A Schnorr threshold signature (k-of-n, k
FROST was originally defined in this research paper.
Questions tagged [frost]
9 questions
3
votes
1 answer
How do the various Lightning implementations treat latency? How long do they wait for a peer to provide a signature before using unhappy path?
Rene Pickhardt brought up the problem of latency on the Lightning Network in this answer on using nested (or "recursive") MuSig2 or FROST when providing a signature within an existing Lightning channel or to cooperatively close a Lightning…
Michael Folkson
- 14,337
- 3
- 11
- 45
2
votes
2 answers
Can you do P2WSH / P2SH on Lightning Network (LN)?
I understand that a channel is a 2 of 2 multisig:
1 && 1
Is it possible that one side of this channel is a multisig wallet?
So in essence one of the 2 main, is actually a 2 of 3 multisig. This would be:
( 2 of 3 ) && 1
If the other side was also…
miketery
- 82
- 1
- 8
2
votes
0 answers
"Non-mandatory-script-verify-flag (Invalid Schnorr Signature)" on testnet
I'm using the FROST algorithm to create a threshold signature for some taproot output (using this code).
When I tried using it on the testnet, it works most of the time but from time to time I would randomly get the above error message. Any idea…
sa8
- 75
- 3
2
votes
1 answer
How to spend a taproot output using key path with a threshold signature scheme when the secret key is never computed?
In taproot, in order to spend the keypath, the transaction must be signed using the tweaked private key instead of the normal private key (as defined in BIP 341).
However when computing a signature using a threshold signature scheme, the secret is…
sa8
- 75
- 3
1
vote
2 answers
Is it possible to create pure lightning lockboxes (without touching the blockchain)?
I'm considering a scenario in lightning, where it would be extremely useful to be able to lock the funds in 2/3 lock
Is this possible on lightning network (even in theory)?
Arsen Zahray
- 211
- 2
- 6
1
vote
0 answers
What is the argument for not using proofs of possession in Bitcoin multisig and threshold key aggregation schemes?
A number of multisig and threshold sig key aggregation schemes developed outside of the Bitcoin ecosystem (e.g. SpeedyMuSig, FROST) use proofs of possession yet those developed in the Bitcoin ecosystem (MuSig1, MuSig-DN, MuSig2, a future Bitcoin…
Michael Folkson
- 14,337
- 3
- 11
- 45
1
vote
1 answer
How do MuSig2 and FROST compare for multisig key aggregation schemes?
Although FROST is primarily for threshold (k-of-n, k
Michael Folkson
- 14,337
- 3
- 11
- 45
1
vote
1 answer
Is weighed multi-sig wallet possible?
In a multi-sig wallet, each of the public keys is unique. Is it possible to create weighted multi-sig wallet, such that one private key has more power than the others?
Case 1: typical Example (need 2 of 3 to spend):
2 PubKeyAlice PubKeyBob…
miketery
- 82
- 1
- 8
0
votes
1 answer
To what extent does BIP32 key derivation impact the design of secure key aggregation multisig and threshold schemes like MuSig and FROST?
I have seen it discussed in various places (e.g. 1, 2) that using BIP32 key derivation impacts the design of secure key aggregation multisig and threshold schemes like MuSig(2) and FROST.
What are the relevant security concerns here? Is it hardened…
Michael Folkson
- 14,337
- 3
- 11
- 45