Much recent work has developed efficient protocols for threshold signatures, where $n$ parties share a signing key and some threshold $t$ of those parties must interact to produce a signature. Yet efficient threshold signatures with post-quantum security have been elusive, with the state-of-the-art being a two-round scheme by Damgård et al. (PKC'21) based on lattices that supports only the full threshold case (i.e., $t=n$).
We show here a two-round threshold signature scheme based on standard lattice assumptions that supports arbitrary thresholds $t\leq n$. Estimates of our scheme's performance at the $128$-bit security level show that in the 3-out-of-5 case, we obtain signatures of size $20$ KB and public keys of size $14$ KB. We achieve improved parameters if only a small number of signatures are ever issued with the same key.
As an essential building block and independent contribution, we construct an actively secure threshold (linearly) homomorphic encryption scheme that supports arbitrary thresholds $t \leq n$.
This is joint work with Kamil Doruk Gur and Jonathan Katz at the University of Maryland, and the paper is available at: https://eprint.iacr.org/2023/1318.
I am an Associate Professor in Cryptology at the Department of Information Security and Communication Technology at the Norwegian University of Science and Technology (NTNU) in Trondheim, where I am the Research Group Leader of the NTNU Applied Cryptology Lab. My main foci of research are lattice-based cryptography and zero-knowledge protocols. My interests also span the areas of post-quantum cryptography, anonymous communication, multiparty computation, homomorphic encryption, electronic voting and secure implementation.