Nostr Web Client

That's fine. What I am trying to understand is the role of the online signing component that need to check which keys are signing and the role of the master key that can rotate key shares.

Does the online component have a list of authorized pubkeys or does it just check if the incoming signature comes from any key that is inside the polynomial?

Meaning, can I rotate single device keys while keeping all the others in place, without changing the key set of the online service? Or do I need to update the online signer with a new public key that is authorized?

Ideally those two things would be separate. I load a polynomial on the signing service and then the air-gapped share creation/rotation service can generate new keys for new devices without having to update any of the old ones and the main signer.

cmd 10mo ago

yes, that is possible. you could create multiple sets of shares for your nsec, and run them concurrently. generating a new set doesn't invalidate the old set (you have to dispose of shares properly).

the bifrost node will only cooperate with peers who have a pubkey in the same group as them

in the future, igloo will be able to run multiple shares/nodes, which means you can participate in multiple signing groups, even for the same nsec

I don't have a clear use-case for doing this, other than more graceful rotation between sets (phase out the old set after the new set is in place).

Reply to this note

Please Login to reply.

Discussion

Vitor Pamplona 10mo ago

If I want to airgap my nsec, how would I set this up? Is Igloo the piece that stays offline? If so, How do I transfer a newly generated share set from the offline application to the main signer that knows the pubkeys of all shares?

What I am trying to do is this:

- no online device has my nsec.

- I use an offline computer to generate 3 shares in 2 of 3.

- 1 share goes into Amethyst.

- 1 share goes into Olas.

- 1 share goes into Amber.

All of them are in the phone.

Amethyst and Olas both need to communicate with Amber to sign.

No single app has the full nsec.

Questions:

- Do I need to pick a coordinator among the 3 signers?

- What do I need to transfer from the offline nsec holder application to each of the app? Just the nsec? or the nsec + the group of other keys authorized to sign on my behalf?

cmd 10mo ago

- Do I need to pick a coordinator among the 3 signers?

No, the node requesting the signature is the coordinator.

- What do I need to transfer from the offline nsec holder application to each of the app?

there are two encoded strings that you copy/paste: the group string and the share string. You do not need to transfer the nsec.

You can run igloo offline and air-gapped as a key manager, and another copy of igloo as a desktop signing node.

We have plans for a mobile app that will run as a remote signer using NIP-46. TBD.