Hey Rijndael,
Here are some rough ideas for a draft scheme that I think will help explain
this better.
We begin by taking a single public nonce `D` from the collaborative signing
server to form a nonce pair for FROST `(D, 0)`.
This is then used to build the aggregate FROST nonce `R` which the si
Good morning Nick,
Love the direction of this.
> We can achieve this compatibility by having the server sign under a single
> nonce (not a binding nonce-pair like usual FROST), which is later blinded by
> the nonce contributions from other signers.
Can you say more about this? It sounds like t
Hello all,
Some thoughts on private collaborative custody services for Bitcoin.
With multiparty computation multisignatures like FROST [0], it is possible
to build a collaborative custodian service that is extremely private for
users.
Today's collaborative custodians can see your entire wallet h
