Skip to main content

UC4Free! Existing Threshold Signatures are UC Secure

Eurocrypt '26

#cryptography#threshold signatures#universal composition

Threshold signatures have received considerable attention in recent years due to ongoing standardization efforts and deployment in real-world systems. In this work, we prove the universal composability of a wide range of threshold signature schemes, including state-of-the-art protocols compatible with standard signatures used in practice, such as BLS and Schnorr signatures, as well as emerging post-quantum solutions. Importantly, we show UC security without any modifications to the existing protocols.

To this end, we design natural game-based definitions to capture different combinations of main threshold signature scheme properties, such as different levels of unforgeability, adaptive corruption, robustness, and different degrees of preprocessing. These definitions generalize prior definitional work, such as Bellare et al. (CRYPTO 22), and cover a wide range of existing schemes. Moreover, we identify and resolve gaps in prior work. We then express these properties in terms of a UC ideal functionality F-TS3. We prove that a threshold signature scheme UC-realizes F-TS3 if and only if it satisfies our game-based definitions.

This opens up the usage of (existing) threshold signature schemes in a UC setting, enabling scheme designers to formulate their protocols relative to an ideal threshold signature functionality and use the UC composition theorem to argue security given any concrete instantiation. To further support UC scheme designers and to give further guidance on UC modeling for threshold signatures, we provide additional ideal threshold signature functionalities F-TS2, F-TS1, F-TSSync2, and F-TSSync1, which capture fewer properties than F-TS3 but are more convenient to use. F-TS2, F-TS1, F-TSSync2, F-TSSync1 can also be UC-realized by schemes proven secure according to our game-based definitions.

Through this work, we show that composable security does not require sacrificing performance, but it does require rigor when setting up game-based definitions and ideal functionalities.

Full paper

View/download PDF

Related papers

Partner with research

Investing in and contributing to Input Output Research means supporting one of the most rigorous and peer-reviewed blockchain R&D efforts in the world. Our work bridges academia and industry, advancing decentralization, security and scalability while creating open knowledge that benefits the entire ecosystem. Whether through funding, collaboration, or partnership, contributors play a vital role in shaping innovations that are ethical, impactful and built to endure.