In theory, it is always possible to construct a functioninterchangeable lattice-based threshold signature scheme if the
signing key is shared among multiple parties and the signing
algorithm is evaluated by a dishonest majority maliciously
secure MPC. Note that the security of the MPC protocol guarantees that the malicious parties will not learn the information
about the signing key shares from honest parties. However, this
method requires careful consideration of the MPC protocol’s
efficiency and security. In particular, a generic MPC like
SPDZ [28], [29] may not be efficient enough to handle the
non-linear procedures involved in the signing algorithm, such
as hash operations and rejection sampling. Additionally, since
the secret is shared among n parties, the MPC protocol should
guarantee that the computation can be carried out even if only
t parties are invoked.
