Trade-offs
Frostsnap is an ever improving security system that adapts to constant technical challenges at the frontier of cryptography:
Signer Selection Constraint
Issue: You need to choose which devices will be
signing at the beginning of a signing session.
This is because FROST requires devices to collaborate under a
agreed upon set of nonces that can not change mid-signing session.
Future Mitigation: This can be alieved for small threshold multisigs by running parallel signing sessions with differing combinations of signers.
Non-Auditability of Aggregated Signatures
Issue: Once signatures are aggregated, you can't determine which devices produced them.
Impact: Not a concern for individual self-custody. May matter for adversarial multisigs.
Mitigation: Could be implemented at genuine software app layer for organisations.
Nonce State Management
Critical consideration: Nonce reuse would compromise security.
Solution: AB flash storage techniques guarantee nonces are irreversibly erased before signatures are sent. Resistant to flash degradation and reset.
Physical security: For nonce reuse attack, attacker needs threshold number of geographically separated devices.
Single-Vendor Approach
Risk: Malicious update to both firmware and app could potentially steal funds.
Solution:
- ❄ Emergency escape hatch, you can combine seedwords backups into xpriv and load into bitcoin core / sparrow.
- ❄ Auditable and reproducible firmware builds
- ❄ Completely free and open source (MIT license)