PRISM: Compact Threshold Signatures from Pushforwards of Large-Degree Isogenies

"Preview Talk" (by Team PANTHERIA) @ MPTS 2026, in reply to the NIST Threshold Call

Abstract: PRISM is a recent isogeny-based signature, whose security relies on the presumed hardness of computing large-degree isogenies. In this talk, we show how exploit its flexible signing procedure to construct a T-out-of-N threshold signature protocol, discussing the advantages and drawbacks of the approach.  The scheme can be instantiated in various ways, each having different trade-offs between the efficiency of the signing and verification procedures. Furthermore, relying on a recently re-discovered technique for secret sharing, we can extend the scheme for up to N = 32 parties with a signing procedure requiring T + 2 rounds of communications. The core functionality we use is the computation of pushforwards of large-degree isogenies in higher dimensions, applied sequentially by each party. Thus, the unforgeability of the threshold signature holds under a new security assumption involving pushforwards of large-degree isogenies through secret degree isogenies. To our knowledge, this is the first practical post-quantum threshold signature with a combined signature and public key size smaller than 500 bytes and a communication cost per party below the 300 bytes, not relying on generic MPC, FHE and NIZK techniques.

Joint work: Andrea Basso, Luciano Maino, Maria Corte-Real Santos, Robi Pedersen, Riccardo Invernizzi.

[Slides] Suggested reading: PRISM: Simple and compact identification and signatures from large prime degree isogenies. (ia.cr/2025/135)