bitcoin-dev

BIP Draft: "ChillDKG: Distributed Key Generation for FROST"

BIP Draft: "ChillDKG: Distributed Key Generation for FROST"

Original Postby Jonas Nick

Posted on: July 16, 2024 17:31 UTC

The email discusses the privacy concerns associated with the recovery data in a distributed key generation (DKG) process.

It highlights that the recovery data, which is essential for the process, contains sensitive information in plaintext. This includes the long-term "host" public keys of the participants and the final threshold public key resulting from the DKG. Such exposure raises potential risks, especially if this data is stored on cloud services where adversaries could access it. The threat model described involves an adversary obtaining the recovery data and using the threshold public key to link on-chain transactions to specific individuals, compromising their privacy.

Despite these concerns, the current protocol specifications do not mandate the encryption of recovery data before backup. This decision stems from the belief that encryption at this stage is a local operation for participants, which does not influence the overarching communication protocols within the DKG framework. However, the feedback received suggests a reconsideration of this stance, advocating for clearer guidance in the Bitcoin Improvement Proposal (BIP). It proposes the idea of utilizing the DKG protocol seed as a basis to derive an encryption key. This method would ensure that participants need only back up the seed itself, significantly reducing the risk of exposing other secret data. This approach aims to enhance the security and privacy of the DKG process without complicating the participants' responsibilities.