[[NaCl]] submit something? - **Idea:** Can we (including Jonathan of course) make SQiSign into a threshold scheme? - **Note Cat2.2:** ( iacr.org/submit/files/slides/2023/rwc/rwc2023/IT_8/slides.pdf ) Threshold-Friendly Quantum Resistent PKE. Can we define a security notion capturing what they want from "threshold-friendly"? And make a KEM-based transform to give a PKE that satisfies it? Can some of our KEM -> PKE transforms be used here? - **No:** "Theshold-friendliness" is more about efficency and stuff, like "no rejection sampling", "no bootstrapping", low round-complexity, low communication cost, size of keys/signatures, different tradeoffs here. - What security notion *do* they want then? IND-CCA? Does weaker suffice? Does something like NCE help? - Danilo: FROST does not seem to be *updateable*. Is it possible to make a scheme that *is* updateable? (Tjerand thinks this is already in the FROST framework.) - Could also be an interesting target (according to Tjerand): Attribute-based Threshold Encryption (ATE) Foreslått av Morten: - Spørre Tjerand, dersom han kunne ønsket seg den perfekte threshold signature schemen til hans tenkte bruk i e-voting protokoller, hvilke egenskaper ville den hatt? - Hvor godt møter schemes som Frost eller Sparkle disse egenskapene? - Alternativt, er det rom for å lage en ny scheme her som er bedre spesialisert til applikasjonen?