FROST is awesome. IMHO a substantial improvement over P2SH & most things keeping ppl f/ using multisig. I think this will greatly improve PRACTICAL security. I'm joined by Jesse Posner, #[0] and #[1] to discuss it on Bitcoin.Review (MATH⚠️)
We also touch a little on Nostr key things...
In Shamir's secret sharing, is the secret the coefficent of the first term of the polynomial or where the polynomial crosses the y-axis (x=0)? I heard the latter but perhaps it can be either?
The first term of the polynomial is the x^0 coefficient, which is also the y-intercept :-)
For example, say your secret is the number 5 and you want to have a 2/3 split. You randomly generate a polynomial. Lets say its y = 5 + 3x. Then you make three shares where each share is a point (x,y) so if you want to use 1,2,3 for the x coordinates youd have (1,8), (2,11), (3,14). If you take two of those points, maybe the 1 and 3 points and interpolate a line through them, it’ll intercept the y axis at 5, which is what you get if you set x to 0 in y=5+3x.
As jesse said, this generalizes upwards: for a t-of-n split, you pick a polynomial of degree t-1, and then you pick n points on the curve.
The DKG used in frost is kind of that in reverse: everyone makes their own polynomial and then passes around coefficients to pick a secret that none of them know.
Loved the episode. Listening a second time now. V keen to hear more on this topic.
With existing mulitsig, we have to keep a copy of the redeem script or all the xpubs in case one of the keys are lost.
If one of the keys of say a 2 of 3 Frost multisig private key is lost, is it possible to have access to spend funds if only have 2 of the private keys and no redeem script or xpub of lost key?
Sounds like you can as there is no redeem script? Is that correct?
