From my understanding, Frost provides mitigations to a compromised key by being able to refresh all of the signing keys.
https://frost.zfnd.org/frost.html#refreshing-shares
However, the last set of signing keys remains valid, and those keys can still sign messages. So there is still a risk (see the documentation above for more info). So by generating a new set, the last set isn't invalidated or revoked, and therefore not really a key rotation. Interesting though.
Braydon Fuller
npub1r0…7zzyc
2025-02-25 18:29:57
in reply to nevent1q…0c92
Author Public Key
npub1r0ulywwu593kzjdu9uluxdq80t54n65kql9vl9z7lrutkgnachssk7zzycPublished at
2025-02-25 18:29:57Event JSON
{
"id": "b1c9535026d474910c0a229ba5783b73fdf054da2234b34b6329e00cb020fa63",
"pubkey": "1bf9f239dca1636149bc2f3fc334077ae959ea9607cacf945ef8f8bb227dc5e1",
"created_at": 1740508197,
"kind": 1,
"tags": [
[
"e",
"938ea40112b43029dc7727e95fc8d25a93231fb4209f5e81f2dabbea9663f5d1",
"",
"root"
],
[
"e",
"43cd82bab60dfc86d1af54d7ed324795514d00afd349dda78503eecccd21fe0a",
"",
"reply"
],
[
"p",
"683211bd155c7b764e4b99ba263a151d81209be7a566a2bb1971dc1bbd3b715e"
],
[
"p",
"623ed218de81311783656783d6ce690b521a89c4dc09f28962e5bfd4fa549249"
],
[
"r",
"https://frost.zfnd.org/frost.html#refreshing-shares"
]
],
"content": "From my understanding, Frost provides mitigations to a compromised key by being able to refresh all of the signing keys.\n\nhttps://frost.zfnd.org/frost.html#refreshing-shares\n\nHowever, the last set of signing keys remains valid, and those keys can still sign messages. So there is still a risk (see the documentation above for more info). So by generating a new set, the last set isn't invalidated or revoked, and therefore not really a key rotation. Interesting though.",
"sig": "f7e8ecde06042f14f834642ad5a3f92c5142de4dbefe34f350f2037160b75cfbf02b6ade03408ab69555a0f6bebd948074271e11d72abd9b7531b1363885b89b"
}