Skip to main content

FROST Protocol

FROST (Flexible Round-Optimized Schnorr Threshold) is the cryptographic cornerstone of the SUBFROST protocol. It is a threshold signature scheme that allows a large, dynamic set of signers to collectively create a single Schnorr signature without any single signer ever possessing the full private key.

How it Secures the Peg

The two-way peg between Bitcoin and SUBFROST is maintained by a large pool of FROST and frBTC token stakers. The BTC that collateralizes frBTC is held in a single Bitcoin address whose private key is managed by the entire signer set using the FROST protocol.

  1. Distributed Key Generation (DKG): When the signer set is formed or changed, the signers perform a DKG ceremony. This is an interactive protocol where each signer generates a share of a private key. At the end of the ceremony, a single public key is created for the group, but no individual signer holds the corresponding private key. Each signer only has their own secret share.

  2. Threshold Signatures: To spend the BTC held in the multisig address (i.e., to process an unwrap request), a threshold t of the total n signers must cooperate.

    • A user broadcasts an unwrap transaction on the SUBFROST protocol.
    • Once finalized, a quorum of signers (at least t of them) will each use their private key share to create a partial signature.
    • These partial signatures are then aggregated into a single, valid Schnorr signature for the Bitcoin transaction that releases the BTC to the user.

Key Advantages

  • No Single Point of Failure: The full private key never exists in one place, making it impossible for a single compromised signer (or a small group) to steal the funds.
  • Scalability: The protocol supports a large and dynamic set of signers. New signers can join and old ones can leave without needing to regenerate the main key, only requiring an update to the key shares.
  • Efficiency: FROST is optimized to be non-interactive in the signing phase (after an initial setup round), reducing the communication overhead between signers and making the signing process fast.

This trust-minimized setup is a significant improvement over federated or centralized peg mechanisms, providing a much higher degree of security and decentralization for the assets locked on the protocol.