Lattice-based Distributed Signing Protocols from the Fiat–Shamir with Aborts Paradigm

Abstract: Most recent works on distributed signatures have focused on ECDSA and over variants of Schnorr signatures. However, little attention has been given to constructions based on postquantum secure assumptions like the hardness of lattice problems. In this talk, we present several lattice-based multi-party signing protocols with low round complexity, following the FiatShamir with aborts paradigm due to Lyubashevsky (Asiacrypt 2009). Our constructions can be seen as distributed variants of the fast Dilithium-G signature scheme, or lattice-based counterparts of recent two-round multi-party signing protocol by Drijvers et al. (S&P 2019) in the discrete-log setting. Our result highlights several important similarities and differences which emerge when translating a discrete-log-based protocol to lattice-based one.