A new arXiv preprint published July 10 proposes a custody architecture where swapping from ECDSA to post-quantum signatures is a key rotation, not a protocol rebuild [S1]. The paper, from EternaX Labs researcher Dariia Porechna [P2], targets a structural problem in digital-asset custody: the industry has built its security on threshold signatures — multiple parties jointly producing one cryptographic signature — and that choice may not survive the arrival of quantum computing. The proposed fix separates who approves a transaction from how the blockchain authorises it, but the design makes a trade-off that not every operator will accept.

Why threshold signatures became a trap

Digital-asset custody at scale runs on a simple idea: no single person holds the full key. Threshold signature schemes implement this by having a quorum of parties jointly compute one valid signature on a transaction. The signature looks ordinary to the blockchain, but no individual ever held the complete signing key.

The problem is that each signature scheme needs its own custom threshold protocol. ECDSA — the signature behind Bitcoin and Ethereum — has mature, battle-tested threshold variants. But the next generation is different. Standardised hash-based signatures like SLH-DSA resist efficient threshold signing, according to the authors, and lattice-based threshold protocols remain an emerging research track [S1]. The post-quantum signature standards that governments are pushing don't yet have production-grade threshold equivalents.

So an institution that built its custody stack on threshold ECDSA faces a painful migration: to go quantum-safe, it may need to redesign the core protocol, not just swap keys.

Two gates instead of one signature

The paper's proposal is a dual-gate architecture that separates member authentication from threshold authorization [S1]. Here is how it works.

Gate one — each member signs its approval with an ordinary signature under any EUF-CMA scheme (the standard security property for digital signatures) [S1]. The scheme is a deployment parameter. It could be ECDSA today, SLH-DSA or ML-DSA tomorrow.

Gate two — the quorum jointly produces a "threshold seal" from Shamir-shared secrets — a mathematical splitting of a secret into pieces, where a threshold of pieces reconstructs it — bound to the specific operation [S1]. This seal is an enforcement-layer authorization, not a native blockchain signature [S1].

The asset-control path, whether a smart contract, a vault module, or an HSM guarding a master key, checks both gates before releasing funds [S1]. The individual signatures prove who approved. The seal proves the quorum reached threshold. Neither alone is enough.

Because the signature scheme only authenticates members and never touches the asset directly, migrating from ECDSA to a post-quantum scheme is a key rotation, not a protocol redesign [S1]. Members holding keys in commodity hardware security modules can participate through the standard signing API — no custom multi-party computation required at the signature layer [S1].

The authors claim that below-threshold secrecy is information-theoretic, meaning an attacker who collects fewer than the threshold number of shares learns nothing, regardless of computing power [S1]. They also claim that an adversary holding the threshold number of signing keys but no coefficient shares — the Shamir fragments — still cannot produce the seal [S1].

A minimal reference implementation exists in Rust on GitHub, created June 17 and licensed under Apache 2.0 [P4].

What it means

The core insight is deceptively simple: stop trying to make the signature do two jobs. In traditional threshold custody, the signature both authenticates the approvers and authorises the asset transfer. By splitting those functions, the paper unties the custody protocol from the signature scheme.

For a reader with no cryptography background: imagine a bank vault that requires five managers to turn their keys simultaneously. Today, those keys are cut from one physical blank — change the blank, and you rebuild the lock. The dual-gate design gives each manager their own padlock (any padlock, any maker) and then requires the quorum to solve a shared puzzle before the vault opens. Swap the padlocks for a new type; the puzzle stays the same.

This matters because the clock on classical signatures is ticking. Quantum computers don't exist yet at the scale needed to break ECDSA, but standards bodies are already mandating migration to post-quantum algorithms. Custody operators who built on threshold ECDSA are staring at a protocol-level rewrite. This paper offers a path where that rewrite becomes a key ceremony.

What it means for business

For a digital-asset custody firm — whether a 200-person institution or a lean startup offering regulated custody — the practical implications are concrete:

  • HSM compatibility: members can keep keys in commodity HSMs and participate through the standard sign API [S1]. No need to buy specialised threshold-signature HSMs or license proprietary TSS software for the signature layer.
  • Post-quantum planning: the architecture lets a firm adopt SLH-DSA or ML-DSA as a key rotation when ready, rather than a multi-year protocol migration [S1]. That changes the risk calculus for compliance teams facing post-quantum mandates.
  • Deployment surface: the design works where the asset-control path supports programmable verification — smart contracts, vault modules, or HSM-guarded master keys [S1]. That covers most modern custody setups but excludes chains or systems with no programmable verification layer.

The trade-off: the architecture produces an enforcement-layer authorization, not a native chain signature [S1]. It requires a smart contract or intermediary to translate the dual-gate approval into an on-chain transaction. For custodians serving chains with limited programmability, this is a real constraint, not a footnote.

What we don't know yet

The paper is an arXiv preprint and has not been peer-reviewed [S1]. Every cryptographic claim — information-theoretic secrecy, adversary resilience, the security of the threshold seal — is the authors' own assertion without independent audit.

No disclosed conflicts, affiliations, or funding information appears in the available excerpt. The reference implementation on GitHub has minimal activity: zero stars, a single contributor, four commits [P4].

The Ethereum IPTF maintains a draft pattern for MPC custody and transaction control, last reviewed April 22, 2026 [P5], but there is no indication the dual-gate architecture has been submitted to or endorsed by any standards body.

Key open questions:

  • Has the threshold-seal construction been formally verified or subjected to an external security audit?
  • Does the enforcement-layer approach introduce latency or cost penalties compared to native threshold signatures in production?
  • Which custody providers, if any, are evaluating the architecture for real deployment?

The next signal to watch: whether an independent cryptography group publishes a review or formal analysis of the dual-gate construction, and whether the reference implementation attracts contributions beyond the original author.

If this is the kind of decode that saves you three hours of reading preprints, the subscribe button is on the page.


Sources: [S1] arXiv preprint, Threshold Authorization Without Threshold Signatures: Signature-Agnostic MPC Custody, published July 10, 2026. [P2] arXiv HTML full text, same paper. [P4] GitHub: eternax-ai/dual-gate-mpc, Rust reference implementation, created June 17, 2026. [P5] GitHub: ethereum/iptf-map, MPC custody pattern (draft), last reviewed April 22, 2026.

Sources


Generated from an audited evidence pack with primary-source research. Social-media items are discussion signals, not verified facts. Nothing here is financial, legal or medical advice.