workshop
Workshop: Let's make a FROST key for comfy self-custody!
- Time
- Mon, Dec 15 · 1:00 PM – 3:00 PM
- Location
- Talks Stage
- Type
- workshop
- Duration
- 2h
Lloyd, Evan, and likely Adam will also be attending.
I still need to flesh out this idea with Lloyd, I will need to write some template code + basic infrastructure for the coding part of the workshop.
We've never done this before but I think it is very feasible and would be awesome for participants. I would do some practice run-throughs well ahead of the conference.
Phase 1 - Distributed Key Generation Theory
- Basics of asymmetric cryptography (private & public key)
- Shamir secret sharing (polynomials on whiteboard & discuss as group)
- Interaction: get three audience members to shout out (simple) polynomial coefficients
- Draw out and go through through Distributed Key Generation with these polynomials on the whiteboard.
- At the end, we'll have three verified secret shares that correspond to a group private key (which no one ever learned!)
Phase 2 - Let's make a FROST key
- Programming!
* Will use rust but no prior knowledge.
* git clone
* Once setup, on a hackmd (or better system if I can come up with one) we get participants to write their name next to an index (list: 1, 2 ...).
* We decide on a threshold as a group (choose 2 or 3 so people can go crazy with signing later).
* Participants each creates a scalar polynomial in rust! (2-3 LOC), write to disk using tool provided in code template.
* Participants convert their scalar polynomial into a point polynomial, pastes into hackmd under their name. (1 LOC)
* Participants evaluate their scalar polynomial at indexes (1, 2, ... n_parties), and pastes these evaluations on hackmd. (1 LOC)
* Speakers collate these 'keygen shares', and distribute them to the intended recipients.
* This could be done between tables through DMs.
* E.g. Party 1's evaluation at i=3 goes to Party 3, evaluation at i=4 goes to Party 4.
* Each audience participant receives their keygen shares.
* They sum them all up to result in their FROST secret share!
Phase 3 - Signing!
* Introduce the concept of Nonces and how they relate to FROST.
* Show signing API (show what we need to achieve signing!)
* Show secpfun API to create a secret & public nonce.
* Let audience participants pair up and share public nonces among themselves, (via hackmd or DMs)/
* Each participant will sign under a set of nonces with their partner!
* Share and aggregate signature shares -> finished signature!
* Verify signature
* Bonus task -> sign nostr event!
~2 hours.
---
Possible additional talk we could do:
### Dark Skippy Talk & Demo
Introduction of Bitcoin hardware wallets.
Dumbed down refresher on Schnorr signature mathematics (whiteboard or screen).
Discuss the types attacks that a malicious signing device can perform. Start with easiest (predetermined private key), progress to tricks (output unrelated public keys), then nonce attacks (nonce-reuse), then introduce exfil attacks. See https://darkskippy.com/taxonomy.html.
Introduce Dark Skippy and significance. Explanation of how Dark Skippy works, highlevel description of Pollard's Kangaroo Algorithm.
Live Demo:
Audience draw seedwords, or speakers generate onscreen.
Import seed onto a corrupted SeedSigner (airgapped!1!). Fund wallet with 3 utxos.
Run Dark Skippy attacker view onscreen.
Sign a 3 input transaction, Broadcast Tx, thank u for the seedwords.
<1 hour.