Actually bringing your own key is possible, but there are limitations.
A FROST signing share is a polynomial evaluation. If, say, 3 people join together each bringing their own fixed signing shares, there exists some quadratic polynomial that interpolates their shares. However, it's impossible to find a linear (degree-one) polynomial which does the same.
In practice, this means if `n` people BYOK, they can definitely create an `n` of `n` threshold key with FROST. They can then issue new shares to add more people to the FROST group if they wanted, to make it an `n` of `m` threshold.
I'm not sure about the security implications of what a DKG would look like if only SOME keys are fixed and others can be variable. That's a different ball game 😅
conduition
npub1l6…6zvtg
2024-02-12 16:06:03
in reply to nevent1q…are0
Author Public Key
npub1l6uy9chxyn943cmylrmukd3uqdq8h623nt2gxfh4rruhdv64zpvsx6zvtgPublished at
2024-02-12 16:06:03Event JSON
{
"id": "c694c219086e6a62d8e8b3869af261a5a1d2f72ceceaf6ee0e3429682acb60b0",
"pubkey": "feb842e2e624cb58e364f8f7cb363c03407be9519ad48326f518f976b3551059",
"created_at": 1707753963,
"kind": 1,
"tags": [
[
"e",
"a4e04255b4c5aa77d5cf587d4652126c47d068e3800d88ca425d911b433f9a42",
"",
"root"
],
[
"e",
"10477fdf13737da3c88d7bb99027e3e7107d7971ca6c46e344328471a53f3e8e"
],
[
"e",
"867c8cdccff4cec9626089b0a96592f6975290d5cf8648acf7ba9e63f1456631",
"",
"reply"
],
[
"p",
"91dbab9f62660e95258480d2f2cff6dcfdb513f28a85fa4fb55ee993a5b46809"
],
[
"p",
"d987084c48390a290f5d2a34603ae64f55137d9b4affced8c0eae030eb222a25"
],
[
"p",
"d3d74124ddfb5bdc61b8f18d17c3335bbb4f8c71182a35ee27314a49a4eb7b1d"
]
],
"content": "Actually bringing your own key is possible, but there are limitations.\n\nA FROST signing share is a polynomial evaluation. If, say, 3 people join together each bringing their own fixed signing shares, there exists some quadratic polynomial that interpolates their shares. However, it's impossible to find a linear (degree-one) polynomial which does the same. \n\nIn practice, this means if `n` people BYOK, they can definitely create an `n` of `n` threshold key with FROST. They can then issue new shares to add more people to the FROST group if they wanted, to make it an `n` of `m` threshold.\n\nI'm not sure about the security implications of what a DKG would look like if only SOME keys are fixed and others can be variable. That's a different ball game 😅",
"sig": "e5fc322c1faa058bc669bb6c5c0507019f05a39e54c55e1ad1c6f226ddcf533e50b66fc2dc8fa2d36d79022963e4fbdfe14287e667e92b03503f9f62507e59c2"
}