsini; Sebastian Ramacher; Christian Rechberger; Lawrence Roy; Peter Scholl

doi:10.1007/978-981-96-0875-1_15

One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures

Carsten Baum
, Ward Beullens
, Shibam Mukherjee
, Emmanuela Orsini
, Sebastian Ramacher
, Christian Rechberger
, Lawrence Roy
, Peter Scholl

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

The use of MPC-in-the-Head (MPCitH) based zero knowledge proofs of knowledge (ZKPoK) to prove knowledge of a preimage of a one-way function (OWF) is a popular approach towards constructing efficient post-quantum digital signatures. Starting with the Picnic signature scheme, many optimized MPCitH signatures using a variety of (candidate) OWFs have been proposed. Recently, Baum et al. (CRYPTO 2023) showed a fundamental improvement to MPCitH, called VOLE-in-the-Head (VOLEitH), which can generically reduce the signature size by at least a factor of two without decreasing computational performance or introducing new assumptions. Based on this, they designed the FAEST signature which uses AES as the underlying OWF. However, in comparison to MPCitH, the behavior of VOLEitH when using other OWFs is still unexplored. In this work, we improve a crucial building block of the VOLEitH and MPCitH approaches, the so-called all-but-one vector commitment, thus decreasing the signature size of VOLEitH and MPCitH signature schemes. Moreover, by introducing a small Proof of Work into the signing procedure, we can improve the parameters of VOLEitH (further decreasing signature size) without compromising the computational performance of the scheme. Based on these optimizations, we propose three VOLEitH signature schemes FAESTER, KuMQuat, and MandaRain based on AES, MQ, and Rain, respectively. We carefully explore the parameter space for these schemes and implement each, showcasing their performance with benchmarks. Our experiments show that these three signature schemes outperform MPCitH-based competitors that use comparable OWFs, in terms of both signature size and signing/verification time.

Original language	English
Title of host publication	Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
Editors	Kai-Min Chung, Yu Sasaki
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	463-493
Number of pages	31
ISBN (Print)	9789819608744
DOIs	https://doi.org/10.1007/978-981-96-0875-1_15
State	Published - 2025
Externally published	Yes
Event	30th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2024 - Kolkata, India Duration: 9 Dec 2024 → 13 Dec 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	15484 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	30th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2024
Country/Territory	India
City	Kolkata
Period	9/12/24 → 13/12/24

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2025.

Keywords

Post-Quantum
Signature Schemes
VOLEitH

Access to Document

10.1007/978-981-96-0875-1_15

Cite this

Baum, C., Beullens, W., Mukherjee, S., Orsini, E., Ramacher, S., Rechberger, C., Roy, L., & Scholl, P. (2025). One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures. In K.-M. Chung, & Y. Sasaki (Eds.), Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings (pp. 463-493). (Lecture Notes in Computer Science; Vol. 15484 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-0875-1_15

Baum, Carsten ; Beullens, Ward ; Mukherjee, Shibam et al. / One Tree to Rule Them All : Optimizing GGM Trees and OWFs for Post-Quantum Signatures. Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. editor / Kai-Min Chung ; Yu Sasaki. Springer Science and Business Media Deutschland GmbH, 2025. pp. 463-493 (Lecture Notes in Computer Science).

@inproceedings{56e3df013a6a49af9dcdd83ca590476f,

title = "One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures",

abstract = "The use of MPC-in-the-Head (MPCitH) based zero knowledge proofs of knowledge (ZKPoK) to prove knowledge of a preimage of a one-way function (OWF) is a popular approach towards constructing efficient post-quantum digital signatures. Starting with the Picnic signature scheme, many optimized MPCitH signatures using a variety of (candidate) OWFs have been proposed. Recently, Baum et al. (CRYPTO 2023) showed a fundamental improvement to MPCitH, called VOLE-in-the-Head (VOLEitH), which can generically reduce the signature size by at least a factor of two without decreasing computational performance or introducing new assumptions. Based on this, they designed the FAEST signature which uses AES as the underlying OWF. However, in comparison to MPCitH, the behavior of VOLEitH when using other OWFs is still unexplored. In this work, we improve a crucial building block of the VOLEitH and MPCitH approaches, the so-called all-but-one vector commitment, thus decreasing the signature size of VOLEitH and MPCitH signature schemes. Moreover, by introducing a small Proof of Work into the signing procedure, we can improve the parameters of VOLEitH (further decreasing signature size) without compromising the computational performance of the scheme. Based on these optimizations, we propose three VOLEitH signature schemes FAESTER, KuMQuat, and MandaRain based on AES, MQ, and Rain, respectively. We carefully explore the parameter space for these schemes and implement each, showcasing their performance with benchmarks. Our experiments show that these three signature schemes outperform MPCitH-based competitors that use comparable OWFs, in terms of both signature size and signing/verification time.",

keywords = "Post-Quantum, Signature Schemes, VOLEitH",

author = "Carsten Baum and Ward Beullens and Shibam Mukherjee and Emmanuela Orsini and Sebastian Ramacher and Christian Rechberger and Lawrence Roy and Peter Scholl",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 30th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2024 ; Conference date: 09-12-2024 Through 13-12-2024",

year = "2025",

doi = "10.1007/978-981-96-0875-1\_15",

language = "אנגלית",

isbn = "9789819608744",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "463--493",

editor = "Kai-Min Chung and Yu Sasaki",

booktitle = "Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings",

address = "גרמניה",

}

Baum, C, Beullens, W, Mukherjee, S, Orsini, E, Ramacher, S, Rechberger, C, Roy, L & Scholl, P 2025, One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures. in K-M Chung & Y Sasaki (eds), Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Lecture Notes in Computer Science, vol. 15484 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 463-493, 30th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2024, Kolkata, India, 9/12/24. https://doi.org/10.1007/978-981-96-0875-1_15

One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures. / Baum, Carsten; Beullens, Ward; Mukherjee, Shibam et al.
Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. ed. / Kai-Min Chung; Yu Sasaki. Springer Science and Business Media Deutschland GmbH, 2025. p. 463-493 (Lecture Notes in Computer Science; Vol. 15484 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - One Tree to Rule Them All

T2 - 30th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2024

AU - Baum, Carsten

AU - Beullens, Ward

AU - Mukherjee, Shibam

AU - Orsini, Emmanuela

AU - Ramacher, Sebastian

AU - Rechberger, Christian

AU - Roy, Lawrence

AU - Scholl, Peter

PY - 2025

Y1 - 2025

N2 - The use of MPC-in-the-Head (MPCitH) based zero knowledge proofs of knowledge (ZKPoK) to prove knowledge of a preimage of a one-way function (OWF) is a popular approach towards constructing efficient post-quantum digital signatures. Starting with the Picnic signature scheme, many optimized MPCitH signatures using a variety of (candidate) OWFs have been proposed. Recently, Baum et al. (CRYPTO 2023) showed a fundamental improvement to MPCitH, called VOLE-in-the-Head (VOLEitH), which can generically reduce the signature size by at least a factor of two without decreasing computational performance or introducing new assumptions. Based on this, they designed the FAEST signature which uses AES as the underlying OWF. However, in comparison to MPCitH, the behavior of VOLEitH when using other OWFs is still unexplored. In this work, we improve a crucial building block of the VOLEitH and MPCitH approaches, the so-called all-but-one vector commitment, thus decreasing the signature size of VOLEitH and MPCitH signature schemes. Moreover, by introducing a small Proof of Work into the signing procedure, we can improve the parameters of VOLEitH (further decreasing signature size) without compromising the computational performance of the scheme. Based on these optimizations, we propose three VOLEitH signature schemes FAESTER, KuMQuat, and MandaRain based on AES, MQ, and Rain, respectively. We carefully explore the parameter space for these schemes and implement each, showcasing their performance with benchmarks. Our experiments show that these three signature schemes outperform MPCitH-based competitors that use comparable OWFs, in terms of both signature size and signing/verification time.

AB - The use of MPC-in-the-Head (MPCitH) based zero knowledge proofs of knowledge (ZKPoK) to prove knowledge of a preimage of a one-way function (OWF) is a popular approach towards constructing efficient post-quantum digital signatures. Starting with the Picnic signature scheme, many optimized MPCitH signatures using a variety of (candidate) OWFs have been proposed. Recently, Baum et al. (CRYPTO 2023) showed a fundamental improvement to MPCitH, called VOLE-in-the-Head (VOLEitH), which can generically reduce the signature size by at least a factor of two without decreasing computational performance or introducing new assumptions. Based on this, they designed the FAEST signature which uses AES as the underlying OWF. However, in comparison to MPCitH, the behavior of VOLEitH when using other OWFs is still unexplored. In this work, we improve a crucial building block of the VOLEitH and MPCitH approaches, the so-called all-but-one vector commitment, thus decreasing the signature size of VOLEitH and MPCitH signature schemes. Moreover, by introducing a small Proof of Work into the signing procedure, we can improve the parameters of VOLEitH (further decreasing signature size) without compromising the computational performance of the scheme. Based on these optimizations, we propose three VOLEitH signature schemes FAESTER, KuMQuat, and MandaRain based on AES, MQ, and Rain, respectively. We carefully explore the parameter space for these schemes and implement each, showcasing their performance with benchmarks. Our experiments show that these three signature schemes outperform MPCitH-based competitors that use comparable OWFs, in terms of both signature size and signing/verification time.

KW - Post-Quantum

KW - Signature Schemes

KW - VOLEitH

UR - https://www.scopus.com/pages/publications/85213368982

U2 - 10.1007/978-981-96-0875-1_15

DO - 10.1007/978-981-96-0875-1_15

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85213368982

SN - 9789819608744

T3 - Lecture Notes in Computer Science

SP - 463

EP - 493

BT - Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings

A2 - Chung, Kai-Min

A2 - Sasaki, Yu

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 9 December 2024 through 13 December 2024

ER -

Baum C, Beullens W, Mukherjee S, Orsini E, Ramacher S, Rechberger C et al. One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures. In Chung KM, Sasaki Y, editors, Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 463-493. (Lecture Notes in Computer Science). doi: 10.1007/978-981-96-0875-1_15