Oof, adding and removing signers within the FROST protocol without needing to change the public key sounds SUPER shaky. If that's possible, it's VERY new and untested, and I absolutely wouldn't trust that until it's been well reviewed and established - which does not currently seem to be the case.
Some very sensitive trust blinkers out. Was it the rocket emoji? 🤣
reply
Ha, I mean, emojis in titles don't give off a great vibe imho, but I'll give anything a chance ;)
For me it really does come down to adding unnecessary cryptography and internet connection to something that should be straightforward and air gapped.
reply
I'm still looking for nana suitable multisig, it doesn't seem to exist yet, Sparrow seems a litte to technical, would need a big clean UI. Any other suggestions? There's going to be trade offs and I think we have got to help people build.
reply
I think for most people, the best way to go is something like Unchained, which has a super easy set up. The UI is about as simple as it gets. If you go with 2 of 3 multisig, you have two hardware wallets, two backups, and you're trusting your third wallet to the third party. I think it's a worthy trade off. To actually be in a situation where you're fully dependent on the third party, you have to lose one of your wallets AND its backup at the same time, which should be unlikely unless you store them right next to each other. And if you're still worried about Unchained deciding to hold your funds hostage - consider the fact that doing so would be corporate suicide with no incentive, because they can't actually withdraw your funds.
So you can think of it as diversifying your security model. You're essentially using the full resources of a corporate security institution to secure a backup, and you're not actually giving them any control over your bitcoin. I think that's a great model because they're likely going to do a way better job securing your backup than you will.
It's a similar security model to keeping your third wallet in a bank deposit box, except your Unchained backup will be available to you anywhere in the world, and they make the multisig setup process significantly easier than doing it yourself with something like Sparrow.
reply
Yeah I think you are right. The issue with Unchained is it's a company, and a US one no less. So that makes it inherently doxic. I'd rather trust an online gang doing a similar thing.
reply
Yeah collaborative custodians today can see all of your UTXOs, transactions, balances. And in theory they could even censor you (at gov request) or hold you to ransom in the event that you need their assistance to sign.
(btw with FROST we can run a service like unchained but completely private) https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-August/021917.html
reply
eating my words rn, nvm about unchained.
reply
Thanks for sharing your feelings, but the cryptographic literature has been around for over 20 years and is well established.
Adding/removing signers isn't so much to do with the FROST signing protocol, but rather the things we can do with the secret shares that FROST uses:
In terms of implementations that we engineer, yes they will require review and thorough testing, which we will achieve.
reply