"Preview Talk" (by Team RedETA) @ MPTS 2026, in reply to the NIST Threshold Call
Abstract. In this talk we present (Red)ETA: Refreshable Extensible DLOG Enhanced Threshold Algorithms, a suite of DLOG-based threshold Digital Signature Schemes to be submitted to the NIST Threshold Call. A distinctive part of our work is ETA-keygen: a Decentralized Key Generation compatible with complex access structures such as threshold access trees, that also comprises a refreshing mechanism useful for the security against mobile adversaries, that is, active, adaptive, snapshot (i.e. not persistent) but roaming (the corruption sets may change overtime as long as at any time the corrupted parties are less than a threshold). Integrating ETA-keygen with DLOG threshold signing algorithms, we obtain ETA-Schnorr, ETA-EdDSA, and ETAECDSA. In particular, ETA-EdDSA is a deterministic Schnorr-like threshold signature where the shared deterministic nonce generation is verifiable by the signers. In line with the state of the art, ETA-Schnorr is secure against adaptive adversaries, with the security against mobile adversaries currently under investigation. ETA-EdDSA and ETA-ECDSA are proven secure against static adversaries who, contrary to the mainstream approach, are also involved in the key-gen. Their security against adaptive and mobile adversaries is still under investigation.
Joint work: Riccardo Longo, Alessandro Barenghi, Michele Battagliola, Alessio Meneghetti, Gerardo Pelosi, Edoardo Signorini.
[Slides] Suggested reading:
- Preview Writeup: Refreshable Extensible DLOG Enhanced Threshold Algorithms
- Tighter Control for Distributed Key Generation: Share Refreshing and Expressive Reconstruction Policies (ia.cr/2025/277)
