FROST stands for Flexible Round-Optimized Schnorr Threshold, and it is a threshold signature scheme that essentially reduces network overhead during signing operations – while employing novel techniques to protect against forgery attacks applicable to similar schemes.
FROST improves upon the state of the art in Schnorr threshold signature protocols, as it can be safely used without limiting concurrency of signing operations – yet allows for true threshold signing, as only a threshold number of participants are required for signing operations.
It can be used as either a two-round protocol where signers send and receive two messages in total, or optimized to a single-round signing protocol with a pre-processing stage. It achieves its efficiency improvements in part by allowing the protocol to abort in the presence of a misbehaving participant (who is then identified and excluded from future operations)—a reasonable model for practical deployment scenarios.
Low round complexity in both the distributed key-generation and signing phases.
Secure against dishonest majority. FROST is secure against adversaries which control up to t-1 signers in the signing phase.
Concurrent security. This is in contrast to other threshold Schnorr signature protocols that have the same round complexity, but suffer from limited concurrency to protect against the attack of Drijvers etc.
Simple cryptographic building blocks and assumptions. FROST is built upon the threshold Shamir secret sharing and Feldman verifiable secret sharing schemes and it relies only on the discrete logarithm assumption.
Low round complexity in both the distributed key-generation and signing phases.
Secure against dishonest majority. FROST is secure against adversaries which control up to t-1 signers in the signing phase.
Concurrent security. This is in contrast to other threshold Schnorr signature protocols that have the same round complexity, but suffer from limited concurrency to protect against the attack of Drijvers.
Simple cryptographic building blocks and assumptions since it is built upon the threshold Shamir secret sharing and Feldman verifiable secret sharing schemes and it relies only on the discrete logarithm assumption.
Researchers at the Zcash Foundation are collaborating on an IRTF informational draft for FROST with researchers at the University of Waterloo and several other organizations, and it’s on the path towards greater adoption within the Zcash ecosystem and beyond.
Need to reach us? Send us an enquiry and a member of our team will get back to you shortly.
