Every time you split your nsec into shares, those shares are part of a unique set. If a share in the set is compromised, you delete the other shares and abandon the whole set. That renders the compromised share useless. Then you generate a new set of shares, and replace the old set. Rinse and repeat.
Discussion
Thanks.
And an old share can be kept in the new set?
Do we have security proof for this yet?
Literal Shamir's secret sharing?
Do you have some pseudo code for this please?
Shares do not work between sets, so the old shares will not work in the new set.
We are using shamir's secret sharing for splitting your nsec, which does have security proofs afaik.
Would be interesting to see a proof for the combination of SSS with the Schnorr signature part, especislly in relation to key rotation.
This does sound like there is some footgun possibility there.