The Zcash Foundation is excited to announce the first stable release of frost-core, a reference implementation of Two-Round Threshold Schnorr Signatures with FROST, written in Rust. This implementation has been fully audited and conforms to the latest and final version of the IRTF draft specification, which we are confident will soon make it as a final Informational RFC.
What FROST does and why it matters
FROST is a threshold multi-party signature scheme. It allows a key to be split into multiple shares (or even to be created in a distributed fashion without having to create an original unsplit key), and then enables creating a signature by aggregating multiple signature shares created by participants who hold key shares. The threshold means that a minimum number of participants are required to be able to create a signature.
In the context of Zcash, this means that FROST allows creating wallets where transactions have to be authorized by multiple participants. This has multiple benefits: it’s more robust, since if a participant loses a share, it is still possible for the other participants to sign transactions (and they can help to reissue the lost share); and in the same vein, if a participant gets hacked, the attacker won’t be able to solely sign transactions.
With the frost Rust library, the Zcash Foundation provides a reference implementation for the informational “Two-Round Schnorr Threshold Signatures with FROST” CFRG (Crypto Forum Research Group) Internet Draft. The CFRG is a general forum for discussing and reviewing uses of cryptographic mechanisms and is part of the Internet Research Task Force (IRTF), which in turn promotes research of importance to the evolution of the Internet protocols, applications, architecture and technology.
This release includes the frost-rerandomized variant, an adaptation to the FROST threshold signature scheme to make it unlinkable, which is a requirement for its use in the Zcash protocol. The adapted scheme generates signatures that are compatible with spend authorization signatures in the Zcash protocol, for the Sapling and Orchard network upgrades. This makes it possible for Zcash transactions to be authorized by more than one party, while preserving the privacy of individual signers.
Privacy-preserving threshold multi-party signatures for Zcash
Now that the frost reference implementation is production-ready we look forward to the acceptance of ZIP-312: “Shielded Multisignatures using FROST” and its implementation in the Zcash ecosystem. We will continue to work on a set of demos to show how some of the challenges for integration into wallets may be solved, as well as to provide a reference for implementers.
We would like to thank the following current and past ZF team members for their contributions to the FROST reference implementation; without their work and support, we would not have reached this milestone today:
Chelsea Komlo, Conrado P. L. Gouvêa, Natalie E., Deirdre Connolly, Pili Guerra, Alfredo Garcia, Teor, Marek Bielik, Henry de Valence, Jane Lusby, Josh Cincinnati, Antonie Hodge, Fungai Matambanadzo.
We would also like to thank all of the numerous external contributors to the spec and code base.