Follow

What's the current status of threshold (t-of-n) signatures in Bitcoin? Most material I've found is about musig2 for multisignatures (n-on-n).

Is actual threshold sigs possible, and with what limitations?

I know you can "cheat" by using key-path multisignature for the most common set of t signers, and separate multisignature script paths for each of the other sets.

Found this FROST project by Jesse Posner that aims to implement threshold sigs for Bitcoin: github.com/jesseposner/FROST-B

@kalle ( @cjd boosted )
>threshold systems commonly assume “trusted dealer” where the entire secret is allowed to exist on one system temporarily during key generation, from which the shares are distributed
https://randomoracle.wordpress.com/2018/07/22/threshold-ecdsa-key-sharding-and-multi-signature-a-comparison/
Looks like multisig is better to me.

@kalle
AFAIK there's only FROST and it's fairly interactive. Not even sure if there's an open source implementation.

@lopp Thanks. There's only two rounds and the first round can be prepared beforehand, pretty much like MuSig2. Currently watching youtube.com/watch?v=g3RX4IXAtr

Sign in to participate in the conversation
Bitcoin Mastodon

Bitcoin Maston Instance