Artifacts for "VOLE-in-the-Head Signautres from Subfiled Bilinear Collisions"

This folder contains the artifacts for the paper "VOLE-in-the-Head Signautres from Subfiled Bilinear Collisions" submitted to ASIACRYPT 2025. This includes the necessary source code to reproduce the results from the paper.

This artifact is an adaptation of the standard MPCitH SBC signature artifact published at Crypto 2024, which is available at https://artifacts.iacr.org/crypto/2024/a2/.

The artifact contains the files 'maketest.sh', 'SBCtools.c', 'SBCvole.c', 'SBCunified.h' and 'SBCunified-CPUspecific.h'.

The code was primarily developped on Intel/AMD processors with AES instructions available. A more portable version is also provided, however, it is much slower.

To use the Intel/AMD version, it is necessary to install the "libmd-dev" package (to get access to SHA256). We used bicmd-dev Version 1.1.0-2build1.1 in our implementation.
To use the more portable version, it is necessary to install crypto-algorithms by Brad Conte. This is achieved by running the command:
git clone https://github.com/B-Con/crypto-algorithms.git
in the PARENT directory of the present code artefact.

The selection between portable and Intel/AMD is done by providing an argument to the 'maketest.sh' script (see below).

The code from 'SBCvole.c' contains the implementations of all versions of the VOLEitH signature scheme described in our paper.

The number of parties used in the signature scheme can be specified using the '-DL$i' command.
We use the parameters for the 128-bit security level of the SBC paper, i.e. q=2, k=257 and n=130. The number of parties and the number of rounds is set according the value of $i that is given.
$i corresponds to the log of the number of parties N=2^D that should be used.
The different versions using '-DL9', '-DL10', '-DL11', '-DL12', '-DL13', '-DL15' correspond to the parameters for N and tau specified in Table 1 in the paper.

The option '-DMINMAXCOMMIT' means that the "SBC_VOLE^M" version of the protocol using the MinMax commitments specified in Section 6.1 is used.

By running the file 'maketest.sh', a script is run which executes every parameter choice for the SBC_VOLE and SBC_VOLE^M signature used in Table 3.
For simplicity, this test script uses randomness based on the hash output of a fixed string and uses a fixed message to sign. This can be adjusted by changing the random seed in the 'main' function (line 1277 of the SBCvole.c file) and the message (line 1273 of the SBCvole.c file).
Running the script also executes some extra variants of the scheme using different methods for computing the commitment. Note that these extra variants are not specified in the paper.
The output includes the work memory size, the signature size, as well as the timings and clock cycles of the key generation, signature and verification algorithms. Note that clock cycles are not portable and therefore only available in the Intel/AMD version.

To run the Intel/AMD version, just execute 'maketest.sh intel'.
To run the portable version, execute 'maketest.sh portable'.