Questa pillola anche disponibile in versione audio podcast nell’episodio S01E02 del Disruptive Talks (Spotify, Apple Podcasts, Deezer, Amazon Music…).

Today we will talk about FROST and how this technology can improve privacy and security in collaborative Bitcoin custody.

What is FROST?

This stands for Flexible Round-Optimized Schnorr Threshold Signatures. It is based on Schnorr signatures, introduced in 2019, and Bitcoin Taproot addresses, active since 2021, two of the most interesting developments in recent years.

Simply put, FROST allows a group of users to together create a shared key that appears to come from a single owner, even though it is actually controlled by multiple people collaboratively.

This provides a huge privacy advantage: in fact on the blockchain it is impossible to distinguish whether an address is controlled by a single key or a multi-signature key.

Abbonati alla newsletter per maggiori articoli e approfondimenti:

But how does it work in practice?

Users generate their private keys and then, by interacting with each other off-chain, produce a shared key that can be used to spend bitcoins. Only a minimum number of signatures, randomly and uniquely generated, are needed to authorize a transaction.

For example, a group of 3 friends could create a 2-of-3 wallet, where only 2 random and unique signatures are needed to spend bitcoins. But to an outside observer, that address will appear to belong to a single owner.

What is the advantage for collaborative Bitcoin custody over multiparty computation or MPC solutions?

If a service holds bitcoins for multiple customers using FROST, customers can sign transactions privately, without revealing to the service that it is a shared wallet. This increases privacy and security compared to MPC, where the service is aware of the multiparty nature of the wallet.

Of course, FROST also has technical complexities to resolve, for example the random generation of cryptographic nonces (more details in the insights at the end of the article). But various teams are working to make this technology increasingly robust and practical.

FROST is not the only option available. Multiparty computation protocols are also making great strides and some solutions combine FROST and MPC to exploit the advantages of both. For example, the startup Teser Grid has developed Olympus which combines FROST and MPC with high security and privacy.

Another interesting area is that of programmable smart contracts to implement advanced custody logic, such as multiple signatures with thresholds that vary over time.

In the future we may see Bitcoin custody services that combine multiple technologies to offer maximum control to users. For example, integrate FROST, MPC, smart contracts and decentralized identity management systems such as DID.

From a regulatory perspective, collaborative custody raises questions about who is responsible in the event of a loss of funds. The trend seems to be moving towards a non-reliant model, where the service acts only as a technical facilitator without having access to funds.

In any case, it is clear that the future of Bitcoin custody will be increasingly user-oriented, with flexible and customizable solutions that emphasize privacy and security.

We will continue to monitor these developments with great interest!


Further information:

The problem of random cryptographic nonce generation:

In cryptography, a nonce is a random number that can only be used once. It serves to make each digital signature unique. FROST is based on threshold digital signatures, where a group of users together generate a shared signature. To do this, each user must generate a random nonce. But since users generate signatures separately, without interacting, it is difficult to ensure that their nonces are truly random and do not repeat. If the nonces are not random enough, the security of FROST is at risk. The developers are working on solutions, for example deriving new numbers from the original nonces. But the problem of generating robust nonces remains one of the main technical complexities to be solved.

Useful links:

Leave a comment

Your email address will not be published. I campi obbligatori sono contrassegnati *