Thresholdizing FALCON
Threshold signing protocol compatible with the deployed NIST FALCON standard
Designed the first threshold signing protocol for NIST FALCON whose signatures verify against the unmodified standard — prior hash-and-sign threshold schemes produce signatures and keys too large to be compatible with FALCON’s deployed parameters.
- Replaced the FFO-based sampler with an MPC-friendly Klein sampler and designed a PCG for authenticated VOLE, reducing AND gates from 1.83B to 140M (~13×) and per-signature communication by 10⁷× for N=4 parties.
- Ongoing: designing efficient distributed key generation for FALCON (including NTRU solving in MPC) and reducing online signing rounds to fewer than 10.
Authors: Status: In submission, CCS 2026