# FROST Multisig

### Overview

RadFi validators use **FROST (Flexible Round-Optimized Schnorr Threshold Signatures)** for decentralized signing of Bitcoin transactions.\
FROST replaces the legacy Taproot multisig scheme with a threshold signing protocol, increasing flexibility and resilience.

Key properties of this implementation:

* 5 signers (3-of-5 threshold)
* Distributed key generation (no single party ever holds the full private key)
* Signer key management in AWS Secrets Manager
* Support for key refresh, recovery, replacement, and removal

### Benefits

* Decentralized signing: No single point of failure.
* Security: Keys are distributed, refreshed on leak, and recoverable on loss.
* Flexibility: Signers can be replaced or removed without disrupting the wallet.
* Backward compatibility: Legacy Taproot key is retained for non-signing use cases

### Cryptographic Design

**Key Generation**

* A `pubkey_package` and 5 signer key pairs are generated.
* Each signer receives:
  * `secret` → backup seed
  * `key` → active signing key (derived from `secret`)

### Signing Model

* Threshold: **3-of-5**
* Signers collaborate via FROST rounds to produce a Schnorr signature.
* Signatures are valid Taproot-compatible signatures for Bitcoin transactions.

### Keys Lifecycle

**1. Refresh Keys**

* Used when a signer key leaks.
* Distributor issues refresh shares.
* Each signer derives a new key while retaining the same wallet identity.
* Old keys are destroyed.

**2. Recover a Lost Key**

* If one signer loses their key, any **3 helpers** can collaboratively reconstruct it.
* Recovery is a 3-step protocol using `delta` and `sigma` values.

**3. Replace a Key**

* A new signer can take over an old signer’s role by recovering their key, then refreshing.

**4. Remove a Key**

* 4 signers refresh without including the unwanted signer.