Blockstream dreams up a whole new type of multisig called ROAST


The Bitcoin research unit (BTC)-focused blockchain technology firm Blockstream has released a proposal for a new kind of multisig standard called. Robust Asynchronous Schnorr Threshold Signatures (RED).

It hopes to avoid the problem of transaction failures due to absent or even malicious signers and can work at scale.

The term multisig or multisignature refers to a method of transaction in which two or more signatures are required to be signed before it can be executed. The standard is widely adopted in crypto.

According to a May 25 blog post post from Blockstream research, the basic idea of ​​ROAST is to make transactions between the Bitcoin network and the Blockstream Liquid side chain more efficient, automated, secure and private.

In particular, ROAST was required as a signature standard that could work with, and improve, threshold signing schemes such as FROST (Flexible Round-Optimized Schnorr Threshold Signatures):

“ROAST is a simple wrapper around threshold signing schemes like FROST. It guarantees that a quorum of honest signatories, e.g., Liquid officials, can always get a valid signature even in the presence of disruptive signatories when internet connections have arbitrarily high latency.

The researchers emphasized that while FROST can be an effective method of signing BTC transactions, its structure of coordinators and signatories is designed to stop transactions in the presence of absent signatories, making it secure but suboptimal for “automated signing software”.

To solve this problem, the researchers say that ROAST can guarantee enough reliable signatories on every transaction to avoid any failures, and it can be done on a much larger scale than the 11-by-15 multi-sign standard that Blockstream primarily use.

“Our empirical performance appraisal shows that ROAST scales well to large signatories, e.g., a 67-out-of-100 arrangement with the coordinator and signatories on different continents,” the post reads, adding:

“Even with 33 malicious signatories attempting to block signature attempts (e.g., sending invalid responses or not responding at all), the 67 honest signatories can successfully produce a signature within seconds.”

To provide a simple explanation of how ROAST works, the team used an analogy from a Democratic council responsible for Frostland legislation.

Basically, the argument is that it can be difficult to get legislation (transactions) signed in Frostland because there are a myriad of factors at any given time that can result in the majority of council members suddenly unavailable or absent.

The procedure (ROSTO) to oppose this is for the council secretary to compile and maintain a large enough list of supporting councilors (signatories) at all times so that there are always enough members to pass legislation.

“If at least seven councilors actually support the bill and behave honestly, then at any time, he knows that these seven members will later sign their now-assigned copy and be re-added to the secretary’s list.”

“That way the secretary can always be sure that seven members will be on his list again sometime in the future, and so the signing procedure will not be blocked,” the post adds.

Related: “DeFi is not decentralized at all,” says a former Blockstream executive

ROAST is part of a collaboration between Blockstream researchers Tim Ruffing and Elliott Jin, Victoria Ronge and Dominique Schröder of the University of Erlangen-Nürnberg and Jonas Schneider-Bensch of the CISPA Helmholtz Center for Information Security.

Accompanying the blog post, the researchers also linked to a 13-page survey paper which is given in more detail below ROAST.