Blockstream imagines a whole new type of multisig called ROAST

Bitcoin-focused technology company Blockstream’s (BTC) research unit has published a proposal for a new type of multisig standard called ...



Bitcoin-focused technology company Blockstream’s (BTC) research unit has published a proposal for a new type of multisig standard called Robust Asynchronous Schnorr Threshold Signatures (ROAST).

It hopes to avoid the problem of failed transactions due to absent or even malicious signers and can work at scale.

The term multisig or multisignature, refers to a transaction method in which two or more signatures are required to approve before it can be executed. The standard is widely adopted in crypto.

According to a blog from May 25 Publish from Blockstream research, the basic idea of ​​ROAST is to make transactions between the Bitcoin network and Blockstream Liquid Sidechain more efficient, automated, secure and private.

In particular, ROAST was touted as a signature standard that could work with and improve threshold signature schemes such as FROST (Flexible Round-Optimized Schnorr Threshold Signatures):

“ROAST is a simple wrapper around threshold signature schemes like FROST. It ensures that a quorum of honest signers, for example Liquid officials, can still obtain a valid signature even in the presence of disruptive signers when network connections have arbitrarily high latency.

The researchers pointed out that although FROST may be an effective method for approving BTC Transactionsits structure of coordinators and signers is designed to abort transactions in the presence of absent signers, making it secure but suboptimal for “automated signature software”.

To address this issue, the researchers say ROAST can guarantee enough trusted signers on each transaction to avoid failure, and it can be done on a much larger scale than the standard 11 of 15 multisig that Blockstream primarily uses.

“Our empirical performance evaluation shows that ROAST scales well to large groups of signers, for example, a 67 out of 100 configuration with the coordinator and signers on different continents,” the post states, adding that:

“Even with 33 malicious signers attempting to block signature attempts (e.g. by sending invalid responses or not responding at all), the 67 honest signers can successfully produce a signature within seconds.”

To provide a simple explanation of how ROAST works, the team used an analogy of the Democratic council responsible for “Frostland” legislation.

Essentially, the argument is given that it can be complicated to get legislation (transactions) approved at Frostland because there are myriad factors at any given time that can result in the unavailability or sudden absence of the majority of members advice.

One procedure (ROAST) to counteract this is for a board secretary to compile and maintain a sufficiently long list of supporting board members (signatories) at all times, so that there are always enough members to push through the legislation.

“If at least seven members of council actually support the bill and behave honestly, then at any time he knows those seven members will eventually sign their currently assigned copy and be added back to the secretary’s list.”

“Thus the secretary can always be sure that seven members will be on his list again at some point in the future, and thus the signing procedure will not be blocked,” the message adds.

Related: “DeFi is not decentralized at all,” says former Blockstream executive

ROAST is part of a collaboration between Blockstream researchers Tim Ruffing and Elliott Jin, Viktoria Ronge and Dominique Schröder from the University of Erlangen-Nuremberg, and Jonas Schneider-Bensch from the CISPA Helmholtz Center for Information Security.

Accompanying the blog post, researchers also linked to a 13-page search paper which gives a more detailed overview of ROAST.