| Speaker | Mojtaba Fadavi |
| Affiliation | University of Waterloo |
| Location | MC 6029 |
Abstract: A (t,n)-threshold signature scheme splits a signing key among "n" participants so that any "t" can jointly produce a valid signature under a single public key, while fewer than "t" cannot. There are three common types of threshold signature schemes: (i) Robust schemes, which guarantee signature production provided at least "t" parties are honest; (ii) Identifiable-abort schemes, which may fail to produce a signature but expose at least one misbehaving signer; and (iii) Simple schemes, which guarantee neither robustness nor identifiable abort, but output a valid signature when "t" honest participants collaborate without deviating from the protocol.
Motivated by NIST's recent emphasis on post-quantum multiparty and threshold designs, this talk presents a new approach to centralized, lattice-based (t,n)-threshold signatures. We first construct a (t,n)-threshold one-time signature and then upgrade it to a many-time scheme by combining it with a long-term signature so that all threshold signatures verify under a single public key.