Improving MPCitH with Preprocessing: Mask Is All You Need

Authors

  • Guowei Liu School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Guoxiao Liu Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China
  • Kaijie Jiang Institute for Advanced Study, Tsinghua University, Beijing, China
  • Qingyuan Yu School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Keting Jia Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China; Zhongguancun Laboratory, Beijing, China; BNRist, Tsinghua University, Beijing, China
  • Puwen Wei School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; Quan Cheng Shandong Laboratory, Jinan, China
  • Meiqin Wang Quan Cheng Shandong Laboratory, Jinan, China; School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

DOI:

https://doi.org/10.46586/tches.v2025.i2.1-22

Keywords:

MPCitH with preprocessing, Post-Quantum Digital Signature, Software Implementation, Hardware Implementation

Abstract

The MPC-in-the-head with preprocessing (MPCitH-PP) paradigm presents a novel approach for constructing post-quantum digital signatures like Picnic3. This paper revisits the MPCitH-PP construction, analyzing both its offline and online phases and proposing a reformulation of the protocol. By identifying redundant computations in these phases, we optimize them into a single phase, thereby enhancing the efficiency of MPCitH-PP. Furthermore, we explore the independence of the mask, demonstrating that it can be calculated in parallel, which also enables the optimization of the masked witness calculation.
Our optimized implementation of Picnic3 shows significant improvements. At the L1 security level, the optimal software implementation reduces MPCitH-PP calculation time to about 30% of the previous implementation. The optimal signature implementation costs about 78% of the previous implementation time. At the L5 security level, MPCitH-PP with parallelism optimal is reduced to about 26% of the previous solution’s time, and the optimal signature implementation runs at about 53% of the previous solution’s time. For the hardware implementation, our optimizations reduce the clock cycles of MPCitH-PP from r sequential rounds to a single parallel round, where r denotes the number of rounds in the LowMC algorithm, with little change in hardware usage, and perform better in AT product, especially for parallel computing.

Downloads

Published

2025-03-04

Issue

Vol. 2025 No. 2

Section

Articles

License

Copyright (c) 2025 Guowei Liu, Guoxiao Liu, Kaijie Jiang, Qingyuan Yu, Keting Jia, Puwen Wei, Meiqin Wang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Liu, G., Liu, G., Jiang, K., Yu, Q., Jia, K., Wei, P., & Wang, M. (2025). Improving MPCitH with Preprocessing: Mask Is All You Need. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(2), 1-22. https://doi.org/10.46586/tches.v2025.i2.1-22