AIMer (KPQC)
MPC-in-the-Head Digital Signature Scheme
Overview
AIMer is a digital signature algorithm developed as part of the Korean Post-Quantum Cryptography (KPQC) competition. It uses the MPC-in-the-head (MPCitH) paradigm: the signer simulates a multi-party computation protocol “in their head” and then uses a Fiat-Shamir transform to convert the resulting zero-knowledge proof into a non-interactive signature.
AIMer’s security does not rely on lattice assumptions, making it a diversification choice alongside lattice-based schemes like ML-DSA, Falcon, and HAETAE. Instead, its security is based on the one-wayness of the AIM permutation and the soundness of the underlying MPC protocol.
How it works:
- The secret key defines a witness for a one-way function (the AIM permutation).
- To sign, the signer simulates an MPC protocol that verifies knowledge of the witness, producing a transcript.
- The Fiat-Shamir heuristic converts this interactive proof into a non-interactive signature by replacing the verifier’s challenges with hash function outputs.
- The verifier checks the consistency of the MPC transcript against the public key.
Specifications
| Parameter Set | KPQC Level | Description |
|---|---|---|
| AIMer-128f | 1 | Targeting 128-bit post-quantum security, fast variant |
| AIMer-192f | 3 | Targeting 192-bit post-quantum security, fast variant |
| AIMer-256f | 5 | Targeting 256-bit post-quantum security, fast variant |
Core operations:
KeyGen()— Generate a signing key pair (secret witness + public image under AIM)Sign(sk, msg)— Produce a signature by simulating the MPC protocol and applying Fiat-ShamirVerify(pk, msg, sig)— Verify the MPC transcript consistency against the public key
The “f” suffix indicates the fast variant, optimized for signing speed at the cost of somewhat larger signatures.
Security
- Security notion: EUF-CMA (existential unforgeability under chosen-message attack)
- Hardness assumption: One-wayness of the AIM permutation
- Proof system: MPC-in-the-head (MPCitH) — the signer simulates an MPC protocol proving knowledge of the secret key
- No lattice assumptions: Security does not depend on Module-LWE, NTRU, or any structured lattice problem
- Diversification value: Provides a hedge against potential future breakthroughs in lattice cryptanalysis, since it relies on fundamentally different mathematical assumptions
- Korean standardization: Developed and evaluated under the KPQC competition framework
Hardware Acceleration
AIMer’s computational cost is dominated by field arithmetic and hash function evaluations within the MPC simulation. Standard SIMD acceleration for hash functions (SHA-3 / SHAKE) applies.
| Acceleration | Target | Description |
|---|---|---|
| AVX-2 | x86-64 | Parallel field arithmetic and hash evaluations |
| NEON | ARM | Parallel field arithmetic and hash evaluations |
Platform Support
AIMer is implemented across the MetaMUI platform suite:
| Platform | Language | Implementation Path |
|---|---|---|
| Native | C | metamui-crypto-c/ |
| Systems | Rust | metamui-crypto-rust/ |
| Backend | Go | metamui-crypto-go/ |
| Data Science | Python | metamui-crypto-python/ |
| JVM | Java | metamui-crypto-java/ |
| JVM/Android | Kotlin | metamui-crypto-kotlin/ |
| .NET | C# | metamui-crypto-csharp/ |
| Apple | Swift | metamui-crypto-swift/ |
| Web | TypeScript | metamui-crypto-typescript/ |
| Browser/Edge | WASM | metamui-crypto-wasm/ |
API Example
// Key generation
let (pk, sk) = aimer_192f::keygen(&mut rng);
// Signing
let message = b"Document to be signed";
let signature = aimer_192f::sign(&sk, message);
// Verification
let is_valid = aimer_192f::verify(&pk, message, &signature);
assert!(is_valid);
Test Vectors
- Format: KPQC KAT (Known Answer Test) vectors
- Coverage: KeyGen, Sign, Verify for all parameter sets
References
- KPQC Competition — Korean Post-Quantum Cryptography competition. Organized by the Korean government to standardize quantum-resistant algorithms for Korean national standards.
- AIMer Specification — AIMer Algorithm Specifications and Supporting Documentation. Submitted to the KPQC competition.
- MPC-in-the-Head — Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A. Zero-Knowledge from Secure Multiparty Computation. STOC 2007.