It would be hard to get FROST to work on seed signer because it’s stateless. I know a trick that *might* make it possible. So the main advantage of frostsnap is that it exists!

Yes spending limits require secure hardware that never leaks its secret.

Changing quorum size just means making a new sharing of the secret and everyone deleting their old shares. You can do this without reconstructing the secret.

We're going to ship the most robust personal Bitcoin multisig setup ever.

✅FROST key generation and signing

✅Bitcoin wallet + PSBT/Sparrow support

✅Simple seed words backup

and a lot more in the works.

Pre-ordering gets you this ASAP and helps support our efforts. Thanks!

nostr:nevent1qvzqqqqqqypzqjxlqkg3g7v8sqt0q4uadhtrvmf404x8tll8at4hzl2cjd66q3m8qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qqszlgqgywgzmwq4vl8dc8ra9e407fhxt092vjy8wk8klsfq3cn4v9g9er9zh

I'm talking at Bitcoin Sydney tonight on Frostsnap!

https://www.meetup.com/bitcoin_sydney/events/308244930/?slug=bitcoin_sydney&eventId=308244930

Learning about nostr:npub1ejkyx6hvrs0v9tj3ft0qhpjwxdasfnfsessu2rtnuzhtp4866u2s00expu at Bitcoin Sydney.

Here’s the steel man himself: https://rumble.com/v6rajo4-freedom-of-speech-is-not-granted-by-the-government.-non-citizens-in-america.html

1. Fascists don’t nationalize industries. At least before a major war breaks out.

2. Happens later. Why would he make these moves now.

3. They’re deporting people in the US legally for not following state mandated narratives. A woman for writing an opinion in her school newspaper. Don’t worry citizens will get the treatment later.

Of course Biden helped develop American fascism too. So did all the presidents in recent memory. The people who are getting hysterical about it now are just partisan hacks. But they’re not wrong.

Yes I am going to do the same thing but the question is whether to patch out secp256k1 or secp256k1-sys. Which will be less painful…

Yes sounds like you’ve got the main idea!

I had this trick in mind to buy multiple el gamal decryptions with one tx at some point.

Oh but it looks like you’re patching secp25k1 rather than secp256k1-sys?

Awesome thanks.

So you patched out secp256k1_sys?

You still need the ZKP to prove the pre-images of some set of have some valid representation. I am referring the step where you have `n` points whose pre-images you want to sell in a single transaction. I am just saying you don't need n outputs to sell n DLOGs. You can set up an access structure ahead of time such that anyone who knows the discrete log of `X` will learn the discrete log of `X_1`, `X_2`,... , `X_n`. e.g set a polynomial such that p(1) = x_1, p(2) = x_2, ..., p(n) = x_n, then send p(n+1), p(n +2), ... p(2n -1) to the purchaser (they verify they are correct by interpolating X_1, X_2,..., X_n). Then sell them a single DLOG p(2n). From it they can interpolate the polynomial and recover x_1, ... ,x_n. You don't need to do any VSS here.

This is sort of the idea of "packed" secret sharing from the literature. If all the secrets are uniformly sampled and independently random then that *should* be secure protocol under DLOG assumption. Might need some more thought if that's not the case.

Show us the code sir. I also have a good reason.

You don't need n signatures to set up a payment for a n term representation.

Consider that the prover can just treat each secret term in the representation as coefficients in a polynomial, evaluate the polynomial n-1 times and give the evaluations to the verifier (along with the point commitment vector of the terms of cours). The verifier then pays on chain just for n'th evaluation with adaptor signature. With the nth evaluation you can reconstruct all n terms.

I think!

Why though? (I am also doing this)

You can make it work. It requires some UX finesse. You have to sort of “prepare” the silent payment address by getting a threshold of frost signers to do partial Diffie-Hellman and give the result to the coordinator. From there the coordinator can instantiate the silent payment outputs without the signers but it needs to be done once for each SP address.

I think we’re gonna try and hide this behind a kind of “save address” feature which (for security as well) requires you to sign the address with a threshold of devices to associate it with human readable identifier e.g. “Max”. You can slip this crypto in there.

SOD CANDLE

Tell me a decent vacuum cleaner brand that doesn’t employ planned obsolescence.

Which country is this?

It’s not bad where you get this?

Bitcoin being used as the settlement layer for industrial scale smuggling and tariff evasion is not priced in.