Open jkitman opened 1 year ago
BOLT12 support
I think that's independent of TR but needs FROST/ROAST, right?
I also talked to @real-or-random about ROAST yesterday, key points:
Do we need to modify our DKG algorithm?
Afaik we could run the same DKG on secp256k1, but rust-secp might not support that, so we'd need to hack that maybe?
- To avoid this problem we could run ROAST over an atomic broadcast protocol like HBBFT, but that's kinda wasteful since ROAST sends more messages than strictly necessary to reduce latency in an asynchronous environment.
I think if you run it over HBBFT, it would't send many more messages than necessary. (And do more messages per epoch really make HBBFT much slower?)
And I don't think the HBBFT really creates a synchronous environment. If one of the nodes has a slow network connection for some epoch, its message won't be included in the result of the epoch. But that doesn't mean you can conclude it's malicious and should be banned. (Or can you make that conclusion in your setting?)
I think running ROAST over HBBFT may actually be much simpler to implement and require less messages, since HBBFT can act as the semi-trusted coordinator, so we do not need f+1
peers to act as coordinators.
>= t
, every epoch instantiates a new signing session which all peers are aware of.I think after Tim's talk at TABConf I now understand the concept sufficiently well. We can (and probably shoudl) essentially use ROAST inside HBBFT. It would proceed as follows (for a t-of-n scheme with $t=2f+1$):
I think the argument for eventual termination of the protocol made in ROAST still applies here, we just use the consensus as our coordinator.
POC implementation of ROAST in Fedimint here: https://github.com/m1sterc001guy/roastr
Supporting Schnorr signatures will enable several interesting new features:
@nickfarrow has offered to implement ROAST to enable the federation to create Schnorr signatures. Some questions: