So frost isn't cold enough.
So you have this offline key, how do you create the one you use?
Nostr doesn’t need protocol changes for clients to stop treating the root key like a login credential.
Cold Root Lineage gives users a safe, durable identity model with almost zero implementation cost.
https://untraceabledigitaldissident.com/nostr-cold-root-epoch-key-rotation
Discussion
FROST solves a different problem. It keeps a hot key safe by splitting it across participants.
Cold Root solves the opposite problem. The root key never touches any online device at all.
You create the key you actually use by doing it offline:
- Use the cold root to deterministically derive a new epoch key.
- Export only the epoch key and a signed lineage proof.
- The root never leaves cold storage.
The client only ever sees the hot epoch key. All continuity comes from the signature the root made offline.
"Igloo can be used online for remote signing, or offline for key management only"
you need an air gapped device they say, so you can use it
I think there has been some work around this in nostr already. Delegates. I strongly agree that this is a major issue. Doing work around this myself