Recipes

Specification

• v2.0 was included in our Round 2 submission to NIST. The main changes are:
  • Improved batch vector commitments, with smaller opening size and faster AES-based leaf commitments.
  • Uses degree-3 constraints to prove AES in zero-knowledge, further reducing signature size.
  • Improved security analysis, including a tight QROM proof.
• v1.1 covers the same protocol, but fixes some issues with the document:
  • Corrected performance tables. They listed the same times for signature and verification due to a bug in the script; signing time was reported faster (or sometimes slower) than real timings.
  • Corrected author order on front page.
  • Corrected description and security proofs for the one-way functions.
  • Revised security estimates for the one-way functions.
• v1.0 was included in our Round 1 submission to NIST.

Submission

• NIST Round 2 submission (49 MB; includes specification, source code and test vectors).
• NIST Round 1 submission (29.5 MB; includes specification, source code and test vectors).

Papers

• Our Crypto 2023 paper on VOLE-in-the-head.