The Bitcoin (BTC)-focused technology company Blockstream’s research unit has published a proposal for a new type of multisig standard called Robust Asynchronous Schnorr Threshold Signatures (ROAST).

It hopes to avoid the problem of transaction failures due to absent or even malicious signers and can work at scale.

The term multisig or multisignature refers to a transaction method in which two or more signatures are required to sign before it can be executed. The standard is widely adopted in cryptography.

According to a May 25 blog post from Blockstream Research, the basic idea of ​​ROAST is to make transactions between the Bitcoin network and Blockstream’s Liquid sidechain more efficient, automated, secure, and private.

In particular, ROAST has been postulated as a signature standard that could work with and improve upon threshold signature schemes such as FROST (Flexible Round-Optimized Schnorr Threshold Signatures):

“ROAST is a simple wrapper around threshold signature schemes like FROST. It ensures that a quorum of honest signers, for example Liquid officials, can always obtain a valid signature even in the presence of disruptive signers when network connections have arbitrarily high latency.”

The researchers highlighted that while FROST can be an effective method of signing BTC transactions, its structure of coordinators and signers is designed to cancel transactions in the presence of absentee signers, making it secure but not optimal for “self-signing software.” .

To solve this problem, the researchers say ROAST can ensure enough trusted signers in each transaction to avoid failures, and can be done at a much larger scale than the 11-of-15 multisig standard that Blockstream primarily uses.

“Our empirical performance evaluation shows that ROAST is well suited to large groups of signers, for example a 67 of 100 setup with the coordinator and signers on different continents,” the post reads, adding that:

“Even with 33 malicious signers trying to block signature attempts (for example, by sending invalid responses or not responding at all), all 67 honest signers can produce a successful signature within a few seconds.”

To provide a simple explanation of how ROAST works, the team used an analogy of the democratic council responsible for “Frostland” legislation.

Essentially, the argument is made that it can be tricky to pass legislation (transactions) in Frostland, as there are so many factors at any given time that can make most council members suddenly unavailable or absent.

One procedure (ROAST) to counteract this is for a council clerk to collect and maintain a large enough list of supporting council members (signers) at any given time so that there are always enough members to pass legislation.

“If at least seven council members really support the bill and behave honestly, then at any point in time, he knows that these seven members will eventually sign their currently assigned copy and be added back to the clerk’s list.”

“Therefore, the secretary can always be sure that seven members will be back on his list at some point in the future, so the signing procedure will not get bogged down,” the post adds.

Related: “DeFi is not decentralized at all,” says former Blockstream exec

ROAST is part of a collaboration between Blockstream researchers Tim Ruffing and Elliott Jin, Viktoria Ronge and Dominique Schröder of the University of Erlangen-Nuremberg, and Jonas Schneider-Bensch of the CISPA Helmholtz Center for Information Security.

Along with the blog post, the researchers also linked to a 13-page research paper that provides a more detailed summary of ROAST.

This post Blockstream dreams of a new type of multisig called ROAST

was published first on


Write A Comment