The research unit of Bitcoin (BTC)-focused blockchain tech firm Blockstream has published a proposal for a new type of multisignature standard called Robust Asynchronous Schnorr Threshold Signatures (ROAST).
It hopes to avoid the problem of transaction failures due to absent or even malicious signers and can work at scale.
The term multisig, or multisignature, refers to a method of transaction in which two or more signatures are required to sign off before it can be executed. The standard is widely adopted in crypto.
According to a Wednesday blog post from Blockstream research, the basic idea of ROAST is to make transactions between the Bitcoin network and Blockstream’s sidechain Liquid more efficient, automated, secure and private.
In particular, ROAST has been posited as a signature standard that could work with, and improve, threshold signature schemes such as Flexible Round-Optimized Schnorr Threshold Signatures FROST):
“ROAST is a simple wrapper around threshold signature schemes like FROST. It guarantees that a quorum of honest signers, e.g., the Liquid functionaries, can always obtain a valid signature even in the presence of disruptive signers when network connections have arbitrarily high latency.”
The researchers highlighted that while FROST can be an effective method for signing off on BTC transactions, its structure of coordinators and signers is designed to abort transactions in the presence of absent signers, making it secure but suboptimal for “automated signing software.”
To solve this problem, the researchers say that ROAST can guarantee enough reliable signers on each transaction to avoid any failures. Moreover, it can be done at a scale much larger than the 11-of-15 multisig standard that Blockstream primarily utilizes.
“Our empirical performance evaluation shows that ROAST scales well to large signer groups, e.g., a 67-of-100 setup with the coordinator and signers on different continents,” the post reads, adding that:
“Even with 33 malicious signers that try to block signing attempts (e.g. by sending invalid responses or by not responding at all), the 67 honest signers can successfully produce a signature within a few seconds.”
To provide a simple explanation of how ROAST works, the team used an analogy of a democratic council responsible for the legislation of Frostland.
Essentially, the argument is given that it can be complicated to get legislation (transactions) signed off in Frostland, as there is a myriad of factors at any given time that can result in the majority of council members suddenly being unavailable or absent.
A procedure (ROAST) to counteract this, is for a council secretary to compile and maintain a large enough list of supporting council members (signers) at any given time so that there are always enough members to get legislation through:
“If at least seven council members actually support the bill and behave honestly, then at any point in time, he knows that these seven members will eventually sign their currently assigned copy and be re-added to the secretary’s list.”
“Thus the secretary can always be sure that seven members will be on his list again at some point in the future, and so the signing procedure will not get stuck,” the post adds.
ROAST is part of a collaboration between Blockstream researchers Tim Ruffing and Elliott Jin, Viktoria Ronge and Dominique Schröder from the University of Erlangen-Nuremberg and Jonas Schneider-Bensch from the CISPA Helmholtz Center for Information Security.
Accompanying the blog post, the researchers also linked to a 13-page research paper which gives a rundown of ROAST in greater detail.