Paper 2025/872
Finally! A Compact Lattice-Based Threshold Signature
, PQShield, PQShield, Univ Rennes, CNRS, IRISAAbstract
Threshold signatures improve upon digital signatures by splitting the trust and robustness among multiple parties. In a (T, N) threshold signature any set of T parties can produce a signature but no set of less than T users can do so. Many such constructions are now available in the pre-quantum setting but post-quantum threshold schemes are still running heavy, with the state-of-the-art boasting signature sizes that are still an order of magnitude larger than post-quantum digital signatures. We propose a novel very efficient threshold signature scheme, with a signature size close to that of a single Dilithium signature for any threshold T of at most 8 users. Our construction reduces to well-studied problems (MLWE and SelfTargetMSIS) and does not need any heavy machinery, essentially consisting in just T parallel executions of the Dilithium signature scheme. Though the resulting scheme is remarkably simple, many technical difficulties, such as sharing a secret in small shares, or simulating rejecting transcripts, have kept such an efficient threshold signature out of reach until now.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in PKC 2025
- DOI
- 10.1007/978-3-031-91826-1_6
- Keywords
- threshold cryptographythreshold signatureslatticesfiat-shamir with aborts
- Contact author(s)
-
rafael del pino @ pqshield com
guilhem @ gniot fr - History
- 2025-05-19: approved
- 2025-05-16: received
- See all versions
- Short URL
- https://ia.cr/2025/872
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/872,
author = {Rafael del Pino and Guilhem Niot},
title = {Finally! A Compact Lattice-Based Threshold Signature},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/872},
year = {2025},
doi = {10.1007/978-3-031-91826-1_6},
url = {https://eprint.iacr.org/2025/872}
}
