Replying to Avatar conduition

Actually bringing your own key is possible, but there are limitations.

A FROST signing share is a polynomial evaluation. If, say, 3 people join together each bringing their own fixed signing shares, there exists some quadratic polynomial that interpolates their shares. However, it's impossible to find a linear (degree-one) polynomial which does the same.

In practice, this means if `n` people BYOK, they can definitely create an `n` of `n` threshold key with FROST. They can then issue new shares to add more people to the FROST group if they wanted, to make it an `n` of `m` threshold.

I'm not sure about the security implications of what a DKG would look like if only SOME keys are fixed and others can be variable. That's a different ball game 😅
Avatar
average_bitcoiner 1y ago

How would one go about discovering the security implications of such a DKG?

Reply to this note

Please Login to reply.

Discussion

Avatar
conduition 1y ago

You sit down, put pencil to paper and work it out!

There is likely a way to do the DKG so that some cosigners have fixed keys and others have fresh random keys. It'd probably just take some clever math and a security proof that malicious cosigners couldnt bias the DKG to do evil stuff like backdoor the group key.

Avatar
average_bitcoiner 1y ago

Lol. Learning cryptography still! Might have to give it a try. Its just math, right?

Avatar
conduition 1y ago

Yep! I have some links to some more beginner-friendly ECC stuff here:

https://conduition.io/cryptography/ecc-resources/