Search papers, labs, and topics across Lattice.
This paper introduces a novel dual-gate architecture for digital asset custody that decouples member authentication from threshold authorization, allowing for flexible and efficient multi-party approval without relying on traditional threshold signature schemes. By utilizing ordinary signatures under any EUF-CMA scheme and generating a threshold seal from Shamir-shared secrets, the approach ensures that even if an adversary holds a majority of signing keys, they cannot produce the authorization seal. This method not only enhances security against quantum threats but also simplifies the transition between different signature schemes, making it adaptable for various deployment scenarios like smart contracts and hardware security modules (HSMs).
Even with a majority of compromised keys, adversaries can't forge authorization seals, revolutionizing digital asset custody security.
Digital-asset custody has been built on threshold multi-party approval: no operation proceeds unless $t$ of $n$ parties approve, and fewer than t compromised parties can neither authorize nor learn the authorization secret. Threshold signature schemes (TSS) have been the standard mechanism, but the post-quantum transition disrupts this model: standardized hash-based signatures resist efficient threshold signing, and lattice-based threshold protocols remain an emerging research track. We present a dual-gate architecture that separates member authentication from threshold authorization. Each member signs its approval with an ordinary signature under any EUF-CMA scheme; the quorum jointly produces a threshold seal from Shamir-shared secrets bound to the operation. The seal is the base instance of a programmable authorization computation: simple quorum is the minimal policy, while richer policies can evaluate secret-shared state without making the member-signature scheme part of that computation. The signature scheme is a deployment parameter: migrating from ECDSA to SLH-DSA or ML-DSA is a key rotation, not a protocol redesign, and members holding keys in commodity HSMs participate through the standard sign API. The architecture can be deployed wherever the asset-control path supports programmable verification, such as smart contracts, vault modules, or HSMs guarding a master key, and produces an enforcement-layer authorization rather than a native chain signature. Below-threshold secrecy is information-theoretic; an adversary holding $\geq t$ signing keys but no coefficient shares still cannot produce the seal.