• bitcoinBitcoin (BTC) $ 97,696.00
  • ethereumEthereum (ETH) $ 2,727.46
  • xrpXRP (XRP) $ 2.82
  • tetherTether (USDT) $ 1.00
  • solanaSolana (SOL) $ 198.63
  • bnbBNB (BNB) $ 661.66
  • usd-coinUSDC (USDC) $ 0.999942
  • dogecoinDogecoin (DOGE) $ 0.279608
  • cardanoCardano (ADA) $ 0.808595
  • staked-etherLido Staked Ether (STETH) $ 2,726.30
  • tronTRON (TRX) $ 0.232549
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 97,479.00
  • chainlinkChainlink (LINK) $ 19.45
  • stellarStellar (XLM) $ 0.362094
  • suiSui (SUI) $ 3.57
  • avalanche-2Avalanche (AVAX) $ 26.74
  • wrapped-stethWrapped stETH (WSTETH) $ 3,257.06
  • shiba-inuShiba Inu (SHIB) $ 0.000017
  • hedera-hashgraphHedera (HBAR) $ 0.237031
  • litecoinLitecoin (LTC) $ 129.75
  • the-open-networkToncoin (TON) $ 3.87
  • leo-tokenLEO Token (LEO) $ 9.81
  • hyperliquidHyperliquid (HYPE) $ 26.71
  • usdsUSDS (USDS) $ 1.00
  • wethWETH (WETH) $ 2,727.09
  • polkadotPolkadot (DOT) $ 5.19
  • mantra-daoMANTRA (OM) $ 7.54
  • bitcoin-cashBitcoin Cash (BCH) $ 344.55
  • bitget-tokenBitget Token (BGB) $ 5.36
  • uniswapUniswap (UNI) $ 10.11
  • ethena-usdeEthena USDe (USDE) $ 0.999987
  • wrapped-eethWrapped eETH (WEETH) $ 2,889.47
  • official-trumpOfficial Trump (TRUMP) $ 22.02
  • moneroMonero (XMR) $ 235.31
  • pepePepe (PEPE) $ 0.000010
  • nearNEAR Protocol (NEAR) $ 3.58
  • ondo-financeOndo (ONDO) $ 1.32
  • aaveAave (AAVE) $ 262.35
  • whitebitWhiteBIT Coin (WBT) $ 27.07
  • aptosAptos (APT) $ 6.13
  • mantleMantle (MNT) $ 1.04
  • daiDai (DAI) $ 1.00
  • internet-computerInternet Computer (ICP) $ 7.27
  • bittensorBittensor (TAO) $ 397.74
  • susdssUSDS (SUSDS) $ 1.04
  • ethereum-classicEthereum Classic (ETC) $ 21.42
  • okbOKB (OKB) $ 51.80
  • gatechain-tokenGate (GT) $ 23.59
  • vechainVeChain (VET) $ 0.035654
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.326154
  • kaspaKaspa (KAS) $ 0.108118
  • algorandAlgorand (ALGO) $ 0.300872
  • jupiter-exchange-solanaJupiter (JUP) $ 0.958507
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 97,608.00
  • crypto-com-chainCronos (CRO) $ 0.091504
  • render-tokenRender (RENDER) $ 4.82
  • tokenize-xchangeTokenize Xchange (TKX) $ 30.15
  • filecoinFilecoin (FIL) $ 3.55
  • cosmosCosmos Hub (ATOM) $ 5.02
  • arbitrumArbitrum (ARB) $ 0.495539
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.811186
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999036
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 97,426.00
  • sonic-3Sonic (prev. FTM) (S) $ 0.560049
  • fasttokenFasttoken (FTN) $ 3.94
  • celestiaCelestia (TIA) $ 3.21
  • lido-daoLido DAO (LDO) $ 1.88
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,726.17
  • raydiumRaydium (RAY) $ 5.66
  • binance-staked-solBinance Staked SOL (BNSOL) $ 205.77
  • xdce-crowd-saleXDC Network (XDC) $ 0.100310
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,826.88
  • optimismOptimism (OP) $ 1.16
  • injective-protocolInjective (INJ) $ 15.76
  • ethenaEthena (ENA) $ 0.488135
  • kucoin-sharesKuCoin (KCS) $ 12.28
  • blockstackStacks (STX) $ 0.984636
  • solv-btcSolv Protocol SolvBTC (SOLVBTC) $ 97,363.00
  • bonkBonk (BONK) $ 0.000019
  • theta-tokenTheta Network (THETA) $ 1.43
  • immutable-xImmutable (IMX) $ 0.822454
  • movementMovement (MOVE) $ 0.585431
  • the-graphThe Graph (GRT) $ 0.144485
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,059.74
  • nexoNEXO (NEXO) $ 1.36
  • worldcoin-wldWorldcoin (WLD) $ 1.30
  • flare-networksFlare (FLR) $ 0.021910
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,880.80
  • usual-usdUsual USD (USD0) $ 0.997379
  • jasmycoinJasmyCoin (JASMY) $ 0.023464
  • sei-networkSei (SEI) $ 0.243772
  • galaGALA (GALA) $ 0.024709
  • dexeDeXe (DEXE) $ 17.88
  • eosEOS (EOS) $ 0.670157
  • the-sandboxThe Sandbox (SAND) $ 0.410225
  • solv-protocol-solvbtc-bbnSolv Protocol SolvBTC.BBN (SOLVBTC.BB) $ 94,432.00
  • msolMarinade Staked SOL (MSOL) $ 251.42
  • flokiFLOKI (FLOKI) $ 0.000101
  • tezosTezos (XTZ) $ 0.921130
  • jito-governance-tokenJito (JTO) $ 3.20
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.40
  • ethereum-name-serviceEthereum Name Service (ENS) $ 27.38
  • iotaIOTA (IOTA) $ 0.248059
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,826.28
  • bittorrentBitTorrent (BTT) $ 0.00000088
  • makerMaker (MKR) $ 1,010.39
  • flowFlow (FLOW) $ 0.531963
  • pyth-networkPyth Network (PYTH) $ 0.228168
  • wbnbWrapped BNB (WBNB) $ 661.17
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 215.71
  • neoNEO (NEO) $ 11.48
  • telcoinTelcoin (TEL) $ 0.010318
  • bitcoin-svBitcoin SV (BSV) $ 39.89
  • kaiaKaia (KAIA) $ 0.134321
  • roninRonin (RON) $ 1.27
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 97,406.00
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.52
  • spx6900SPX6900 (SPX) $ 0.802715
  • usddUSDD (USDD) $ 1.00
  • chain-2Onyxcoin (XCN) $ 0.022096
  • axie-infinityAxie Infinity (AXS) $ 4.55
  • dogwifcoindogwifhat (WIF) $ 0.719571
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.279254
  • tether-goldTether Gold (XAUT) $ 2,885.28
  • heliumHelium (HNT) $ 3.94
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.010846
  • curve-dao-tokenCurve DAO (CRV) $ 0.530444
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 2,880.99
  • aerodrome-financeAerodrome Finance (AERO) $ 0.853870
  • elrond-erd-2MultiversX (EGLD) $ 23.40
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,726.21
  • berachain-beraBerachain (BERA) $ 5.94
  • decentralandDecentraland (MANA) $ 0.340687
  • arweaveArweave (AR) $ 9.68
  • fraxFrax (FRAX) $ 0.996593
  • paypal-usdPayPal USD (PYUSD) $ 0.999853
  • usdx-money-usdxusdx.money USDX (USDX) $ 0.999486
  • starknetStarknet (STRK) $ 0.240628
  • pendlePendle (PENDLE) $ 3.75
  • dydx-chaindYdX (DYDX) $ 0.821631
  • pax-goldPAX Gold (PAXG) $ 2,908.67
  • conflux-tokenConflux (CFX) $ 0.120672
  • beam-2Beam (BEAM) $ 0.011196
  • matic-networkPolygon (MATIC) $ 0.326438
  • chilizChiliz (CHZ) $ 0.061281
  • resolv-usrResolv USR (USR) $ 1.00
  • pumpbtcpumpBTC (PUMPBTC) $ 95,081.00
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,727.05
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,724.02
  • coredaoorgCore (CORE) $ 0.554194
  • meowMEOW (MEOW) $ 0.006146
  • insurance-2INSURANCE (INSURANCE) $ 29.06
  • apecoinApeCoin (APE) $ 0.744829
  • ecasheCash (XEC) $ 0.000027
  • wormholeWormhole (W) $ 0.185657
  • aioz-networkAIOZ Network (AIOZ) $ 0.461395
  • zcashZcash (ZEC) $ 33.25
  • kavaKava (KAVA) $ 0.482882
  • beldexBeldex (BDX) $ 0.075054
  • ai16zai16z (AI16Z) $ 0.466654
  • compound-governance-tokenCompound (COMP) $ 57.84
  • reserve-rights-tokenReserve Rights (RSR) $ 0.008979
  • true-usdTrueUSD (TUSD) $ 0.998189
  • newton-projectAB DAO (AB) $ 0.011093
  • amp-tokenAmp (AMP) $ 0.005840
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 97,938.00
  • morphoMorpho (MORPHO) $ 2.19
  • clbtcclBTC (CLBTC) $ 97,555.00
  • thorchainTHORChain (RUNE) $ 1.38
  • fartcoinFartcoin (FARTCOIN) $ 0.476273
  • akash-networkAkash Network (AKT) $ 1.92
  • based-brettBrett (BRETT) $ 0.046757
  • axelarAxelar (AXL) $ 0.500809
  • story-2Story (IP) $ 1.83
  • gnosisGnosis (GNO) $ 176.54
  • tbtctBTC (TBTC) $ 97,461.00
  • quantixaiQuantixAI (QAI) $ 85.67
  • mina-protocolMina Protocol (MINA) $ 0.364782
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000080
  • stakestone-berachain-vault-tokenStakeStone Berachain Vault Token (BERASTONE) $ 2,711.30
  • apenftAPENFT (NFT) $ 0.00000044
  • chex-tokenCHEX Token (CHEX) $ 0.433276
  • eigenlayerEigenlayer (EIGEN) $ 1.76
  • deepDeepBook (DEEP) $ 0.170002
  • olympusOlympus (OHM) $ 25.72
  • bridged-usdc-polygon-pos-bridgeBridged USDC (Polygon PoS Bridge) (USDC.E) $ 0.999717
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.01
  • zksyncZKsync (ZK) $ 0.111672
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 2,972.99
  • super-oethSuper OETH (SUPEROETHB) $ 2,727.83
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • usdbUSDB (USDB) $ 1.00
  • hashnote-usycHashnote USYC (USYC) $ 1.08
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 2,727.39
  • grassGrass (GRASS) $ 1.61
  • verus-coinVerus (VRSC) $ 5.03
  • 1inch1inch (1INCH) $ 0.273005
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.08
  • echelon-primeEchelon Prime (PRIME) $ 6.86
  • snekSnek (SNEK) $ 0.005008

The Key to FROST: What is Distributed Key Generation?

0 71

The Key to FROST: What is Distributed Key Generation?

  bitcoinmagazine.com 4 h

The Key to FROST: What is Distributed Key Generation?

Multisig is a familiar concept for most in Bitcoin: a multisig transaction requires approval from multiple parties before it can be executed. We distinguish between «n-of-n» multi-signatures, where the number of involved parties is n, and they all need to approve, and «t-of-n» threshold signatures, where only a smaller number t of participants need to approve. Cryptographic schemes like MuSig, MuSig-DN and MuSig2 for multi-signatures and FROST by Komlo and Goldberg for threshold signatures can reduce transaction cost and improve privacy of multisig wallets.

So far, in the Bitcoin Community FROST has only been used in experimental implementations. In this post, we explain why this is the case and how we aim to advance FROST in a Bitcoin production environment through our recent publication of a BIP draft for the ChillDKG distributed key generation protocol.

First, what are the benefits of FROST?

Privacy and Efficiency Gains with MuSig2 and FROST

With MuSig2 and FROST, even though multiple participants contribute to the signing process, the outcome is a single signature.

This not only gives better privacy to the participants by making the transaction look like as ordinary singlesig-wallet transaction. It also trims down the transaction, reducing its size and therefore lowering the transaction fee. All great things!

MuSig2 and FROST allow Bitcoin users to operate a multisig wallet with the same transaction cost as a regular single-signature wallet. The cost benefits are especially significant for systems with a large number of signers and frequent transactions, such as federated sidechains like Liquid or Fedimint. Unlike traditional multisig, which leaves a distinct fingerprint that allows blockchain observers to identify transactions of the wallet, FROST-based wallets are indistinguishable from regular single-signature wallets on the blockchain. Therefore, they provide an improvement in privacy compared to traditional multisig wallets.

While MuSig2 has seen adoption from the Bitcoin industry, the same cannot be said for FROST as far as we know. This may be surprising, considering the existence of multiple FROST implementations, such as in ZF FROST (by the Zcash Foundation), secp256kfun (by Lloyd Fournier), and an experimental implementation in libsecp256k1-zkp (by Jesse Posner and Blockstream Research). There is even a IETF specification for FROST, RFC 9591 (though it is not compatible with Bitcoin due to Taproot tweaking and x-only public keys). One of the most plausible explanations is that FROST’s key generation process is considerably more complex compared to MuSig2.

The Unresolved Puzzle of FROST in Production Systems

FROST essentially consists of two parts: key generation and signing. While the signing process closely resembles that of MuSig2, key generation is significantly more involved than in MuSig2. Key generation in FROST is either trusted or distributed:

  1. Trusted key generation involves a “trusted dealer” who generates the key and distributes key shares to the signers. The dealer represents a single point of failure: if malicious or hacked, the FROST wallet is at risk of being emptied.
  2. Distributed key generation (DKG), while eliminating the need for a trusted dealer, presents its own challenges: All participants need to be involved in an interactive key generation “ceremony” run before signing can start.

The Core Challenge: Agreement

DKG typically requires secure (i.e., authenticated and encrypted) channels between participants to deliver secret shares to individual signers, and a secure agreement mechanism. The purpose of the secure agreement mechanism is to ensure that all participants eventually reach agreement over the results of the DKG, which include not only parameters such as the generated threshold public key, but also whether no error occurred and the ceremony was not disrupted by a misbehaving participant.

While the IETF specification considers DKG out of scope entirely, the FROST implementations mentioned above do not implement secure agreement, leaving this task to the library user. But agreement is not trivial to implement: there exist countless protocols and flavors of agreement, ranging from simple echo broadcast schemes to full-fledged Byzantine consensus protocols, and their security and availability guarantees differ significantly, and sometimes subtly.

Despite the confusion that may arise due to this jungle of agreement protocols, the exact flavor of agreement that DKG relies on is often not clearly communicated to engineers, leaving them in the dark.

ChillDKG: a Standalone DKG for FROST

To overcome this obstacle, we propose ChillDKG, a new “ready-to-use” DKG protocol tailored to the use in FROST (draft). We provide a detailed description in the form of a draft of a Bitcoin Improvement Proposal (BIP), which is intended to serve as a specification for implementers.

The main feature of ChillDKG is that it is standalone: The establishment of secure communications and secure agreement is done within the protocol, while all of this underlying complexity is hidden behind a simple and hard-to-misuse API. As a result, ChillDKG is ready to use in practice and does not rely on any setup assumption, except that each signer has decided on the set of co-signers as identified by individual public keys. ChillDKG is based on the SimplPedPop protocol, in whose design and formal security proof Blockstream Research has been involved, see, the CRYPTO 2023 paper «Practical Schnorr Threshold Signatures Without the Algebraic Group Model» by Chu, Gerhart, Ruffing (Blockstream Research), and Schröder

Additional goals for ChillDKG’s design include:

  • Broad applicability: ChillDKG supports a wide range of scenarios, from those where the signing devices are owned and connected by a single individual to those where multiple owners manage the devices from distinct locations.
  • Simple backups: Instead of having to back up secrets received from the other signers in a secure location, ChillDKG allows restoring the wallet solely from the device seed and public data that is the same for all DKG participants. Consequently, an attacker gaining access to the public backup data does not obtain the secret signing key, and if a user loses their backup, they can request it from another honest signer.

The ChillDKG BIP is currently in draft stage, and we are seeking feedback on design choices and implementation details. While the specification is mostly complete, it lacks test vectors, and we are considering adding some additional features (e.g., «identifiable aborts»). Once finalized, the ChillDKG BIP can be used in combination with a BIP for FROST signing to instantiate the entire FROST protocol.

This is a guest post by Jonas Nick, Kiara Bickers, and Tim Ruffing. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Source

Leave A Reply

Your email address will not be published.