"Preview Talk" (by Team Hermine) @ MPTS 2026, in reply to the NIST Threshold Call
Abstract. In this talk, we will introduce Hermine, a post-quantum threshold signature scheme based on the Raccoon signature scheme that replicates the advanced properties of the classical FROST. Hermine is a (partially non-interactive) 2-round protocol with distributed key generation, efficient key refresh and non-interactive identifiable aborts. Its security relies on the AOM-MSIS assumption, which holds under the standard MLWE and MSIS assumptions. We plan to submit Hermine as its own package to the NIST MPTC Call, and we will discuss the different components to be included. Our core technical innovation is a novel use of the Vandermonde Secret Sharing with short shares, combined with techniques from the 2-round signature scheme of Espitau et al. (CRYPTO 2024). We design distributed key generation for this sharing, and a refresh mechanism. Furthermore, our techniques eliminate the need for zero-shares to randomize signature shares, ensuring that signature shares double as valid signatures under the corresponding public key shares, and thus enabling a non-interactive identification of aborting parties.
Joint work: Giacomo Borin, Sofía Celi, Rafael del Pino, Thomas Espitau, Shuichi Katsumata, Guilhem Niot, Thomas Prest, Kaoru Takemure.
[Slides] Suggested readings:
- Preview Writeup: Hermine: An Efficient Raccoon-Style Non-Interactive Threshold Signature with Advanced Properties
- Two-Round Threshold Signature from Algebraic One-More Learning with Errors (ia.cr/2024/496)
- Threshold Signatures Reloaded: ML-DSA and Enhanced Raccoon with Identifiable Aborts (ia.cr/2025/1166)
