In Figure 6, Section 6.1 of this paper by Baum et al. (citation given below), essentially 4 rounds are added due to the generation of the challenge $\Delta'$. Then in Figure 7, Section 6.2, this step is eliminated.
I gather from the soundness proofs in both sections that the purpose of $\Delta'$, and the resulting "in-the-head" matrix $\mathbf{S}$, is for better soundness, as it gives soundness error of about $5/p$, where $p$ is the size of the field being used - soundness here would be about $3/p$, I think, without $\mathbf{S}$. In contrast, the second protocol without this challenge has soundness of roughly $1/p^{r\tau}+2/p^r$, where $r$ and $\tau$ are degrees of some field extensions.
In the second approach (Section 6.2), all they say about the change is:
For small fields, the previous protocol would not perform so well, since we’d need many repetitions to achieve a good soundness error. Instead, a better approach is to adopt the QuickSilver protocol [YSWW21] with subspace VOLE based on the $[\tau,1,\tau]$ repetition code. This avoids the need for the code-switching step of the previous protocol, with the additional $\Delta'$ challenge, since the ZK proof can be done directly on repetition coded VOLE.
I understand the soundness argument, and also that dealing with field extensions tends to be inefficient, so there is a trade-off between 4 extra rounds and lower soundness error (but also worse efficiency). But this quote seems to be implying some other connection between the $\Delta'$ challenge and the choice of the repetition code. I also am not sure what "code-switching" is supposed to mean here, since literally speaking, the same linear code is used in the entirety of both protocols.
So my question is, basically, what does the above quote mean?
The paper citation is:
Carsten Baum, Lennart Braun, Cyprien Delpech de Saint Guilhem, Michael Klooß, Emmanuela Orsini, Lawrence Roy, and Peter Scholl. Publicly Verifiable Zero-Knowledge and Post-Quantum Signatures From VOLE-in-the-Head. Cryptology {ePrint} Archive, Paper 2023/996, June 2023.
The citation [YSWW21] mentioned in the quote is:
Kang Yang, Pratik Sarkar, Chenkai Weng, and Xiao Wang. QuickSilver: Efficient and affordable zeroknowledge proofs for circuits and polynomials over any field. In Giovanni Vigna and Elaine Shi, editors, ACM CCS 2021, pages 2986–3001. ACM Press, November 2021.
As in the comment by @user2249675:
VOLE-in-the-head is under consideration by NIST for standardization as a digital signature algorithm. See the FAEST, SDitH, Mirath, RYDE schemes, etc. (see NIST link here)
