That was very informative, thank you ST.
If FROST has that big downside, do you know if there is any particular reason we don't see wallet support anywhere for regular m of n in Taproot with the usual OP_CHECKMULTISIG script sequence?
Even that traditional "wasteful" version of threshold multisig (in comparison to an aggregate signature) would save quite some vBytes compared to the ECDSA signatures used in P2SH and P2WSH multisig, no?
You are correct that taproot's "regular" multisig is more efficient than ecdsa multisig. This is mostly because schnorr signatures are usually about 8 bytes smaller than ecdsa signatures, and if you have (for example) 15 signatures, that adds up to about 120 bytes saved.
I don't know why more wallets aren't adding "regular multisig" (with taproot) as a feature. But if you want to play around with it, check out bitpac.org, which is one of my demos. You can use it to create a taproot multisig (not frost) using nostr keys and then spend it by having keyholders "vote" on what to do with the money. It wasn't hard for me to build so I don't know what other wallet developers are waiting for. But everyone's got stuff to work on, maybe it's lack of demand.
reply
Do you know what I'm doing wrong here? I can't seem to make a taproot multisig with commands in core's terminal.
reply
I wish Craig Raw was here and I could tag him :(
reply