惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
Latest news
Latest news
Help Net Security
Help Net Security
S
Security Affairs
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
Forbes - Security
Forbes - Security
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Help Net Security
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
Cyberwarzone
Cyberwarzone
The Last Watchdog
The Last Watchdog
S
Securelist
N
News and Events Feed by Topic
S
Secure Thoughts
F
Fortinet All Blogs
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
M
MIT News - Artificial intelligence
F
Full Disclosure
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Security Blog
Microsoft Security Blog
I
InfoQ
P
Privacy International News Feed
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CERT Recently Published Vulnerability Notes

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Threshold Signatures and FROST: One Signature, No Single Signer
Haven Messenger · 2026-06-18 · via DEV Community

Haven Messenger

Splitting a key with Shamir's scheme protects a secret at rest, but to use it you have to reassemble the whole key in one place — and for one fatal moment, somebody holds all of it. Threshold signatures remove that moment entirely: a quorum jointly produces a valid signature while the complete private key never exists anywhere, not even briefly. FROST is the design that made this fast enough to deploy.

Imagine three executives who must collectively authorize wire transfers, a custody service guarding crypto assets across geographically separate machines, or a certificate authority that does not want any single operator able to sign on its behalf. The shared requirement: an action that needs multiple parties to agree, with no individual able to act alone, and ideally no single machine that — if compromised — hands an attacker the full signing power.

There are several ways to approximate this, and they are not equally good. Understanding why threshold signatures win for many of these cases means understanding what the alternatives leak.

The Three Approaches, and Their Seams

Secret sharing

Shamir's Secret Sharing splits a key into n shares such that any t reconstruct it and fewer reveal nothing. It's elegant for protecting a key you rarely use. But the act of using the key requires reassembling it — gathering t shares onto one machine, which becomes a single point of total compromise at exactly the moment of highest value. The full key briefly exists. An attacker who owns that machine during signing owns everything.

Multisignature (multisig)

Multisig, familiar from Bitcoin, takes a different route: each party has a fully independent key, and the verifier checks that t separate signatures are present. No key is ever combined — a real strength. The cost is on the verification side: the signatures are visible as multiple distinct signatures, the policy (who signed, how many are required) is exposed on-chain or on the wire, and the size and fees grow with the number of signers. It works, but it advertises its own structure.

Threshold signatures

A threshold signature scheme (TSS) gives you the best of both. Like multisig, no party holds the whole key. Unlike multisig, the parties run an interactive protocol that outputs one ordinary signature — indistinguishable from a signature made by a single key. The verifier sees a normal signature against a single public key and has no idea, from the signature alone, that a quorum of five machines in four countries produced it.

The key insight: In a threshold scheme the full private key is never assembled — not during setup, not during signing, not ever. It exists only as a mathematical relationship distributed across the participants' individual key shares. There is no instant where stealing one machine's memory yields the whole secret.

Where FROST Comes In

Threshold Schnorr signatures are appealing because Schnorr signatures are clean and linear, which makes them friendlier to "split across parties" math than ECDSA. But early threshold Schnorr constructions needed multiple interactive rounds of communication for every signature, and were fragile in the face of concurrent signing sessions — a serious problem for any real service handling parallel requests.

FROST — Flexible Round-Optimized Schnorr Threshold signatures, introduced by Komlo and Goldberg in 2020 and specified by the IETF in RFC 9591 (2024) — solved the practicality problem. Its headline properties:

  • Round efficiency. Signing takes a single round of interaction when participants pre-process commitments in advance, or two rounds without pre-processing — a major improvement over earlier multi-round schemes.
  • Concurrency safety. FROST is designed to remain secure even when many signing sessions run at once, avoiding the ROS-style attacks that broke naive parallel Schnorr signing.
  • Standard output. The result is a normal Schnorr signature, verifiable with the ordinary single-key verification algorithm. No special verifier is needed.
  • Flexible thresholds. Any t-of-n policy, configurable at key-generation time.

How a FROST Signature Comes Together

Without drowning in notation, the shape of the protocol is:

  1. Distributed key generation (DKG). The n participants jointly run a protocol that produces a shared public key and gives each participant a private share. No party — and no coordinator — ever sees the corresponding full private key. (A trusted dealer can alternatively distribute shares, but DKG removes even that single point of trust.)
  2. Commitment. Each of the t signers picks fresh random nonces and publishes commitments to them. With pre-processing, this happens before the message to sign is even known.
  3. Signing. Given the message, each signer computes a partial signature using its share and its nonces, binding in the others' commitments to prevent manipulation.
  4. Aggregation. A coordinator (who needs no secret material) sums the partial signatures into one final Schnorr signature. The coordinator can verify each partial contribution, so a misbehaving signer can be identified rather than silently corrupting the result.

The randomness handling deserves emphasis. Schnorr signatures are catastrophically broken by nonce reuse — repeat a nonce and the private key falls out of the algebra. Distributing signing across parties multiplies the ways nonce handling can go wrong, which is exactly why FROST's careful, binding commitment structure (and its concurrency analysis) is the substance of the scheme, not a detail.

Threshold vs Multisig, Compared

Property Multisig Threshold (FROST)
Full key ever assembled No No
Output signature Multiple, distinct One, ordinary
Policy visible to verifier Yes — exposes signers/threshold No — looks single-key
Size / cost scaling Grows with signers Constant
Needs interaction to sign No (signers act independently) Yes — signers coordinate
Verifier complexity Must understand the policy Standard verification

The trade-off is real: threshold signing requires the participants to be online and to interact during signing, whereas multisig signers can act fully independently. That interactivity, plus the subtlety of getting the protocol right, is the price of the privacy and uniformity benefits.

A threshold signature is the cryptographic version of a rule that says "this door needs three keys turned at once, but anyone watching it open just sees a door open." The structure of the authority is invisible from outside.

Where You'll Encounter It

Threshold and multi-party signing now underpin institutional crypto custody, hot-wallet protection, distributed certificate authorities, and the signing infrastructure behind some software supply-chain and code-signing systems. The common thread is high-value signing authority that no single person or machine should be able to exercise alone — and that benefits from not advertising its own governance structure to everyone who checks a signature.

It is not a tool for everyday application authentication; the interactivity and operational complexity only pay off when the signing key is genuinely catastrophic to lose. For most systems, simpler controls are the right answer. But where the stakes justify it, FROST is the current state of the art for doing it efficiently.

Where Haven Fits

Haven doesn't ask you to run a quorum to send a message — that would be the wrong tool for personal communication. But the underlying principle is exactly the one we build on: no single party should hold the power to read or impersonate you. In Haven, your keys are derived on your device and never assembled on a server we could be compelled to hand over. Threshold cryptography is the institutional expression of the same idea we apply at the individual level — distribute trust so there is no one place an adversary can break to win everything.

Originally published at havenmessenger.com