Skip to content
Cosmictron Docs

Threshold Signing (FROST)

Overview

Section titled “Overview”

Cosmictron supports FROST (Flexible Round-Optimized Schnorr Threshold Signatures) for threshold signing of audit bundles and critical events. FROST allows M-of-N key holders to jointly produce a valid signature without any single party knowing the full signing key.

Use cases

Section titled “Use cases”
  • Audit bundle authorization — require 3-of-5 compliance officers to sign an audit export before it is accepted by regulators
  • Key rotation authorization — require M-of-N approvals before the signing key can be rotated
  • High-value event signing — selectively apply threshold signing to events above a risk threshold

How FROST works

Section titled “How FROST works”

FROST is a two-round protocol:

  1. Round 1 (Commitment) — each participant generates a nonce and publishes a commitment
  2. Round 2 (Response) — each participant computes a partial signature; the coordinator aggregates M partial signatures into a single valid Schnorr signature

The resulting signature is indistinguishable from a single-party Ed25519/Schnorr signature and can be verified with the aggregated public key.

Configuration

Section titled “Configuration”
[compliance.threshold_signing]
enabled = true
threshold = 3          # M — minimum signers required
total_shares = 5       # N — total key shares distributed
aggregated_pubkey_path = "/data/keys/frost-agg.pub"

Distributing key shares

Section titled “Distributing key shares”

Key shares must currently be distributed out-of-band. Generate shares:

Terminal window
cosmictron-cli keys generate-threshold \
  --threshold 3 \
  --shares 5 \
  --output-dir /tmp/frost-shares/

This produces share-1.key through share-5.key. Distribute each share to a different key holder via a secure channel.

Distributed Key Generation (DKG) Coming Soon

Section titled “Distributed Key Generation (DKG) ”

The current approach requires a trusted dealer to generate shares. DKG (Distributed Key Generation) eliminates the trusted dealer: participants generate shares collaboratively so that no single party ever knows the full secret key.

DKG is on the roadmap and will ship as part of the multi-region feature set.

Signing an audit bundle with threshold

Section titled “Signing an audit bundle with threshold”
Terminal window
# Coordinator: initiate threshold signing
cosmictron-cli audit threshold-sign \
  --bundle audit-jan-2026.bundle \
  --threshold-config /data/keys/frost-config.toml


# Participant (run on each key holder's machine):
cosmictron-cli frost participate \
  --round1 round1-commitment.json \
  --share share-1.key \
  --output round2-response-1.json


# Coordinator: aggregate and finalize
cosmictron-cli frost aggregate \
  --responses round2-response-*.json \
  --bundle audit-jan-2026.bundle

Verifying a threshold-signed bundle

Section titled “Verifying a threshold-signed bundle”
Terminal window
cosmictron-cli audit verify-bundle audit-jan-2026.bundle --check threshold

The verifier checks:

  • The aggregated signature is valid for the bundle hash
  • The aggregated public key matches the registered threshold public key