Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures

Carsten Baum; Ward Beullens; Lennart Braun; Cyprien Delpech de Saint Guilhem; Michael Klooss; Christian Majenz; Shibam Mukherjee; Emmanuela Orsini; Sebastian Ramacher; Christian Rechberger; Lawrence Roy; Peter Scholl

doi:10.1007/978-3-032-01887-8_5

Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures

Carsten Baum
, Ward Beullens
, Lennart Braun (Vortragende:r)
, Cyprien Delpech de Saint Guilhem
, Michael Klooss
, Christian Majenz
, Shibam Mukherjee
, Emmanuela Orsini
, Sebastian Ramacher
, Christian Rechberger
, Lawrence Roy
, Peter Scholl

Security & Communication Technologies

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

In the past decade and largely in response to the NIST standardization effort for post-quantum cryptography, many new designs for digital signatures have been proposed. Among those, the FAEST digital signature scheme (Baum et al., CRYPTO 2023) stands out due to its interesting security-performance trade- off. It only relies on well-tested symmetric-key cryptographic primitives, as it constructs a digital signature from a zero-knowledge (ZK) proof of knowledge of an AES key. To achieve this, it uses the VOLE- in-the-Head ZK proof system which relies only on pseudorandom generator (PRG) and hash function calls. FAEST simultaneously has relatively small signature size and competitive sign and verify times.In this work, we improve both the security and practical efficiency of FAEST. We improve the main computational bottleneck of the original construction by replacing hash function calls in the underlying vector commitment scheme with calls to an AES-based PRG. At the same time, we also improve the signature size by revisiting the evaluation of the AES block cipher in ZK. We use observations from Galois Theory to compress the size of the witness (and thus signature), due to the algebraic nature of the AES S-Box. We implemented our new construction, and our benchmarks show that its sign and verify times reduce up to 50% over the state-of-the-art while achieving the same security and smaller signatures.Finally, we analyze our resulting signature scheme both in the Quantum Random Oracle Model (QROM) and its classical analogue. To achieve concretely good security bounds, we devise a new classical proof for FAEST based on Renyi divergence techniques. We construct a QROM analogue and present a new Fiat-Shamir transform which is applicable to VOLE-in-the-Head-based signature schemes.

Originalsprache	Englisch
Titel	Advances In Cryptology-Crypto 2025
Untertitel	45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI
Redakteure/-innen	YT Kalai, SF Kamara
Herausgeber (Verlag)	Springer Nature
Seiten	124-156
Seitenumfang	33
Band	16005
ISBN (elektronisch)	978-3-032-01887-8
ISBN (Print)	978-3-032-01886-1
DOIs	https://doi.org/10.1007/978-3-032-01887-8_5
Publikationsstatus	Veröffentlicht - 2025
Veranstaltung	45th International Cryptology Conference-CRYPTO-Annual - Santa Barbara, Kanada Dauer: 17 Aug. 2025 → 21 Aug. 2025

Publikationsreihe

Name	Lecture Notes In Computer Science

Konferenz

Konferenz	45th International Cryptology Conference-CRYPTO-Annual
Land/Gebiet	Kanada
Stadt	Santa Barbara
Zeitraum	17/08/25 → 21/08/25

Research Field

Cyber Security

Zugriff auf Dokument

10.1007/978-3-032-01887-8_5

Andere Dateien und Links

Datensatz in Web of Science anzeigen

Diese Publikation zitieren

Baum, C., Beullens, W., Braun, L., de Saint Guilhem, C. D., Klooss, M., Majenz, C., Mukherjee, S., Orsini, E., Ramacher, S., Rechberger, C., Roy, L., & Scholl, P. (2025). Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures. in YT. Kalai, & SF. Kamara (Hrsg.), Advances In Cryptology-Crypto 2025: 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI (Band 16005, S. 124-156). (Lecture Notes In Computer Science). Springer Nature. https://doi.org/10.1007/978-3-032-01887-8_5

Baum, Carsten ; Beullens, Ward ; Braun, Lennart et al. / Shorter, Tighter, FAESTer : Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures. Advances In Cryptology-Crypto 2025: 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI. Hrsg. / YT Kalai ; SF Kamara. Band 16005 Springer Nature, 2025. S. 124-156 (Lecture Notes In Computer Science).

@inproceedings{5a179ee200be4253900becb881cef7e6,

title = "Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures",

abstract = "In the past decade and largely in response to the NIST standardization effort for post-quantum cryptography, many new designs for digital signatures have been proposed. Among those, the FAEST digital signature scheme (Baum et al., CRYPTO 2023) stands out due to its interesting security-performance trade- off. It only relies on well-tested symmetric-key cryptographic primitives, as it constructs a digital signature from a zero-knowledge (ZK) proof of knowledge of an AES key. To achieve this, it uses the VOLE- in-the-Head ZK proof system which relies only on pseudorandom generator (PRG) and hash function calls. FAEST simultaneously has relatively small signature size and competitive sign and verify times.In this work, we improve both the security and practical efficiency of FAEST. We improve the main computational bottleneck of the original construction by replacing hash function calls in the underlying vector commitment scheme with calls to an AES-based PRG. At the same time, we also improve the signature size by revisiting the evaluation of the AES block cipher in ZK. We use observations from Galois Theory to compress the size of the witness (and thus signature), due to the algebraic nature of the AES S-Box. We implemented our new construction, and our benchmarks show that its sign and verify times reduce up to 50\% over the state-of-the-art while achieving the same security and smaller signatures.Finally, we analyze our resulting signature scheme both in the Quantum Random Oracle Model (QROM) and its classical analogue. To achieve concretely good security bounds, we devise a new classical proof for FAEST based on Renyi divergence techniques. We construct a QROM analogue and present a new Fiat-Shamir transform which is applicable to VOLE-in-the-Head-based signature schemes.",

author = "Carsten Baum and Ward Beullens and Lennart Braun and \{de Saint Guilhem\}, \{Cyprien Delpech\} and Michael Klooss and Christian Majenz and Shibam Mukherjee and Emmanuela Orsini and Sebastian Ramacher and Christian Rechberger and Lawrence Roy and Peter Scholl",

year = "2025",

doi = "10.1007/978-3-032-01887-8\_5",

language = "English",

isbn = "978-3-032-01886-1",

volume = "16005",

series = "Lecture Notes In Computer Science",

publisher = "Springer Nature",

pages = "124--156",

editor = "YT Kalai and SF Kamara",

booktitle = "Advances In Cryptology-Crypto 2025",

address = "Switzerland",

note = "45th International Cryptology Conference-CRYPTO-Annual ; Conference date: 17-08-2025 Through 21-08-2025",

}

Baum, C, Beullens, W, Braun, L, de Saint Guilhem, CD, Klooss, M, Majenz, C, Mukherjee, S, Orsini, E, Ramacher, S, Rechberger, C, Roy, L & Scholl, P 2025, Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures. in YT Kalai & SF Kamara (Hrsg.), Advances In Cryptology-Crypto 2025: 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI. Bd. 16005, Lecture Notes In Computer Science, Springer Nature, S. 124-156, 45th International Cryptology Conference-CRYPTO-Annual, Santa Barbara, Kanada, 17/08/25. https://doi.org/10.1007/978-3-032-01887-8_5

Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures. / Baum, Carsten; Beullens, Ward; Braun, Lennart (Vortragende:r) et al.
Advances In Cryptology-Crypto 2025: 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI. Hrsg. / YT Kalai; SF Kamara. Band 16005 Springer Nature, 2025. S. 124-156 (Lecture Notes In Computer Science).

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - Shorter, Tighter, FAESTer

T2 - 45th International Cryptology Conference-CRYPTO-Annual

AU - Baum, Carsten

AU - Beullens, Ward

AU - de Saint Guilhem, Cyprien Delpech

AU - Klooss, Michael

AU - Majenz, Christian

AU - Mukherjee, Shibam

AU - Orsini, Emmanuela

AU - Ramacher, Sebastian

AU - Rechberger, Christian

AU - Roy, Lawrence

AU - Scholl, Peter

A2 - Braun, Lennart

A2 - Kalai, YT

A2 - Kamara, SF

PY - 2025

Y1 - 2025

N2 - In the past decade and largely in response to the NIST standardization effort for post-quantum cryptography, many new designs for digital signatures have been proposed. Among those, the FAEST digital signature scheme (Baum et al., CRYPTO 2023) stands out due to its interesting security-performance trade- off. It only relies on well-tested symmetric-key cryptographic primitives, as it constructs a digital signature from a zero-knowledge (ZK) proof of knowledge of an AES key. To achieve this, it uses the VOLE- in-the-Head ZK proof system which relies only on pseudorandom generator (PRG) and hash function calls. FAEST simultaneously has relatively small signature size and competitive sign and verify times.In this work, we improve both the security and practical efficiency of FAEST. We improve the main computational bottleneck of the original construction by replacing hash function calls in the underlying vector commitment scheme with calls to an AES-based PRG. At the same time, we also improve the signature size by revisiting the evaluation of the AES block cipher in ZK. We use observations from Galois Theory to compress the size of the witness (and thus signature), due to the algebraic nature of the AES S-Box. We implemented our new construction, and our benchmarks show that its sign and verify times reduce up to 50% over the state-of-the-art while achieving the same security and smaller signatures.Finally, we analyze our resulting signature scheme both in the Quantum Random Oracle Model (QROM) and its classical analogue. To achieve concretely good security bounds, we devise a new classical proof for FAEST based on Renyi divergence techniques. We construct a QROM analogue and present a new Fiat-Shamir transform which is applicable to VOLE-in-the-Head-based signature schemes.

AB - In the past decade and largely in response to the NIST standardization effort for post-quantum cryptography, many new designs for digital signatures have been proposed. Among those, the FAEST digital signature scheme (Baum et al., CRYPTO 2023) stands out due to its interesting security-performance trade- off. It only relies on well-tested symmetric-key cryptographic primitives, as it constructs a digital signature from a zero-knowledge (ZK) proof of knowledge of an AES key. To achieve this, it uses the VOLE- in-the-Head ZK proof system which relies only on pseudorandom generator (PRG) and hash function calls. FAEST simultaneously has relatively small signature size and competitive sign and verify times.In this work, we improve both the security and practical efficiency of FAEST. We improve the main computational bottleneck of the original construction by replacing hash function calls in the underlying vector commitment scheme with calls to an AES-based PRG. At the same time, we also improve the signature size by revisiting the evaluation of the AES block cipher in ZK. We use observations from Galois Theory to compress the size of the witness (and thus signature), due to the algebraic nature of the AES S-Box. We implemented our new construction, and our benchmarks show that its sign and verify times reduce up to 50% over the state-of-the-art while achieving the same security and smaller signatures.Finally, we analyze our resulting signature scheme both in the Quantum Random Oracle Model (QROM) and its classical analogue. To achieve concretely good security bounds, we devise a new classical proof for FAEST based on Renyi divergence techniques. We construct a QROM analogue and present a new Fiat-Shamir transform which is applicable to VOLE-in-the-Head-based signature schemes.

UR - https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=ait_230127_woslite_expandedapikey&SrcAuth=WosAPI&KeyUT=WOS:001588007500005&DestLinkType=FullRecord&DestApp=WOS_CPL

U2 - 10.1007/978-3-032-01887-8_5

DO - 10.1007/978-3-032-01887-8_5

M3 - Conference Proceedings with Oral Presentation

SN - 978-3-032-01886-1

VL - 16005

T3 - Lecture Notes In Computer Science

SP - 124

EP - 156

BT - Advances In Cryptology-Crypto 2025

PB - Springer Nature

Y2 - 17 August 2025 through 21 August 2025

ER -

Baum C, Beullens W, Braun L, de Saint Guilhem CD, Klooss M, Majenz C et al. Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures. in Kalai YT, Kamara SF, Hrsg., Advances In Cryptology-Crypto 2025: 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI. Band 16005. Springer Nature. 2025. S. 124-156. (Lecture Notes In Computer Science). doi: 10.1007/978-3-032-01887-8_5

Shorter, Tighter, FAESTer: Optimizations and Improved (QROM) Analysis for VOLE-in-the-Head Signatures

Abstract

Publikationsreihe

Konferenz

Research Field

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Diese Publikation zitieren