Lattice-based Threshold Blind Signatures

Abstract: In this talk, we introduce the first lattice-based threshold blind signature (TBS) scheme. TBS is an important primitive for building robust, privacy-preserving applications, and combines the privacy guarantees of blind signatures with the ability of threshold signatures to distribute the private key across multiple servers. TBS are especially useful for critical signing infrastructure where privacy is required, for instance with Central Bank Digital Currencies (CBDCs). CBDCs can be built from blind signatures in a privacy-preserving manner. Crucially, as the signing key allows to issue coins, any key compromise is fatal. TBS remedy this issue by distributing the signing procedure across multiple servers. However, all existing TBS constructions become insecure in the presence of quantum computers, and no practical post-quantum alternative has been established. Our work fills this important gap. We present a construction proven secure under an interactive variant of the Short Integer Solution (SIS) assumption. Our scheme is practical and supported by a formal analysis and a concrete implementation, with signature sizes only 1.4x to 2.5x larger than comparable non-threshold lattice-based blind signatures, making it a viable solution for applications like CBDCs.

Joint work: Sebastian Faller, Guilhem Niot.

[Slides] Suggested readings: Lattice-based Threshold Blind Signatures (ia.cr/2025/1566)