When Threshold Meets Anamorphic Signatures: What is Possible and What is Not!
Authors: Hien Chu (TU Wien), Khue Do (CISPA Helmholtz Center for Information Security), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security), Sri AravindaKrishnan Thyagarajan (University of Sydney)
Volume: 2026
Issue: 4
Pages: 156–180
DOI: https://doi.org/10.56553/popets-2026-0114
Abstract: Anamorphic signatures allow covert communication through signatures in environments where encryption is restricted. They enable trusted recipients with a double-key to extract hidden messages while the signature remains indistinguishable from a regular one. However, the traditional notion of anamorphic signatures suffers from vulnerabilities, particularly when a single recipient or sender is compromised, exposing all hidden messages and providing undeniable proof that citizens are part of the anamorphic exchange. To address these limitations, we explore a threshold-based approach to distribute trust among multiple recipients, preventing adversaries from decrypting anamorphic messages even if some recipients are compromised. Our first contribution is the formalization of the notion of threshold-recipient anamorphic signatures, where decryption is possible only through collaboration among a subset of recipients. We then explore a stronger model in which the dictator controls the key-generation process through which it learns all secret keys, as well as how citizens store cryptographic keys. A particular example of this model in the real world is a dictator providing citizens with electronic identity documents (eIDs) and blocking all other usage of cryptography. We demonstrate that anamorphic communication is still possible even in such a scenario. Our construction is secure against quantum adversaries and does not rely on any computational assumptions beyond the random-oracle model. Finally, we present an impossibility result for encoding anamorphic messages with a threshold-sender model when using many existing threshold signature schemes, even when the adversary is part of the signing group. Our work outlines both the possibilities and limitations of extending anamorphic signatures with threshold cryptography, offering new insights into improving the security and privacy of individuals under authoritarian regimes.
Keywords: privacy, threshold cryptography, anamorphic cryptography
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.