A Deep-dive into FROST

Flexible Round-Optimized Schnorr Threshold (FROST) underpins the security and decentralization of the Bitcoin side of BitSafe CBTC. As a threshold signature scheme, FROST enables a group of participants to collectively generate a single Schnorr signature, without any single participant ever having access to the full private key.

This document provides a comprehensive technical overview of FROST, its integration with CBTC, and the significant advantages it offers for institutional Bitcoin custody.

1. Understanding FROST

1.1. What is FROST?

FROST is a threshold signature scheme that allows for the creation of Schnorr signatures from a distributed set of key shares.

1.2. Why FROST for CBTC?

The selection of FROST for decentralized control of the BTC in our on-chain Bitcoin network vault was a deliberate choice.

2. How FROST Works

2.1. Key Generation

FROST supports two primary methods: Trusted Dealer Generation and Distributed Key Generation (DKG).

2.2. The Signing Process

The FROST signing process is a two-round protocol coordinated by a designated entity.

2.3. Signature Aggregation and Verification

Once the Coordinator has received a threshold of valid signature shares, it can aggregate them into a single, final Schnorr signature.

3. Advanced Features and Security

One of the most powerful features of FROST is the ability to perform Verifiable Secret Resharing (VSR).

3.2. Security Model

The security of FROST is based on strong cryptographic assumptions.

4. FROST in CBTC: Implementation Details

4.1. Attestor Network Architecture

The CBTC system operates through a decentralized network of institutional-grade Attestors.

4.2. Coordinator and Governance Integration

The system employs a Coordinator that executes periodic checks every 60-120 seconds.

4.3. Threshold Signing Process

FROST enables the Attestor network to collectively authorize Bitcoin transactions.

4.4. Dual-Network Security Model

The CBTC system security relies on coordination between two networks.

5. More Reading

RFC 9591, Zcash Foundation FROST docs, Cryptology ePrint Archive Report 2020/852

PreviousSecurity Model NextOperational Guides

Last updated 13 days ago

hashtag1. Understanding FROST

hashtag1.1. What is FROST?

hashtag1.2. Why FROST for CBTC?

hashtag2. How FROST Works

hashtag2.1. Key Generation

hashtag2.2. The Signing Process

hashtag2.3. Signature Aggregation and Verification

hashtag3. Advanced Features and Security

hashtag3.1. Share Resharing and Revocation

hashtag3.2. Security Model

hashtag4. FROST in CBTC: Implementation Details

hashtag4.1. Attestor Network Architecture

hashtag4.2. Coordinator and Governance Integration

hashtag4.3. Threshold Signing Process

hashtag4.4. Dual-Network Security Model

hashtag5. More Reading