Some creative Bitcoiners have introduced a novel method for customizing multi-signature wallets that can adapt to a variety of real-world use cases. The newly-introduced Frostsnap method upgrades the capability of any multisig with a suite of new features.
For context, traditional Bitcoin Script multisig wallets have always been the most secure way to safeguard funds on the Bitcoin network. As the name suggests, rather than a single signer able to transfer funds, a multisig requires multiple signers to authorize any transaction.
Traditional multisigs can’t add signers without creating a new wallet. Changing a 2-of-3 to a 3-of-5 multisig, for example, requires creating a new multisig and transferring funds.
Frostsnap, however, introduces a method to:
- change hardware wallets (Ledgers, Trezors, ColdCards, etc.) belonging to a multisig without additional on-chain transactions,
- add new signers to a key after the initial private key generation event, permitting physical hardware wallet replacement, and
- render stolen hardware wallets incompatible with every other device of the multisig.
Any of those three features, on its own, would be enough to raise the eyebrow of a technically-minded Bitcoiner. Releasing specifications for all three is certainly newsworthy.
According to the hardware lead of the project, Adam Mashrique, “We want to set an open standard other vendors can implement. Our goal is for different makes of devices to be part of a FROST multisig wallet.”
“Our code on github is FOSS, so anyone is free to make and sell Frostsnap-compatible signing devices,” Mashrique said.
Bitcoin multisig centipede
Early commenters likened Frostsnap to a “Bitcoin multisig centipede.” Some types of centipedes can regrow lost legs, drop and regenerate over 100 pairs of legs, and travel at 10+ inches per second — speedy for its size.
Like a centipede, users can replace Frostsnap-compatible devices, modify the number of required devices to confirm a transaction if something gets “tripped up,” and efficiently facilitate data transfer to Bitcoin nodes thanks to Taproot signatures.
The name Frostsnap borrows the acronym Flexible Round-Optimized Schnorr Threshold signatures (FROST). The cryptography of FROST reduces network overhead and increases the flexibility of multisignature setups — even over an unreliable network.
The capabilities of the new system are entirely in consensus with the Bitcoin network today, with no fork nor proprietary node software needed. Although Frostsnap developers plan to introduce a Bitcoin Improvement Proposal (BIP) for on-chain FROST support, off-chain devices that support FROST are able to fully create and manage an on-chain Frostsnap wallet today (processing FROST computation off-chain, on-device).
FROST also reduces the risk of a forgery attack (forcing a connected device to share on-device information without approval from the owner of that device).
Like traditional multisig wallets, Frostsnap wallets will obviously require a threshold of signatures to authorize funds transfers. The technical difference between traditional and Frostsnap involves the storage of information needed to sign a transaction on each hardware wallet device.
With Frostsnap, users can back up information onto new devices, making it easier to swap devices in the future. Multisig signers can “kick out” any stolen device with a threshold number of signatures, helping keep funds secure from thieves. These device changes can be made without having to move funds to a new wallet.
- Unlike traditional multisigs, Frostsnap devices can increase privacy by using Taproot to obscure the existence or attributes of a Frostsnap wallet.
- Thanks to Taproot, Frostsnap can reduce on-chain fees by consolidating signature-related data that would otherwise be required of a traditional multisig transaction.
- Frostsnap can also obscure whether a wallet involves Nostr, a federated mint, Bitcoin Script smart contract, or Lightning Network channel.
Bitcoiners can use Frostsnap to sign documents, verify identities, maintain their privacy, and secure an organization’s bitcoin against the risk of rogue employees or a lost signing device.
Frostsnap is Free and Open Source Software (FOSS), and any compatible hardware device can run this multisig scheme.