pull down to refresh
2120 sats \ 3 replies \ @rijndael 20 Jul 2023 \ parent \ on: Frostsnap - Easy, personalized, secure bitcoin multisig for everyone bitcoin
@utxoclub answered the "how" in his comment (the google-able term is "rpoactive secret sharing)
For "how can it be secure" question, you need a quorum of signers to add/remove a signer. So if you have a 3/5 and you want to add a new signer, you need to have 3 of the existing signers. Those three could move all the money anyway.
It's a cool feature - but doesn't this also create a new attack vector?
For example, some parties might be tricked into generating a new quorum/new shares, whereas other parties are still using the old quorum/old shares.
3-of-5 becomes 3-of-4, where 2 shares are stale/invalid:
Party A: share A1
Party B: share B1
Party C: share C2 (tricked)
Party D: share D2 (tricked)
Party E: removed
To mitigate this, I suppose you might want a secure communication channel and a protocol to ensure that either everybody moves to a new set of shares, or no one moves. That and keeping old shares on the devices, just in case. Keeping states is something that you might have to do anyway for the nonces.
reply
rijndael coming in clutch.
reply
That's what he does!
reply