CD175: FROSTSNAP - FROST MULTISIG

WEBVTT

NOTE
Transcription provided by Podhome.fm
Created: 08/30/2025 04:27:01
Duration: 3998.891
Channels: 1

1
00:00:02.960 --> 00:00:05.299
Last time you were on our program, you

2
00:00:05.680 --> 00:00:08.740
gave this idea. It kinda went viral on on x after

3
00:00:09.120 --> 00:00:14.820
we spoke, but it was this idea of the idea of existing and being paid to exist through cryptocurrency.

4
00:00:15.515 --> 00:00:16.255
The idea

5
00:00:16.635 --> 00:00:21.535
that, you know, you sitting there at at work all day long, you're not necessarily being compensated

6
00:00:21.915 --> 00:00:49.005
for what you're doing, and you see crypto as being a solution to that. I I I gotta be honest with you. I didn't quite get it. Okay. I want you to paint that picture for me and and get me on board. Yeah. Well, I so first of all, I think it's Bitcoin, not crypto. You know that. But just to clarify for the audience, it's it's Bitcoin specific. Well, that's just your view that that Bitcoin is the crypto that you're focused on. Yeah. But I think it's Bitcoin is the money within the crypto sphere. Okay. And the point really here is is this, Tim. Every single day,

7
00:00:49.785 --> 00:00:51.005
you make a decision

8
00:00:51.625 --> 00:01:05.119
on how to get compensated for your time, your energy, your effort, your labor. I'm watching you. I'm sitting in the in the behind the scenes. I'm watching you haul your butt. You're doing a great job on this show. You need to somehow capture the value you're creating for all of us here.

9
00:01:05.420 --> 00:01:24.750
And you need to somehow save that value so that tomorrow you can pay rent, You can get groceries. You can travel home and see your parents. But that comes every two weeks in the form of a paycheck to me. Right. But what the Whoever sees the value in that. They they hired me. Correct. So you're gonna get a paycheck in the form of dollars, but those dollars are losing value in the things that you need in your life anywhere between 220%.

10
00:01:24.750 --> 00:01:28.690
Depends on what you want. You want a Caesar salad? 2%. You want a nice house? 20%.

11
00:01:29.070 --> 00:01:32.450
And so you need to find a way to persist and save and store that wealth.

12
00:01:32.830 --> 00:01:37.810
And you make a decision every single day, whether you know it or not. Unfortunately, because the dollar is being debased,

13
00:01:38.235 --> 00:01:51.215
everyone is a speculator here filming and watching us. And so you have to make that decision. And in my opinion, over the last fifteen years, and it will continue to be so, Bitcoin is the best place to do that. Take the wealth you're creating today, bring it with you tomorrow.

14
00:02:31.819 --> 00:02:35.760
Happy Bitcoin Friday, freaks. It's your host, Odell,

15
00:02:36.635 --> 00:02:38.015
here for another

16
00:02:38.315 --> 00:02:38.815
Citadel

17
00:02:39.115 --> 00:02:44.975
Dispatch. The interactive live show focused on actual Bitcoin and Freedom Tech discussion.

18
00:02:47.515 --> 00:02:50.495
That intro clip was our good friend, Jack Mallers,

19
00:02:52.700 --> 00:02:59.040
spreading the good word of Bitcoin on Bloomberg. Well, it seemed like a relatively hostile interview, but he handled it pretty well.

20
00:02:59.340 --> 00:03:00.560
As always, freaks,

21
00:03:01.900 --> 00:03:03.519
dispatch has no ads or sponsors.

22
00:03:04.165 --> 00:03:08.185
Were brought to you by viewers like you supporting the show

23
00:03:08.565 --> 00:03:10.345
with your hard earned sets.

24
00:03:10.965 --> 00:03:17.625
The easiest way to do that is through podcasting two point o apps like fountain podcast. You can find that in your favorite app store.

25
00:03:18.540 --> 00:03:23.200
Largest app of last episode was Pringle Mac with 5,000 sets.

26
00:03:23.580 --> 00:03:27.520
The other way you can support the show is by going to primal.net/citadel

27
00:03:27.660 --> 00:03:30.075
or searching citadel in your favorite nostril app.

28
00:03:31.275 --> 00:03:33.935
The largest zap we got there was actually much larger.

29
00:03:34.715 --> 00:03:38.254
Rider die freak Trazin t r a z y n

30
00:03:38.555 --> 00:03:41.995
said awesome rip as always, and he zapped 76,000

31
00:03:41.995 --> 00:03:43.535
sets. Thank you, Trazin.

32
00:03:44.290 --> 00:03:47.830
Unfortunately, our natural live chat is not working right now.

33
00:03:48.530 --> 00:03:51.990
But we will be piping in the chat from YouTube, Twitch,

34
00:03:52.370 --> 00:03:54.310
x, all the big tech socials.

35
00:03:54.690 --> 00:03:56.069
So if you do have questions,

36
00:03:56.930 --> 00:03:58.390
hit us with them. Comments.

37
00:03:58.945 --> 00:03:59.445
Whatnot.

38
00:03:59.825 --> 00:04:02.645
We have a great show lined up today. We have the cofounders

39
00:04:02.945 --> 00:04:06.245
of Frost Snap. We have Nick here. How's it going, Nick?

40
00:04:07.025 --> 00:04:14.165
Doing great. Great to be back. Looking forward to it. Good to have you. Return guest is this is third time on the show, and first time guest,

41
00:04:15.030 --> 00:04:17.050
cofounder Lloyd. How's it going, Lloyd?

42
00:04:17.590 --> 00:04:19.290
Very well. Thanks for having us.

43
00:04:19.830 --> 00:04:21.270
It's a pleasure. It's a pleasure.

44
00:04:22.230 --> 00:04:25.530
Frostnap, easy Bitcoin multisig powered by Frost.

45
00:04:26.310 --> 00:04:28.410
Why should we care? Looks pretty cool.

46
00:04:29.455 --> 00:04:31.315
Oh, lots of reasons. Lots of reasons.

47
00:04:33.455 --> 00:04:35.055
Yeah. We could we could

48
00:04:35.455 --> 00:04:37.315
maybe we could paint a picture of, like,

49
00:04:37.695 --> 00:04:40.335
some of the problems with self custody today and,

50
00:04:41.135 --> 00:04:43.475
how FrostNAP sort of aims to solve these problems.

51
00:04:45.379 --> 00:04:46.900
Well, let's first start with,

52
00:04:48.419 --> 00:04:49.080
like, the

53
00:04:50.020 --> 00:04:52.680
the actual choice of design. The

54
00:04:53.699 --> 00:04:54.840
USB c,

55
00:04:55.780 --> 00:05:00.345
they connect to each other, and then they connect to the phone kind of in, like, a

56
00:05:00.965 --> 00:05:02.985
centipede type of formation.

57
00:05:04.165 --> 00:05:05.305
The hardware centipede?

58
00:05:06.245 --> 00:05:08.905
Why'd you yeah. Why'd you guys choose that

59
00:05:09.285 --> 00:05:09.785
versus

60
00:05:10.930 --> 00:05:13.830
Bluetooth or SD card or QR code or

61
00:05:15.890 --> 00:05:19.030
There's a pretty pretty simple reason is that the you don't

62
00:05:19.490 --> 00:05:24.550
as a as an architect or designer, you wanna try and avoid batteries on the devices.

63
00:05:25.505 --> 00:05:44.740
And then the the if you have a phone, your only source of power is the phone, the phone's battery. You just like to leverage that. And so you only have one USB port there and so you just try and make more of them. So each each device provides a USB port to the other one. And that's pretty much the only reason. It's like, we wanted, yeah, mobile first experience so you can just

64
00:05:45.120 --> 00:05:47.139
all your mobile is the only thing you need,

65
00:05:47.599 --> 00:05:50.340
to recover, to sign, to generate keys.

66
00:05:50.719 --> 00:05:52.259
And so, yeah, we just

67
00:05:52.895 --> 00:05:55.795
found that that was the simplest solution, actually.

68
00:05:56.655 --> 00:06:00.435
It allows us to keep the devices small, very simple to manufacture.

69
00:06:01.855 --> 00:06:04.015
And, you know, at the beginning, we were dead we would not,

70
00:06:04.815 --> 00:06:05.315
Bluetooth

71
00:06:05.695 --> 00:06:11.880
also is like a whole, you know, I mean, the the point is it's a perfectly good USB port there. Right? And so,

72
00:06:12.340 --> 00:06:17.480
but, you know, we may have to eventually use Bluetooth for iPhones because that's what other people have had to do.

73
00:06:17.940 --> 00:06:21.105
But for our very first edition, we we were not really thinking, like,

74
00:06:21.905 --> 00:06:28.645
we really I mean, at the beginning when we designed this thing, we're not even thinking, like, it's gonna be a commercial product. It may have just been, like, an open source seed signer,

75
00:06:29.025 --> 00:06:37.120
thing. It is open source, but it could have just been a community funded project, community organized project. So we wanted something that would, like, be very easy to manufacture for everyone

76
00:06:37.580 --> 00:06:46.800
and also just work in a perfectly nice way. And that's, that's what the that's what ended up becoming the the FrostNet frontier. That's what you got in your hands. Oh, that's the alpha version.

77
00:06:47.340 --> 00:06:50.205
Yeah. I like the original, like, testing version.

78
00:06:50.745 --> 00:06:51.965
Three Yeah. Printed cases.

79
00:06:52.585 --> 00:06:54.845
I mean, I I think it's like it's

80
00:06:56.745 --> 00:06:59.485
like it's easy to joke around about, like, the human centipede,

81
00:07:02.110 --> 00:07:11.490
comparisons or whatever, but, like, it's actually a very intuitive like, it makes sense. Like, you connect like, if you're gonna do two or three multisay, you connect three devices, you plug it into the bottom of the phone.

82
00:07:12.510 --> 00:07:13.250
It's like,

83
00:07:14.845 --> 00:07:15.905
it it's just intuitive,

84
00:07:16.525 --> 00:07:17.345
brain wise,

85
00:07:18.044 --> 00:07:23.025
particularly probably for new users. With multisig, you got a lot of moving parts. You got a lot of things going on.

86
00:07:23.405 --> 00:07:26.625
But, yeah, that was going to be one of my questions is

87
00:07:27.160 --> 00:07:27.660
famously,

88
00:07:28.040 --> 00:07:31.020
Apple locks down that USB c port. So,

89
00:07:32.920 --> 00:07:35.180
you might be able to get around it. Like, I know,

90
00:07:36.600 --> 00:07:41.420
what old card does is you can it, like, creates a virtual disk. I don't know,

91
00:07:41.845 --> 00:07:45.544
like, how much how how easy that is to do, but,

92
00:07:48.565 --> 00:07:53.705
historically, people have used like, Ledger uses Bluetooth for their mobile connectivity to iPhone and,

93
00:07:54.140 --> 00:07:56.720
Obviously, the corporate queue, seat signer,

94
00:07:57.180 --> 00:07:59.600
passport, like, they use QR codes.

95
00:08:01.820 --> 00:08:07.200
Mhmm. So right now, you're Android only. Right? We're Android only. You connect it to USB. Android

96
00:08:08.115 --> 00:08:10.055
Android, Linux, and Windows.

97
00:08:10.355 --> 00:08:11.015
And then,

98
00:08:11.555 --> 00:08:12.215
Mac OS

99
00:08:12.515 --> 00:08:13.655
will be pretty soon,

100
00:08:14.115 --> 00:08:19.495
but iPhone is is a while off yet. Oh, so you do have desktop apps already? Yep. Yep.

101
00:08:20.610 --> 00:08:21.910
Awesome. Okay. So,

102
00:08:22.290 --> 00:08:27.030
what are we trying to solve here? Where does besides the fact that is more intuitive just

103
00:08:27.490 --> 00:08:27.990
physically,

104
00:08:29.090 --> 00:08:34.630
what are we trying to solve here in terms of pain points with other multisig options or other hardware wallet options?

105
00:08:35.745 --> 00:08:38.805
Yeah. So maybe one of the first things is is multisig

106
00:08:39.185 --> 00:08:44.004
at the moment is still a little bit out of reach for majority of Bitcoin users.

107
00:08:45.145 --> 00:08:46.245
You know, the

108
00:08:46.625 --> 00:08:49.125
user experience of having multiple devices,

109
00:08:49.745 --> 00:08:51.980
with setting them up over QR codes,

110
00:08:52.440 --> 00:08:53.820
having to export

111
00:08:54.280 --> 00:08:56.620
xPubs and descriptors and load them into

112
00:08:57.720 --> 00:08:59.900
another wallet, like Sparrow or Electrum,

113
00:09:01.720 --> 00:09:06.214
it's pretty tricky still. Even though it's getting better and better, it's still a little bit tricky.

114
00:09:06.754 --> 00:09:07.254
And,

115
00:09:08.274 --> 00:09:10.214
one important thing in that is the

116
00:09:10.595 --> 00:09:11.334
the recoverability

117
00:09:11.875 --> 00:09:16.535
of a of a multisig has a bit of a, you know, a a gotcha with,

118
00:09:17.450 --> 00:09:19.070
needing a backup of the descriptor.

119
00:09:20.330 --> 00:09:26.190
Right. So, like, in practice, that's like you keep, like, a sparrow backup config file or whatever.

120
00:09:26.570 --> 00:09:32.510
Yeah. Or you have a you know, you've got a copy of your public key alongside every every set of seed words.

121
00:09:34.635 --> 00:09:37.455
So, yeah, the the the first thing is is making multisig,

122
00:09:38.475 --> 00:09:38.975
accessible,

123
00:09:39.835 --> 00:09:42.495
and that is to solve the problem of,

124
00:09:42.955 --> 00:09:45.055
Bitcoiners storing their life savings,

125
00:09:46.070 --> 00:09:50.970
in their home, which I think, unfortunately, you know, still a lot of a lot of Bitcoiners do today,

126
00:09:52.230 --> 00:09:58.090
partly because they're a bit concerned or a bit, you know, they're a bit worried of how how to set up a multisig.

127
00:09:58.470 --> 00:09:59.290
They're overwhelmed.

128
00:10:00.074 --> 00:10:04.574
Yeah. Yeah. Mhmm. That's why we see, you know, so many successful collaborative custody

129
00:10:04.954 --> 00:10:05.694
custody models,

130
00:10:07.514 --> 00:10:13.375
or even, you know, just not not going self custodial at all and and just going with the custodial option.

131
00:10:14.420 --> 00:10:23.380
Yeah. For me, it's like the thing that I could not get over is that descriptor thing is probably number the one number one thing. It's not that I couldn't do it. Obviously, I could figure it out. Yes.

132
00:10:23.940 --> 00:10:28.200
I definitely can figure it out. But, my I don't really wanna give that to my family.

133
00:10:29.245 --> 00:10:32.064
This particular problem and this particular issue is in this description.

134
00:10:32.524 --> 00:10:33.165
So it's like,

135
00:10:34.045 --> 00:10:39.425
that was the bridge too far for me, but I definitely have this problem that all my money was in my house. Right?

136
00:10:39.964 --> 00:10:46.680
Yeah. And I really don't want that that problem either. It's also a risk to my family. If everyone knows that I have all my money in my house,

137
00:10:47.620 --> 00:10:54.120
you know, which and if you're a Bitcoiner, you can pretty much assume, you know, with a high probability that that's the case.

138
00:10:55.045 --> 00:11:03.865
In practice, that turns it seems to work out, into if you look at the range attacks and stuff, the ones where they actually just go into the person's house is look like they're overwhelmingly

139
00:11:04.245 --> 00:11:04.745
successful.

140
00:11:05.365 --> 00:11:10.770
And then we don't have a great sample size yet because the the attacks are not so frequent, although they seem to be getting more frequent.

141
00:11:11.790 --> 00:11:14.450
But, you know, like, I was looking at it. It's like 16

142
00:11:15.550 --> 00:11:17.490
there were about 17 attacks,

143
00:11:18.430 --> 00:11:24.815
and all but two of them, like, got all the money from the person. This is a home invasion type attacks, but they just go to the person's house.

144
00:11:25.515 --> 00:11:37.135
And the two that failed were really just because the guy fought them off. Like, the one I mean, there's one that probably people remember here, which is the one where the there was, like, that streamer. Like, she was an OnlyFans or, like, I remember. She was, like, some streamer

145
00:11:37.520 --> 00:11:39.140
Yeah. I think they're in Texas.

146
00:11:40.000 --> 00:11:49.380
Yeah. Yeah. The influencer in Texas and the her the boyfriend shot them off. I mean, that is really if they get into your house and you don't have guns, it basically it's done. I even have to give them everything.

147
00:11:50.084 --> 00:11:51.216
I mean,

148
00:11:51.978 --> 00:11:55.002
it doesn't really matter. But,

149
00:11:55.764 --> 00:11:56.824
in her case,

150
00:11:57.204 --> 00:11:59.545
I think she had, like, $20,000,000

151
00:11:59.605 --> 00:12:00.345
on Coinbase.

152
00:12:01.605 --> 00:12:02.745
Yep. So, like,

153
00:12:03.160 --> 00:12:10.120
Coinbase probably wouldn't have let that transaction go through. That's true. Yeah. Because it's still probably better than that they shot them off. But,

154
00:12:10.920 --> 00:12:22.185
I mean, and that's not the end as Bitcoiners, that's not the answer we want either. Is that, like, they're trusting a custodial solution. But in her situation, like, I mean, I know people that try and withdraw, you know, $500,000

155
00:12:22.185 --> 00:12:26.365
from Coinbase when they get flagged. So, like, I really doubt Coinbase would have been

156
00:12:26.745 --> 00:12:28.584
just a single $20,000,000

157
00:12:28.584 --> 00:12:29.564
withdrawal out.

158
00:12:30.519 --> 00:12:38.940
Yeah. Yeah. I mean, that's the that's the but the tension there is really high because, yeah, if she had had been fully self custodial in that moment and had done it, you know, with a

159
00:12:39.320 --> 00:13:11.389
a single hardware wallet and and her boyfriend had not had, you know, was not prepared, it could have been very, very, very bad. And so we don't want that tension to exist. We want self custody to be the the actual best way because, you know, Coinbase, they could still they have a chance to get some money out at least. It's still a it's still a it's still, an attractive target if you know and people have lost all their money from exchange accounts. Like, if they that is actually what they frequently happens is the home invasions. They do it with someone who has an exchange account. They just have to they're forced to log in. They're forced to forced to do everything.

160
00:13:12.185 --> 00:13:15.805
It's still like a it's still a risk to have it in an exchange if you're,

161
00:13:16.425 --> 00:13:27.005
because those policies, they don't they're not often catered to this kind of situation where you're getting coerced, and you def it's definitely you. Like, they fully authenticate it's you. You've got your two FA codes and everything, but

162
00:13:27.380 --> 00:13:35.779
it wasn't that you want what you wanted to do. I mean, the only exchange account, like, the multisig kinda solves or mitigates at least is,

163
00:13:36.740 --> 00:13:39.480
the less morbid attack, which is actually more common,

164
00:13:39.995 --> 00:13:47.134
which is like the phishing or password compromises or reusing passwords or your email account, your two factor gets compromised.

165
00:13:47.755 --> 00:13:50.014
We see those attacks happen all the time.

166
00:13:50.394 --> 00:13:50.894
Yeah.

167
00:13:51.595 --> 00:13:54.654
And just from the, like, the way multisig works,

168
00:13:56.180 --> 00:14:02.200
you're probably less likely to get hit with like, successfully hit with a phishing attack, I think. I mean,

169
00:14:02.580 --> 00:14:52.220
maybe single sig you, like, put in your seed words or whatever. But, like, I don't really, like, see the situation where someone, like, falls for phishing attack and is, like, getting multiple devices, like, signing, like, putting in a Bitcoin address, confirming a device, sending. That that's what I'm really hoping. Like, I think that is the case. Like, there are people who are, like, you call them up and they will just give the seed words if it's a technical support thing or whatever. But, hopefully, if you have to drive to a different location, like a different hemisphere of the brain locks in, you're like, what am I actually doing here? Like, I dialed on Telegram. It's telling me to drive around town and and you stop at that point. So maybe that would just be the method may it may be that the people save more money from just that fact. Right? You give it to people and they just have to drive to spend to tell the guy on the phone their seed words, and it just saves a lot of money like that, putting rent to tax all the way to the site.

170
00:14:54.120 --> 00:14:56.120
Yeah. Yeah. Yeah. And I think that that's,

171
00:14:56.920 --> 00:15:02.780
that's an important part of multisig is is, yeah, not being able to spend your life savings in in a matter of minutes.

172
00:15:03.400 --> 00:15:06.455
So, yeah, even if you, you know, single sync

173
00:15:06.835 --> 00:15:07.335
solutions

174
00:15:07.795 --> 00:15:13.735
don't really have, like, you know, you you got a pin or whatever, but that's that's not gonna stop you from spending all your money,

175
00:15:14.435 --> 00:15:14.935
to

176
00:15:15.395 --> 00:15:19.335
to, you know, to an attacker in a matter of minutes or even a scammer

177
00:15:19.750 --> 00:15:20.970
to be instantly tricked.

178
00:15:21.670 --> 00:15:32.630
Lloyd, the live chat is complaining about your mic. What mic is Is it better now live chat? Lloyd is better. That sounds good. Okay. Thank you. Were we on it? Next one. Do we switch which mic we're on? Or

179
00:15:33.425 --> 00:15:40.885
I just I just lowered the gain on it. Okay. I think that's much better. I also lowered the gain on my side. I've been lowering the gain on my side. Speak again.

180
00:15:41.264 --> 00:15:42.805
What's the best hardware wallet?

181
00:15:43.665 --> 00:15:47.285
Frost snap. Okay. Sounds much better. Thank you, live chat.

182
00:15:47.710 --> 00:15:53.410
We do live moment I, I fixed the audio a little bit before we publish on the podcast app. So

183
00:15:53.870 --> 00:15:57.070
Cool. Only the few people who joined us on,

184
00:15:57.630 --> 00:15:59.970
so far have have had that issue.

185
00:16:01.395 --> 00:16:01.895
Okay.

186
00:16:02.595 --> 00:16:04.275
So so we're trying to solve

187
00:16:04.835 --> 00:16:07.815
make self custody easier, make multisig easier,

188
00:16:08.195 --> 00:16:10.215
but how does it actually do that besides

189
00:16:11.475 --> 00:16:17.370
like, where does Frost come in? What I mean, that's the big thing here. Right? This is the first major hardware platform, I believe,

190
00:16:17.830 --> 00:16:22.250
that is using Frost at its core. What makes that different from regular,

191
00:16:23.430 --> 00:16:25.209
good old fashioned multisig?

192
00:16:27.110 --> 00:16:27.610
So

193
00:16:28.355 --> 00:16:31.495
in terms of the user experience of creating the wallet,

194
00:16:32.035 --> 00:16:35.254
I suppose you could do that with sort of a traditional multisig

195
00:16:35.795 --> 00:16:36.774
setup. But

196
00:16:37.315 --> 00:16:40.055
it makes it it's very natural to do with Frost.

197
00:16:41.910 --> 00:16:43.690
One of the reasons for that is,

198
00:16:44.389 --> 00:16:46.810
when you create a wallet to use with Frost,

199
00:16:47.190 --> 00:16:50.889
it uses a product a a protocol called distributed key generation.

200
00:16:51.750 --> 00:16:52.250
And,

201
00:16:53.430 --> 00:16:56.410
what that means is is it's not each device

202
00:16:57.055 --> 00:17:00.035
creating its own private and public key pair.

203
00:17:01.055 --> 00:17:01.795
Each device

204
00:17:02.415 --> 00:17:04.595
contributes some some randomness,

205
00:17:05.935 --> 00:17:08.515
to to an overall key and sort of this key generation

206
00:17:08.815 --> 00:17:09.315
ceremony.

207
00:17:10.740 --> 00:17:11.240
And,

208
00:17:12.260 --> 00:17:15.560
this actually comes with some very nice security benefits where you can

209
00:17:15.940 --> 00:17:16.520
you can,

210
00:17:17.460 --> 00:17:19.880
you can include the phone in in this process.

211
00:17:21.140 --> 00:17:22.040
So so

212
00:17:22.345 --> 00:17:25.565
the the phone itself can also contribute randomness,

213
00:17:26.505 --> 00:17:30.925
into into the key. And so, you know, even if all the devices,

214
00:17:31.545 --> 00:17:33.005
were malicious or backdoored,

215
00:17:33.465 --> 00:17:36.605
so long as your your phone or your laptop is honest,

216
00:17:37.919 --> 00:17:44.179
you'll you'll receive you'll end up with a a Basically, as long as one device is honest. Right? Because if your phone is compromised

217
00:17:44.480 --> 00:17:49.940
and the device is not malicious, you should be good in that situation too. Yep. Yep. That's right. Yep.

218
00:17:50.595 --> 00:17:51.095
Yep.

219
00:17:51.554 --> 00:17:53.495
So, yeah, it's quite it's quite natural for Frost.

220
00:17:54.595 --> 00:17:57.735
And that's also one reason why we we use the USB

221
00:17:58.035 --> 00:18:01.335
c port. Like, we're not doing things over QR codes and things,

222
00:18:01.794 --> 00:18:03.895
is because there's there's a few rounds of communication,

223
00:18:05.130 --> 00:18:06.590
in that in that process.

224
00:18:08.250 --> 00:18:11.710
So, yeah, it's it's very natural to do to do in the setup how we have it.

225
00:18:14.250 --> 00:18:14.750
Yeah.

226
00:18:15.450 --> 00:18:21.095
And then, we got the you got a single public key. That's one of big advantage of Frost. You don't have

227
00:18:21.555 --> 00:18:32.695
a multiple public keys, one for each hardware wallet. So no one can really see your no one can see you're doing Frost on chain, and you get the same fees as the cheapest fees you can currently get on BigQuery. Looks like a single sig on chain?

228
00:18:33.040 --> 00:18:37.300
Yep. Yep. Yep. Because this is, like, extra protocol. This is outside of the protocol.

229
00:18:38.160 --> 00:18:42.820
Yeah. It's, like, off it's off chain. So instead of doing multisig in Bitcoin script,

230
00:18:43.520 --> 00:18:46.100
the the multisig is done through mathematics,

231
00:18:47.205 --> 00:18:48.585
called threshold signatures.

232
00:18:49.845 --> 00:18:53.065
And, yeah, that That's interesting. You end up with a single public key.

233
00:18:54.085 --> 00:18:57.065
And and, yeah, the privacy benefit is actually quite huge there because

234
00:18:57.445 --> 00:19:00.265
at at the moment with traditional multisig, if you,

235
00:19:00.570 --> 00:19:12.750
you know, if you you buy something with your Bitcoin, you actually reveal to the whole world, you know, I've got a five out of eight multisig. But isn't that isn't that kind of a good privacy leak in terms of your transaction

236
00:19:13.130 --> 00:19:15.389
tax? Like, that's because, like, crazy person

237
00:19:15.825 --> 00:19:19.924
crazy person comes into your house and is like, okay. Where's your single sick wallet or whatever?

238
00:19:21.265 --> 00:19:24.965
But it's like, no. I'm using multi tickets. Like, now I saw your on chain pattern and

239
00:19:25.505 --> 00:19:28.965
you're clearly using single. So it's like, no. I'm using frost. You don't understand.

240
00:19:32.360 --> 00:19:34.620
But I mean, that may happen one day.

241
00:19:35.240 --> 00:19:38.220
Specifically. Yeah. Mostly joking. I mean, specifically,

242
00:19:39.000 --> 00:19:43.100
it's not really that bad of a privacy leak on regular multisig if

243
00:19:43.865 --> 00:19:46.445
you're using a normal like, a a common,

244
00:19:48.665 --> 00:20:03.519
threshold amount. Like, if you're using two or three or whatever, there's a decent amount of two or threes. There's a decent amount of three or fives. But, yeah, you're right. If you're using, like, five of eight or something, there's, like, probably four people or, like, a couple organizations that are using five of eight. And then all those transactions are

245
00:20:04.059 --> 00:20:05.840
probably the same people. Right?

246
00:20:06.379 --> 00:20:10.545
Yeah. Yeah. Yeah. The it makes it much easier to follow through the chain.

247
00:20:10.865 --> 00:20:12.405
Right? That's the chain analysis.

248
00:20:13.105 --> 00:20:14.405
The only, the only the

249
00:20:14.785 --> 00:20:26.970
the obvious counterpoint to that is right now, very few people are using Taproot. And so that'll be easy to follow as well. But if in an ideal world where everyone were using Taproot, it would be, much more private in the sense of more difficult to do chain analysis.

250
00:20:29.110 --> 00:20:34.330
Assuming some other things as well. Like, chain I don't wanna I don't wanna chain analysis, they're actually very effective.

251
00:20:34.790 --> 00:20:40.125
Everyone should know that. You're gonna act pretty it it's pretty easy to follow change addresses and stuff

252
00:20:40.685 --> 00:20:41.825
through the the blockchain.

253
00:20:42.445 --> 00:20:49.665
Right. And so it but it definitely definitely helps to have, the same sort of script pub key on the chain, the same multisig

254
00:20:50.045 --> 00:20:54.045
as you follow it through. Well, our listeners on dispatch, I think, are pretty,

255
00:20:55.309 --> 00:20:58.210
at least aware of the on chain privacy trade offs.

256
00:20:59.710 --> 00:21:00.030
I,

257
00:21:01.230 --> 00:21:05.410
but to the ones that might not be basically, it comes down to probability analysis.

258
00:21:06.350 --> 00:21:07.549
And so they're doing their

259
00:21:08.155 --> 00:21:15.055
the blockchains forever. They're doing probability analysis on whether or not Bitcoin has ex has changed hands and if ownership has changed hands.

260
00:21:15.995 --> 00:21:17.455
And they use different heuristics

261
00:21:17.755 --> 00:21:18.255
to

262
00:21:18.635 --> 00:21:25.480
to basically nail down that probability and make it more likely that they can track entities through the chain. And, of course, obviously,

263
00:21:26.420 --> 00:21:34.760
the fact that the overwhelming majority of people are buying Bitcoin through KYC exchanges and attaching themselves to their identity at the entry and exit points,

264
00:21:35.785 --> 00:21:38.125
makes that probability analysis much easier.

265
00:21:38.905 --> 00:21:40.845
Okay. So in terms of backup,

266
00:21:41.625 --> 00:21:49.920
what does so the setup process, I think, is relatively straightforward. I'm plugging in let's say I'm doing a two of three. Or I guess

267
00:21:50.300 --> 00:21:53.440
if I have three hardware devices, is the phone one key too?

268
00:21:54.700 --> 00:22:04.080
Not at the moment, but it still contributes to that that key Randomness. Generation ceremony. Yeah. Okay. So I plug in three devices. I'm making a two of three.

269
00:22:04.505 --> 00:22:10.285
Yep. Presumably, the app makes that relatively straightforward. I'm, like, approving on each device as I go.

270
00:22:10.665 --> 00:22:11.165
Yep.

271
00:22:11.465 --> 00:22:19.565
Then I'm taking them apart, and I'm putting, you know, like, one in an office, one in a safe deposit box, maybe keeping one at home.

272
00:22:20.070 --> 00:22:21.450
I have the phone to coordinate.

273
00:22:21.990 --> 00:22:22.490
Now,

274
00:22:24.070 --> 00:22:33.929
historically, the concern has been that you'd have some kind of hardware failure, so that's why we have offline backup. So what does that backup process look like? Is that am I keeping a a seed for each?

275
00:22:34.825 --> 00:22:38.044
Yes. Yes. So after you've created the wallet,

276
00:22:38.345 --> 00:22:42.284
the app will prompt you to do to run through the sort of backup process.

277
00:22:43.304 --> 00:22:46.605
And what that would look like is you you plug one device into the phone,

278
00:22:47.560 --> 00:22:49.100
confirm to display the backup,

279
00:22:49.880 --> 00:22:53.100
and then it would present you, a set of seed words,

280
00:22:53.720 --> 00:22:54.860
at the end of the day. Device?

281
00:22:55.160 --> 00:22:56.780
Yes. On the device. Yep.

282
00:22:57.160 --> 00:22:57.660
Yep.

283
00:22:59.175 --> 00:22:59.835
Yeah. We

284
00:23:00.615 --> 00:23:16.100
in the design process, we really would have liked to avoid seed words the same as, like, Bitkey manage were decided they were not gonna tackle that thing, and we would have liked to avoid it as well because, you know, you've got two out of you've got redundant devices. So maybe it would be okay if you, if you lost one device.

285
00:23:16.480 --> 00:23:18.720
But in the end, we felt we had to go with,

286
00:23:19.200 --> 00:23:20.100
a full backup,

287
00:23:20.480 --> 00:23:27.395
you know, solution. At least it's so it's there. So that, that each device has its own backup and you could, you know, recover

288
00:23:28.015 --> 00:23:32.755
recover all the money without any Frost snap devices or without Frost snap software.

289
00:23:33.935 --> 00:23:42.060
And so, yeah, there's a there's a backup on each. But we're hoping, like, because of frost, there's some tricks we can use to avoid actually having

290
00:23:42.520 --> 00:23:46.620
to have you enter the backup. So in in the scenario you mentioned like your device fails.

291
00:23:47.320 --> 00:23:49.575
So you've got a new device to replace it.

292
00:23:50.135 --> 00:23:54.955
Normally, you would have to input your backup into the device in order to restore it. But actually,

293
00:23:55.735 --> 00:24:02.635
we should be able to we haven't implemented this yet yet, but we we we the the cryptography is all pretty much a solved

294
00:24:03.060 --> 00:24:09.960
a solved thing. We can just take you take your other two devices and you say like, I want to restore the share of this other device

295
00:24:10.500 --> 00:24:15.160
that I that was broken onto this new blank device. And you should be able to just go visit

296
00:24:15.460 --> 00:24:16.840
those other two devices

297
00:24:17.305 --> 00:24:19.565
and then go finally go back to the

298
00:24:19.945 --> 00:24:24.285
the new one and have it just fully restored without having to actually enter in the backup.

299
00:24:24.985 --> 00:24:29.005
You know, if if you if you yeah. Go ahead. So I my

300
00:24:29.465 --> 00:24:30.605
my basic understanding

301
00:24:31.950 --> 00:24:33.809
of Frost is Frost,

302
00:24:34.350 --> 00:24:41.010
because it's outside of the Bitcoin protocol, would allow you to, like, basically do, like, a key rotation, add a new key,

303
00:24:42.590 --> 00:24:51.405
after the fact without actually, like, creating a a completely new wallet. In this case, would that be an like, a completely new key with, quote, unquote, different seed words,

304
00:24:51.945 --> 00:24:53.545
or would that just be, like

305
00:24:54.211 --> 00:25:00.765
to you can actually choose do you wanna you can actually choose, do you wanna recover a new do you wanna recover that same share that you lost,

306
00:25:01.309 --> 00:25:02.929
or do you want to,

307
00:25:03.390 --> 00:25:05.010
create an entirely new share,

308
00:25:05.950 --> 00:25:10.450
that, you know, it it could go from a two out of three to a two out of four, essentially?

309
00:25:11.070 --> 00:25:11.570
Right.

310
00:25:12.110 --> 00:25:16.735
Yeah. Your business is adding a key. The threshold's still the same amount. It's still two,

311
00:25:17.115 --> 00:25:18.415
blank, but you're adding

312
00:25:18.795 --> 00:25:23.775
a key to the total. Yeah. And if you lost that other one, then it's, yeah, it's basically two out of three.

313
00:25:24.955 --> 00:25:25.455
Yeah.

314
00:25:26.170 --> 00:25:27.630
And I'm I'm assuming,

315
00:25:28.010 --> 00:25:29.790
based on your earlier commentary,

316
00:25:31.050 --> 00:25:34.110
that there's nothing else the user needs to back up.

317
00:25:34.810 --> 00:25:39.790
They just back up That's correct. That's correct. So, yes, just just one set of seed words per device.

318
00:25:41.095 --> 00:25:44.794
Yep. And so if you if you lose the app, you lose the devices,

319
00:25:46.135 --> 00:25:51.034
and you've got a two out of three, you can you can either get two new Frostnap devices,

320
00:25:52.294 --> 00:25:53.595
enter the seed words

321
00:25:53.950 --> 00:25:56.290
onto each device to restore those backups,

322
00:25:56.830 --> 00:25:58.050
and then you're good to go.

323
00:25:58.510 --> 00:26:00.850
You don't need any descriptors or any other metadata.

324
00:26:01.550 --> 00:26:05.090
It's all all contained on the the FrostSnap backup sheet.

325
00:26:05.965 --> 00:26:06.705
That's awesome.

326
00:26:08.925 --> 00:26:09.425
So,

327
00:26:11.805 --> 00:26:13.245
what are your thoughts on,

328
00:26:13.725 --> 00:26:14.625
so these devices,

329
00:26:15.325 --> 00:26:16.705
you know, part of,

330
00:26:17.165 --> 00:26:20.545
your early design decisions to, like, make them easier to manufacture

331
00:26:22.769 --> 00:26:25.590
and more open do not have secure elements on them.

332
00:26:25.970 --> 00:26:27.269
Secure elements historically,

333
00:26:29.809 --> 00:26:34.390
one of the main main use cases for them is to stop, you know, physical tampering.

334
00:26:35.534 --> 00:26:38.995
How do you think about that theft mitigation? You know, I'm keeping it

335
00:26:39.455 --> 00:26:42.274
at my office, and I have an evil secretary who's

336
00:26:44.095 --> 00:26:46.995
very technically competent in compromising my device.

337
00:26:48.820 --> 00:26:59.720
I think for my opinion, it actually doesn't secure elements don't help with tampering that much. If you can actually tamper with it, like, you know, get onto the chip, the the main MCU,

338
00:27:00.925 --> 00:27:04.225
because we've really like, we showed this attack called dark skippy.

339
00:27:04.845 --> 00:27:06.525
Yeah. Darkskippy.com

340
00:27:06.525 --> 00:27:15.185
if people haven't seen the the video, but actually, like, that's sufficient. If you can just tamper with any device, you don't need to hit the secure element at all.

341
00:27:15.800 --> 00:27:18.220
As long as you can change the firmware of the device,

342
00:27:18.679 --> 00:27:23.980
this when the when the user inputs their PIN, the secure element will release the key and you'll do a signature

343
00:27:24.520 --> 00:27:26.780
on it. And that that that

344
00:27:27.240 --> 00:27:28.215
malicious firmware

345
00:27:30.215 --> 00:27:30.955
that we've put that the this made, this technically competent

346
00:27:31.654 --> 00:27:36.395
made has put on there, will be will send the seed over the Bitcoin network.

347
00:27:37.095 --> 00:27:40.154
And so the I think the the secure element actually

348
00:27:41.174 --> 00:27:42.875
is really about pin numbers.

349
00:27:43.309 --> 00:27:51.330
So it's about protecting the seed and so the only the person who has the pin can actually get the seed onto the main MCU. So it's an authentication

350
00:27:51.710 --> 00:27:53.730
chip basically is the way they're used.

351
00:27:54.670 --> 00:27:56.610
And so we don't use

352
00:27:57.855 --> 00:27:58.355
authentication

353
00:27:59.295 --> 00:28:01.715
of the the user through a PIN number.

354
00:28:02.495 --> 00:28:03.875
That's that's one

355
00:28:04.415 --> 00:28:09.475
design decision. It took a lot to come to it, but that's what one design decision we came to.

356
00:28:09.775 --> 00:28:10.275
The

357
00:28:11.110 --> 00:28:19.450
the PIN numbers when you look at the security model of it like a single SIG and you have the PIN numbers there, what is happening is basically you're saying,

358
00:28:19.750 --> 00:28:24.389
okay. You have a call card or something or a jade or whatever, any of these,

359
00:28:24.789 --> 00:28:34.855
these devices with PIN numbers, and that device may be, like, laying around. It may be, like, in a in a drawer or something. Right. And that'll take an attacker, like, a short amount of time to find.

360
00:28:35.315 --> 00:29:09.510
Like, maybe, like, let's say fifteen minutes. Right? If they're they're they're going around your house, they could find your hardware wallet in fifteen minutes, but they wouldn't find your seed words in fifteen minutes. Like, that seed words, you're putting them, like, in some super secure location that is, like, really I don't know. You buried them in the garden or something. It would take, like, many hours or something. And so the PIN number is there to allow you to have that sort of convenience. Like, I have this this within arm's reach device with a PIN number, and I have these seed words that are not within arm's reach. They're gonna be harder to get to or something like that. So that's the the paradigm where the pin sort of makes sense.

361
00:29:10.130 --> 00:29:16.710
For our paradigm, we're using the geographic distribution to sort of authenticate the user if you like.

362
00:29:17.570 --> 00:29:21.269
It wouldn't help us much to put a pin on the devices because,

363
00:29:21.645 --> 00:29:27.105
actually, we didn't in our design, we actually probably store the frostnaps with your seed word backup.

364
00:29:27.645 --> 00:29:34.385
K? So it's like there isn't this much multisig the then the reason we do this is multisig is just by definition inconvenient.

365
00:29:35.419 --> 00:29:40.000
You know? There's not much point of an within the arm's reach devices skewed by a pin

366
00:29:40.460 --> 00:29:46.400
if you have to go on a drive to get it. Right? It's like it's not it's not it's not even gonna be convenient.

367
00:29:47.179 --> 00:30:06.900
It shouldn't really be convenient for your ultimate cold storage setup. Right? You don't really want convenience. They're not really a super important feature. I mean, good user experience is. Right? You want that to be easy to use and not no no foot guns and stuff. We want it to be inconvenient to spend all your life savings. So it took it shouldn't hap be able to happen in a couple of minutes.

368
00:30:07.860 --> 00:30:16.680
Minutes. You know? So that's Okay. So let's Yeah. Let's just go down this rabbit hole a little bit. First of all, dark Skippy was a little bit a while ago.

369
00:30:17.460 --> 00:30:18.840
So just for a refresher,

370
00:30:20.020 --> 00:30:24.644
for my sake, I mean, I think, like I mean, in cold cards specifically,

371
00:30:26.784 --> 00:30:28.404
I think the secure element

372
00:30:29.105 --> 00:30:30.725
protects you from dark Skippy.

373
00:30:31.505 --> 00:30:34.325
You And what is the other alright. It's going well.

374
00:30:34.930 --> 00:30:37.510
Yeah. If we can we can change words. Right?

375
00:30:40.450 --> 00:30:45.590
Specifically, the the fishing words. Like, you enter the first half of your PIN, the fishing words would be different.

376
00:30:47.025 --> 00:31:05.300
No. Because, I mean, it's still the same everything. Like, the same secure element. The phishing words would be the same like, it's the same device. Like, I mean, we're talking about, like, a a maid who can actually open up your call card and change this firmware running on the main MCU, but they can't break the secure element. Like, that's some this is a made that doesn't exist, obviously. But if if that's such a made existed,

377
00:31:05.600 --> 00:31:11.540
yeah, they could change the firmware. Just that's why cold card has the secure two secure elements there. No?

378
00:31:12.160 --> 00:31:20.674
One of the reasons. It wouldn't like, the the secure elements just authenticate. It's the PIN. It's the right PIN. So the main MCU is, like, taking the also protecting the secret

379
00:31:21.054 --> 00:31:22.034
behind the PIN.

380
00:31:22.575 --> 00:31:43.815
Right. But you're gonna enter the correct PIN, and you're gonna see the same the correct words come up. This is the same device. We're not we're not swapping out the device. We're just changing the firmware on the main MCU. So you're gonna but I guess you're gonna see Oh, but I would see the big red light that says firmware attestation failed. Right. Probably. Yes. That that phishing that's when you would protect me. The big red light would protect me.

381
00:31:44.215 --> 00:31:57.995
Yeah. Yes. So that's the but if, yeah, if you can get around the big red light, though. No. The no. The the big red light, actually, we can get if you can change the firmware, we can get around the big red light also. Because the big red we can send the wrong firmware to the secure elements.

382
00:31:58.950 --> 00:31:59.690
So the

383
00:31:59.990 --> 00:32:02.169
the the the issue is, like, the main MCU,

384
00:32:02.470 --> 00:32:04.169
if you do the signing on there,

385
00:32:04.470 --> 00:32:08.330
that's all you need to compromise. You don't need to compromise any other secure elements or whatever.

386
00:32:08.790 --> 00:32:13.455
It turns out the main MCU is actually very difficult to compromise, by the way. It's not it's not trivial. Like, people

387
00:32:14.015 --> 00:32:19.554
people think that, like, oh, yeah. The secure elements are like, it's super impossible to compromise. The main MCU isn't, but actually,

388
00:32:20.414 --> 00:32:27.875
you know, Ledger showed an attacks on the on the secure elements, but not they couldn't do the attack because they it seems like they couldn't pull off the one on the main MCU.

389
00:32:28.260 --> 00:32:33.400
But, that so yeah. The main so the if you believe you can corrupt the main MCU, you can corrupt the device.

390
00:32:34.100 --> 00:32:43.720
It is a very difficult thing to pull off. Okay? So you have to open up the thing. You'd have to take the chip out. You're gonna have to melt the chip or something and like, you know, put it back in afterwards,

391
00:32:44.945 --> 00:32:46.805
or put a different chip in afterwards,

392
00:32:47.585 --> 00:33:08.630
without breaking anything. But if you were able to change the firmware on the main chip, you can you can, you can take the money. The the when you put in the user put us in the PIN and they have none the wiser, they're running different firmware. Everything the green lights and everything will happen because the the main MCU will lie to the secure elements about everything. The secure elements don't know reality. They can only talk to the main MCU.

393
00:33:09.009 --> 00:33:11.889
So the main MCU can hide everything from them. And then,

394
00:33:12.575 --> 00:33:19.875
when you put in your PIN numbers, you'll get the same words. Check words come up, and you'll finish it up, and you'll sign a thing, and your seed words will be in the signature,

395
00:33:20.495 --> 00:33:24.755
because of that. So we don't yeah. The Okay. Well, I'm not I'm

396
00:33:25.240 --> 00:33:30.860
I'm, I'm I'm not here to get into a debate over the cold card security model,

397
00:33:31.960 --> 00:33:32.460
but,

398
00:33:34.200 --> 00:33:37.659
I'm sure MBK will be insightful to me after this episode.

399
00:33:38.200 --> 00:33:38.700
But

400
00:33:40.895 --> 00:33:41.395
I,

401
00:33:42.575 --> 00:33:43.795
regardless of that

402
00:33:44.255 --> 00:33:47.635
Yep. Regardless of cold cards specifically, and I would say that

403
00:33:48.095 --> 00:33:48.595
Ledger's,

404
00:33:49.695 --> 00:33:55.290
shown attack or whatever was the previous generation devices. It cost, like, $600,000,

405
00:33:55.430 --> 00:33:57.930
I believe, partially because of the secure element.

406
00:33:58.470 --> 00:34:04.010
And then he added a second secure element and did some other stuff to harden it further and make it even more difficult.

407
00:34:04.870 --> 00:34:11.335
But besides all of that. Mhmm. There there's no attacker who's getting through those things that you will ever encounter in your life.

408
00:34:12.035 --> 00:34:17.875
Yeah. What stops someone from so, like, I have a single device. Yes. Let's now let's

409
00:34:18.275 --> 00:34:21.575
we we went through the maid. We're we're saying the maid,

410
00:34:22.859 --> 00:34:25.839
she would need to compromise multiple devices, I guess.

411
00:34:26.460 --> 00:34:29.279
Yes. And and not only that. So so we actually,

412
00:34:30.859 --> 00:34:34.559
we actually do have some protection against, an evil maid with Frostnap.

413
00:34:34.859 --> 00:34:35.920
So Okay.

414
00:34:36.365 --> 00:34:38.704
The the secret share that's on that device,

415
00:34:39.484 --> 00:34:40.464
is actually encrypted,

416
00:34:41.164 --> 00:34:43.424
and the the decryption key

417
00:34:43.885 --> 00:34:46.065
sits on your your phone.

418
00:34:46.444 --> 00:34:47.424
Or the computer.

419
00:34:47.885 --> 00:35:04.030
Yeah. Or the computer. So if if the maid was to find your Frostnap device and plug it into their phone Okay. That was my next question. Like, can they pull the seed or the key material off of this? And I guess No. It would be encrypted in that situation. That's right. And and so to actually learn that decryption key,

420
00:35:04.725 --> 00:35:06.265
that made would have to visit

421
00:35:06.565 --> 00:35:08.105
two out of your three devices,

422
00:35:09.125 --> 00:35:13.365
to to essentially Oh, so that was my next question after that. So, like, if I lose my phone

423
00:35:14.165 --> 00:35:14.665
Yeah.

424
00:35:15.285 --> 00:35:20.500
As long as I have the if I as long as I have two or three devices, I'm still good if I lose my phone?

425
00:35:20.800 --> 00:35:41.165
Yep. Yep. So it sort of falls back to the same security assumption. So if, yeah, if the maid can go and visit your two out of three devices, then they're essentially able to do recovery, and and then they'll be able to spend your money. But if if they only manage to visit one device, they they can't do anything with it. They can start a recovery, but they can't start signing a signing session

426
00:35:41.625 --> 00:35:42.125
immediately.

427
00:35:43.230 --> 00:35:47.730
So for that day the real reason why I mean, besides the fact that multisig

428
00:35:49.310 --> 00:35:54.530
is distributed, I mean, that's the real reason why you don't need pins or whatever. They're, like, the kind of pins for each other.

429
00:35:55.325 --> 00:35:58.704
Yeah. And the we sort of use the secure element of the phone.

430
00:35:59.644 --> 00:36:01.345
So so the the to

431
00:36:01.805 --> 00:36:07.984
to initiate signing on the Frostnap device, you have to unlock your phone, which releases that decryption key,

432
00:36:08.589 --> 00:36:11.890
to the device, and then you can do a signing session.

433
00:36:13.069 --> 00:36:16.930
So for an evil maid, they would have to, you know, find one of your devices,

434
00:36:17.630 --> 00:36:19.329
start recovery on that device,

435
00:36:19.790 --> 00:36:20.770
leave it there,

436
00:36:21.630 --> 00:36:23.089
go find your other device,

437
00:36:24.545 --> 00:36:25.605
finish that recovery,

438
00:36:26.625 --> 00:36:32.805
and only then they would be able to go back to the, you know, first device and and finish that that signing session,

439
00:36:33.664 --> 00:36:38.884
to spend the money. So it's still a lot of a lot of hoops and that you still got that geographic distribution,

440
00:36:39.789 --> 00:36:41.650
stopping them from pulling off the attack.

441
00:36:42.430 --> 00:36:44.349
That's awesome. Okay. But let's go through

442
00:36:44.910 --> 00:36:46.349
so then what does the

443
00:36:47.549 --> 00:36:53.145
I think, actually, a phone being lost is probably the bigger, most common thing that's gonna happen to users.

444
00:36:54.585 --> 00:36:57.405
Like, so what does that restore process look like?

445
00:36:58.185 --> 00:36:58.685
Yeah.

446
00:36:59.705 --> 00:37:01.565
So so if you still got your devices,

447
00:37:02.425 --> 00:37:06.920
Yeah. You can you can get a new phone, download the FrostSnap app,

448
00:37:07.460 --> 00:37:10.200
go and visit, you know, your first device, plug it in.

449
00:37:10.980 --> 00:37:17.480
It'll there's a in the app, there's a button say, you know, restore wallet, and it'll just start that recovery. The device will,

450
00:37:18.305 --> 00:37:23.525
send a a sort of a a public share of its its secret over to the phone.

451
00:37:24.465 --> 00:37:31.605
Then you would go visit your second device, plug that one in. You would and then you would finish restoration at that point, and the phone will,

452
00:37:32.930 --> 00:37:37.109
learn the public key of that wallet at that point. It'll learn all the addresses,

453
00:37:37.650 --> 00:37:40.309
and it will learn the metadata, the decryption key,

454
00:37:40.849 --> 00:37:43.510
that will allow you to to go and sign again.

455
00:37:43.905 --> 00:37:48.965
So it's a three device multisig. I only need to go to two devices with the new phone. Yep.

456
00:37:50.385 --> 00:37:54.165
Yep. That's right. And if if you don't have the devices and you only have the backups,

457
00:37:54.865 --> 00:37:58.085
then you can either get a blank Frosnap device

458
00:37:58.920 --> 00:38:01.900
and plug it in and enter the seed words,

459
00:38:02.280 --> 00:38:06.859
onto the device, and that will, you know, restore restore the device that way.

460
00:38:08.680 --> 00:38:09.500
Got it.

461
00:38:10.615 --> 00:38:13.035
That's awesome. Okay. That makes sense to me.

462
00:38:13.655 --> 00:38:17.995
So it's pretty fault tolerant. It's probably more fault tolerant than regular multisig.

463
00:38:19.095 --> 00:38:22.395
Yeah. You don't have this descriptor issue, which is which is really nice.

464
00:38:23.095 --> 00:38:24.555
It's it's really, really nice.

465
00:38:25.299 --> 00:38:33.400
And you there's you know, some peep like, one of the problems with this the the descriptor issue is like, an add on issue with it is

466
00:38:34.020 --> 00:38:35.799
you have to sort of store that,

467
00:38:36.420 --> 00:38:38.839
that private not secret, that private information

468
00:38:39.725 --> 00:38:43.265
alongside your seed phrase or maybe you upload it to Google Drive.

469
00:38:43.965 --> 00:38:49.345
Right. It's a privacy risk, not just security risk. So if anyone finds out, they learn how much money you have,

470
00:38:49.885 --> 00:38:51.985
you know, all the all the payments you've been making.

471
00:38:52.480 --> 00:38:57.540
And so some people try to, like, split that descriptor up into parts with things like Seedhammer.

472
00:38:58.560 --> 00:39:02.100
But, you know, it's it's sort of just started pushing the problem away.

473
00:39:04.320 --> 00:39:07.540
It's not not making the UX much easier. I'll say that.

474
00:39:08.135 --> 00:39:13.515
Yeah. For me, like, I can give this to my family. No problem. You know, just give these these little devices.

475
00:39:14.454 --> 00:39:20.795
Just bring them you know, plug them one of them one by one into a phone, and the whole thing comes back. And you can just sort of start,

476
00:39:21.490 --> 00:39:23.670
signing and spending the whole thing right away.

477
00:39:24.130 --> 00:39:25.590
Yeah. It seems pretty intuitive.

478
00:39:26.290 --> 00:39:32.710
Yeah. So it's mainly like it is like we'd have this technology thing on on on behind the scenes. Right? Frost?

479
00:39:33.105 --> 00:39:37.765
We've tried to cover up any difficulties to the user, hide all those,

480
00:39:38.465 --> 00:39:42.725
in intricacies of the actual cryptography and that you don't really see it at all,

481
00:39:43.345 --> 00:39:43.845
hopefully.

482
00:39:44.225 --> 00:39:47.685
Our first users might, you know, run into a bug or two, but hopefully, we've

483
00:39:48.050 --> 00:39:53.830
we've hidden that. And then in the end, we've what we've done is just try to leverage the technology just to make it simple,

484
00:39:54.690 --> 00:40:02.390
the u the UI and the UX really simple. So you can just just each device is like its own thing. And as long as you have two out of three of them,

485
00:40:03.035 --> 00:40:06.975
you get all the money back, and it's really straightforward to get it all back.

486
00:40:07.595 --> 00:40:21.010
I see like, is the number one thing. Like, we want I want my other people to be able to get the money, which is not what you really really want to do mostly with hardware wallets, but you have to do it somehow. And adding more secrets to things and adding more pins and stuff

487
00:40:21.470 --> 00:40:22.210
is like

488
00:40:22.590 --> 00:40:26.050
it improves security. Adding secrets to stuff always improves security.

489
00:40:26.510 --> 00:40:27.250
But, like,

490
00:40:27.790 --> 00:40:34.345
it doesn't have it doesn't it's not great if your life savings is in such a storage. Right? Right. Such as secure.

491
00:40:34.724 --> 00:40:36.484
Yeah. But more people we started

492
00:40:37.444 --> 00:40:39.305
I mean, we started it off with,

493
00:40:41.145 --> 00:40:48.109
people coming in your house, robbing you, and fishing and stuff. But, like, most Bitcoin is lost by mistakes and overcomplicating

494
00:40:48.410 --> 00:40:52.109
things and Yeah. Foot counts. Like, just users making mistakes.

495
00:40:52.970 --> 00:41:01.789
I, well, before we get I see some audience questions. We'll get to that in a second. But before we get to that, onto that point that you were just making, Lloyd,

496
00:41:04.565 --> 00:41:06.345
as a family man myself

497
00:41:06.805 --> 00:41:11.625
and as a lover of multisig, one of the best parts of multisig in general is

498
00:41:12.085 --> 00:41:15.065
that inheritance question that's, you know, I'm

499
00:41:15.980 --> 00:41:21.200
get hit by a bus or, god forbid, or something happens to me. How does that Bitcoin pass down?

500
00:41:22.220 --> 00:41:25.280
I mean, it seems like there's a lot of clever ways you can handle

501
00:41:26.619 --> 00:41:27.119
secure

502
00:41:28.785 --> 00:41:29.285
sovereign

503
00:41:29.585 --> 00:41:32.085
inheritance here without a trusted third party.

504
00:41:33.185 --> 00:41:39.925
Instead of me just theorizing on it, how are you guys thinking about that? Is that a core element of a product offering?

505
00:41:42.119 --> 00:42:02.954
Yeah. At the moment, I'd say, like, it's very like, our first product, our first our Frontier Edition is just you gotta you maybe make it, like, a two out of four or something. You got two for yourself and, like, two you wanna leave with a friend and one with your wife or what whoever. Right? And then that's just you, you go away and they use the devices just to get They work together. They bring their two together.

506
00:42:03.575 --> 00:42:11.275
Yeah, exactly. That, that would be the, that would be the way for our first edition. We have much bigger plans in the future about how to do things, really well.

507
00:42:12.309 --> 00:42:15.369
Frost does allow us to do really interesting things here

508
00:42:15.990 --> 00:42:24.170
because in addition to, you know, having the single public key and single signature on chain, you can have multiple access structures to the same money.

509
00:42:24.710 --> 00:42:28.484
Okay. So I could have a two out of three personally. Right? But then for

510
00:42:29.345 --> 00:42:36.325
my recovery, I could have, like, a three out of three. One with my wife, one with my best friend, one with my lawyer or something like that. Right?

511
00:42:36.705 --> 00:42:41.370
And so that that three out of three is in parallel to the two out of three that I have.

512
00:42:41.930 --> 00:42:53.710
And so you can actually totally separate out the access structures and the devices, and that three out of three always stays valid. Let's say if I lose one device, I break a device, I want to, you know, get rid of one, I can change my two out of three,

513
00:42:54.815 --> 00:42:57.954
without affecting that one. And I can stay there permanently. That's cool.

514
00:42:58.414 --> 00:43:01.154
Yeah. So that's a really nice feature of the mathematics

515
00:43:01.454 --> 00:43:04.595
that allows us to do that. We haven't gotten on to actually implementing that feature,

516
00:43:05.295 --> 00:43:06.180
but we will.

517
00:43:06.819 --> 00:43:13.720
So that's that's, like, the one thing. But then I guess, like, it'll be up to other people to figure out. Like, hopefully, we can have the tools available

518
00:43:15.380 --> 00:43:19.480
to let other people figure out how you use these Frost Snap LEGO blocks

519
00:43:19.914 --> 00:43:22.575
to construct your security policy. Right?

520
00:43:24.154 --> 00:43:25.055
Yeah. But, presumably,

521
00:43:25.355 --> 00:43:26.414
you also have

522
00:43:27.994 --> 00:43:33.295
you have, like I mean, I don't know if how if you how you guys are thinking about it, but, presumably, you have, like, a handhold

523
00:43:35.120 --> 00:43:37.220
setup, and then you have, like,

524
00:43:38.720 --> 00:43:41.940
power user using their own creativity kind of setup.

525
00:43:42.320 --> 00:43:43.140
Right? Like,

526
00:43:43.760 --> 00:43:46.960
I mean, I like I like that. I I like the simple idea of,

527
00:43:50.184 --> 00:43:58.045
maybe not two of four. I like the simple idea of, like, the complete a complete different set. Right? Like, a three of three, and then I just

528
00:43:59.065 --> 00:44:05.470
this is, like, my inheritance set. Right? And I just give one to each one to three different confidants or whatever.

529
00:44:06.089 --> 00:44:19.925
Yep. Yep. If you think one of them are gonna lose one of them, you may get a three out of four or something. Two of four is a little bit weak too. Right? Because they all it really takes is one of them to then wrench attack you or wrench attack the other one. Yep. Yeah. That's true. That's a little bit

530
00:44:20.945 --> 00:44:22.484
I don't know. It's a little bit dicey.

531
00:44:23.105 --> 00:44:24.885
Yeah. Yeah. I agree. Yep.

532
00:44:26.704 --> 00:44:29.925
And Yeah. So What about what about, like, copying devices?

533
00:44:30.450 --> 00:44:41.830
Does that actually helpful at all? Or, like, if I have two versions of the same key, is that I I mean, I assume that would be relatively easy to do tech wise. Is that actually something that's desirable?

534
00:44:42.734 --> 00:44:48.275
It's like it's actually impossible for us to stop because since you have the backup, you can just load the backup into another device.

535
00:44:48.815 --> 00:44:51.555
Yeah. Should people do that or is that discouraged?

536
00:44:52.815 --> 00:44:58.890
We don't really know yet. I think in this investigation, we're sort of we're sort of putting these, yeah, the the building blocks out there,

537
00:44:59.430 --> 00:45:06.970
and we're not we're not giving, like, a strong opinion on what users should do. We're not even giving a strong opinion on how many they should buy.

538
00:45:08.515 --> 00:45:13.015
We're sort of we're we're looking at making some things in the website, like, sort of like a, you know,

539
00:45:13.715 --> 00:45:23.335
sort of like a workflow where you can choose I've got this many secret places and this many trusted people, and then it might give you a recommendation on how many devices and what and what threshold,

540
00:45:24.300 --> 00:45:25.520
you might wanna use.

541
00:45:25.900 --> 00:45:28.720
But to start off with, we yeah. We're we're taking sort of an unopinionated

542
00:45:29.020 --> 00:45:32.800
approach. Let let the users sort of decide what's what fits their,

543
00:45:33.820 --> 00:45:37.120
their scenario the best, and and we'll we'll learn from that.

544
00:45:38.724 --> 00:45:49.605
Okay. Yeah. The the copying devices thing is, the like Nick said, it's probably one of the first things you'll have to formally implement because, yeah, you can already do it. It just, it probably it it works. It just,

545
00:45:50.244 --> 00:45:54.190
the UX is not super great for it. One of the problems with,

546
00:45:54.890 --> 00:46:06.829
Frost, like, the only downside that is there is that you have to choose which devices upfront you're going to sign with. So when you start signing, like, you could create the transaction and stuff. Interesting. You have to say, I'm gonna be signing with these guys.

547
00:46:08.075 --> 00:46:17.135
You can you can kind of hack around it. There are tricks to make it sort of in behind the scenes. Just do lots of signing sessions in parallel so you don't have to worry about which ones end up getting signed with. But

548
00:46:17.515 --> 00:46:21.535
at the beginning, we're gonna see how much of a problem this is. People like really hate that.

549
00:46:22.200 --> 00:46:26.220
But when you start cloning devices, you obviously have to start making the

550
00:46:26.840 --> 00:46:53.970
the UX, like, take that into account. And so you have to, like, sit like, this device if I'm signing with this one and I have device a or device b from this one, but I can't use device a and b at the same time, obviously, because got the same share. So you have to, like, update the UX a bit, to, to understand that concept. It is gonna be interesting. But one thing we did do is we already have go ahead. Yeah. We have we did we have one thing we did do is we have only one secret per device,

551
00:46:54.430 --> 00:47:03.645
k, to keep things simple. Because otherwise, things get we originally, we were having, like, as many keys as you want on each device. Right? As part of and many different multisigs as you want.

552
00:47:04.205 --> 00:47:11.425
And that made mad that was madness to try and explain that in the UI and trying to get people to choose what to sign with and things like that,

553
00:47:11.725 --> 00:47:27.050
with devices having multiple shares of the same key. So one device could be worth more than another one, more special than others, which sounds like a cool feature and it did originally, but it was so hard to actually wrangle the logic and sort of present it to the user to understand. Yeah.

554
00:47:27.430 --> 00:47:29.210
Well, what I was gonna say is,

555
00:47:33.685 --> 00:47:35.385
like, Coldcard, for instance,

556
00:47:36.165 --> 00:47:37.945
has had found great success

557
00:47:38.645 --> 00:47:40.345
selling different color devices.

558
00:47:41.525 --> 00:47:43.045
So, like, as you guys scale

559
00:47:43.470 --> 00:47:55.170
I mean, not only do just Bitcoiners are collectors, they like different colors. But, like, also from, like, an organ Can you can you buy different colored cold cards? So many different colors. We have all different I didn't know that. Yeah. So

560
00:47:56.385 --> 00:48:00.805
I but it also it makes sense from, like, an organization point of view. Right? Because, like,

561
00:48:01.265 --> 00:48:02.405
my blue one,

562
00:48:03.185 --> 00:48:04.805
my blue one could be

563
00:48:05.265 --> 00:48:06.965
they could all be the same one.

564
00:48:07.265 --> 00:48:12.120
And, like, my orange one could all be the same one if, if you are doing the duplication thing.

565
00:48:12.840 --> 00:48:32.065
Yes. That's a smart idea. And then in the UX, it could you know, you can name it. So then it's like, okay. I'm signing with blue and orange. And then it doesn't like, they might be in different I might have duplicates of them places, but I'm signing with blue and orange. And then you can kinda name it. Exactly. Yeah. That And then it's good for business because you just sell multiple colors.

566
00:48:32.685 --> 00:48:40.945
Yeah. That was one of the first problems we, we ran into is when all the when all the devices had the same color, it was very easy to you create a wallet,

567
00:48:41.589 --> 00:48:49.530
and then you'd unplug them, and then you would go to sign, and you choose which devices you're gonna sign on, and you start plugging them in, and you you mix them up. You have no idea which one had which name.

568
00:48:49.990 --> 00:48:52.170
Yeah. So we're giving them a color, and

569
00:48:52.470 --> 00:48:56.630
and, we'll we'll look to we'll be looking to present that color in the app as well,

570
00:48:57.485 --> 00:49:00.785
in in the future. Oh, you are giving them but you're giving them a color on the screen?

571
00:49:02.285 --> 00:49:05.025
You don't have a name on the screen, but the the

572
00:49:05.485 --> 00:49:31.994
the device color will actually be saved on on the device. Oh, okay. Oh, so it's exactly what I said. Well, the color. You can you can present that into into the app. Yeah. Show them the colors, Ben. Yeah. I've got I've got three of them. I see. Look. We're on the same page. Orange, I I there's no blue, but I I did say of course, you can We've we've got a blue we've got a blue and a red. I just I just haven't got those ones yet. I'll I'll be seeing Those are clean. Wait. Can you put them back up on the screen again? Yeah. Yeah. Sure. Sure. Nice.

573
00:49:33.095 --> 00:49:37.355
So is that an all metal case? Or That is an all metal case. Yep.

574
00:49:38.630 --> 00:49:39.370
Very nice.

575
00:49:39.910 --> 00:49:41.610
So you have five different colors?

576
00:49:41.910 --> 00:49:43.850
Yes. Five different colors. Yep.

577
00:49:44.230 --> 00:49:44.970
Got it.

578
00:49:46.790 --> 00:49:49.050
Okay. So we were on the same page on that front.

579
00:49:50.735 --> 00:49:52.195
I had one more question.

580
00:49:52.655 --> 00:49:53.155
Oh,

581
00:49:53.455 --> 00:49:53.955
so,

582
00:49:54.495 --> 00:50:01.135
what's what's the buying process like? They're up for preorder right now? Yep. They're up for preorder on frostsnap.com.

583
00:50:01.375 --> 00:50:03.075
We're pricing them in sets.

584
00:50:03.450 --> 00:50:04.730
So a 150,000

585
00:50:04.730 --> 00:50:07.150
sets per device. So they're on sale right now?

586
00:50:07.849 --> 00:50:09.390
Yes. They're on sale. Exactly.

587
00:50:10.970 --> 00:50:11.470
Yeah.

588
00:50:11.849 --> 00:50:12.170
Yeah.

589
00:50:12.730 --> 00:50:19.025
So we're we're we're having a bit of a filter there. So only, you know, only very serious people are are buying

590
00:50:19.325 --> 00:50:29.905
them, which is what we sort of want at the beginning. So this is our first first batch and it, is just yet to support us, because, we need a bit of support at the moment to keep this project going. So hopefully,

591
00:50:30.609 --> 00:50:31.990
we can get in there and preorder,

592
00:50:32.290 --> 00:50:40.630
and get part of the first batch. And I guess we'll be closing the preorder thing at some point in the next few weeks as we start actually, shipping the devices.

593
00:50:41.089 --> 00:50:43.829
Yeah. So if I preorder today, when am I getting my device?

594
00:50:44.545 --> 00:50:47.365
Later this month. Probably towards And are you shipping from Australia?

595
00:50:49.425 --> 00:50:53.845
Probably Malaysia. Likely Malaysia. We'll How long does that take to get to America?

596
00:50:54.145 --> 00:50:56.565
Whatever makes the most sense for you guys in The US.

597
00:50:57.105 --> 00:50:58.725
Okay. Your new tariffs.

598
00:50:59.349 --> 00:51:01.050
Oh, yeah. Is Australia a tariff?

599
00:51:01.589 --> 00:51:14.010
I think it's tariffs less than Malaysia, but I'm not up to date on that. Yeah. We're less than we're less than Malaysia. Man. Oh, yeah. That's true. We're gonna have to I don't know what what was going on with the tariffs. Maybe Nick can tell us what the the geopolitical situation is.

600
00:51:15.165 --> 00:51:16.705
No. I haven't been going too closely.

601
00:51:17.005 --> 00:51:21.425
So, like, the use so I would pick how many devices I buy. Right? Like Yep.

602
00:51:21.725 --> 00:51:27.425
Yep. There's a minimum of three. It it the you can use the devices as, like, a single sig hardware wallet.

603
00:51:28.190 --> 00:51:34.369
Doesn't make a whole bunch of sense. You might as well, yeah, get get three or more. So we we've set a minimum of of three devices.

604
00:51:36.029 --> 00:51:37.490
Plebdevs is asking

605
00:51:38.029 --> 00:51:43.009
in the comments does I think we answered this question, but does each device have full group info?

606
00:51:43.625 --> 00:51:47.165
Is it also encrypted, or does that start on the mobile phone app?

607
00:51:48.585 --> 00:52:07.490
Yep. I think the group info, he means, like, the XPub probably, like, of the whole wallet. You need you just need two devices to restore and practice. That's what it is. Right? If it's too But it is it it is, it the device has, like, this share of the group info, so not all the group info is on the device. It has a share of it. And if you get enough devices,

608
00:52:08.110 --> 00:52:12.610
then the phone you're plugging it into will be able to reconstruct the full group info.

609
00:52:13.070 --> 00:52:13.470
And

610
00:52:13.950 --> 00:52:14.770
scale up?

611
00:52:15.195 --> 00:52:17.295
Like, if it's an eight of 10

612
00:52:17.915 --> 00:52:21.535
Yep. Does do I need, like, four devices or something to recover?

613
00:52:21.915 --> 00:52:23.295
Or No. Eight.

614
00:52:23.915 --> 00:52:24.655
Need the same.

615
00:52:25.115 --> 00:52:30.240
You'll always I need eight. I need eight to recover. You get you get zero information

616
00:52:30.619 --> 00:52:31.599
until you actually

617
00:52:32.380 --> 00:52:33.359
I need the threshold.

618
00:52:33.900 --> 00:52:43.039
I need the full threshold. Yes. You need the full threshold. We do so we do have some information there. So we have the name. This is and user feedback would be helpful here. We have, like, the name of the device.

619
00:52:43.685 --> 00:52:43.845
So

620
00:52:44.485 --> 00:52:46.905
and we have the name of the wallet it's a part of.

621
00:52:47.205 --> 00:52:53.065
So if you plug it, like, if anyone finds your thing, it's gonna be like, this is Matt's life savings.

622
00:52:54.165 --> 00:53:03.349
I'm not gonna And then Fair enough. Fair enough. Yeah. He so don't maybe don't name it that, you know, but, we have to figure out if that's a good idea or if people don't want that to know anything.

623
00:53:03.890 --> 00:53:12.505
We thought it was, like, I'm I'm thinking more like should do it in my family to sort of know that. Like, oh, you found the right thing. Like, this is the right thing. Good on you. You're making progress,

624
00:53:13.204 --> 00:53:14.185
towards the thing.

625
00:53:14.964 --> 00:53:21.785
Then maybe give the cheat name. It'll say the wallet name, like, the whole wallet name, and then also the device name. Right? So it'd be like

626
00:53:22.320 --> 00:53:23.220
Matt savings,

627
00:53:24.160 --> 00:53:33.300
and then it would be like office or something. Yeah. Exactly. Yeah. Exactly. Or key one, whatever you wanna name it. Yeah. It has it has those three things. It has the number of the thing,

628
00:53:33.920 --> 00:53:40.185
the the the the name you gave it, and the name of the wallet. And that's the three bits of metadata you get when you find a device.

629
00:53:42.085 --> 00:53:42.825
Is there,

630
00:53:44.485 --> 00:53:47.465
physical limitation on how many of these things I can plug in?

631
00:53:48.160 --> 00:54:01.620
We actually don't know what the limit is yet. I think, the biggest we've done, I think, is an 11 of 19, and we we ran out of devices at the time. And that was on a phone. You had 19 of these plugged in? Yeah. Yeah. And we made a key. Yeah.

632
00:54:02.634 --> 00:54:04.815
So it's it's gotta be higher than that.

633
00:54:05.914 --> 00:54:12.414
We'll we'll probably figure we'll probably find that out in the next few weeks, but it's pretty fun not to know. Maybe someone else will find that before us.

634
00:54:13.275 --> 00:54:13.775
Yeah.

635
00:54:14.075 --> 00:54:15.934
I mean, it starts getting pretty ridiculous.

636
00:54:17.130 --> 00:54:17.869
Yeah. I

637
00:54:18.170 --> 00:54:19.210
think, you know, the only

638
00:54:19.849 --> 00:54:22.109
maybe some really peculiar organizational

639
00:54:23.289 --> 00:54:23.789
situation

640
00:54:24.170 --> 00:54:26.030
that might might be useful for that.

641
00:54:26.809 --> 00:54:35.385
You know, you've got a a flat hierarchy organization of, you know, 20 people or so, and you wanna make a, you know, 11 out of 20 or something.

642
00:54:36.005 --> 00:54:46.905
I could definitely Organization's a whole different thing though. This is this is just for personal personal savings. We don't have, we haven't tackled organizations yet, but you can imagine there's like a million things there.

643
00:54:47.230 --> 00:54:49.810
Like user access controls and stuff. Yeah.

644
00:54:52.430 --> 00:54:54.990
Like, there's there's a lot of things. And,

645
00:54:55.630 --> 00:55:04.545
the the big one I mean, one of the big the the big advantage of Frost is that you could you could actually change out members of the organization with keys without changing

646
00:55:05.565 --> 00:55:06.224
the descriptors

647
00:55:06.605 --> 00:55:11.744
or the the public keys of the wallet. Like, if you have a if you have a multisig right now,

648
00:55:12.590 --> 00:55:20.450
you wanna remove someone from the board or whatever and they have a key in the multisig, you have to change like, you have to cancel the outstanding invoices or whatever of the company,

649
00:55:21.070 --> 00:55:26.110
and then do the thing and then reissue the invoices because that those old addresses are no longer

650
00:55:26.510 --> 00:55:27.525
Yeah. Valid.

651
00:55:28.005 --> 00:55:32.825
And so yeah. So with Frost, we can actually change it behind the scenes without changing the whole addresses

652
00:55:33.125 --> 00:55:35.305
organization and, you know, infrastructure.

653
00:55:35.684 --> 00:55:38.345
So that's, one real big advantage, I think.

654
00:55:38.724 --> 00:55:43.065
No. This could be amazing for organizations. I mean, Multisig in general is amazing for organizations,

655
00:55:43.430 --> 00:55:44.890
but Frost Multisig,

656
00:55:45.750 --> 00:55:50.970
all of us all of a sudden opens up a ton of huge possibilities. But you need, like, the actual UX to

657
00:55:51.510 --> 00:55:52.890
Yeah. Handle it all.

658
00:55:53.270 --> 00:55:55.050
Yeah. Exactly. A big one,

659
00:55:56.685 --> 00:55:58.065
will be remote signing.

660
00:55:58.445 --> 00:56:08.625
So I can have my Frosnap device and you can have your Frosnap device, and we can be, you know, on the other side of the world, and we can both plug our devices in and and, you know, do a signing session.

661
00:56:09.725 --> 00:56:11.025
Not an option or something.

662
00:56:11.660 --> 00:56:12.160
Pardon?

663
00:56:12.620 --> 00:56:20.960
That's not that's not ready yet, though. Not yet. Not yet. Probably probably six months or something, will have that. And how do you see that? What is the transport mechanism?

664
00:56:21.900 --> 00:56:25.660
I'm I I really I'd I'd really like to use Nosta as sort of the,

665
00:56:26.380 --> 00:56:27.040
the the

666
00:56:27.465 --> 00:56:28.845
communication layer for that,

667
00:56:29.705 --> 00:56:34.925
for the primary reason that you're not so dependent on Frostnap as the company. So

668
00:56:35.385 --> 00:56:44.420
if if you know the Frostnap Nosta Relay is not available, you can just plug in your own relay into the app and you can communicate with your your peer that way,

669
00:56:45.360 --> 00:56:46.260
and and send,

670
00:56:46.560 --> 00:56:47.520
you know, Frost,

671
00:56:47.920 --> 00:56:49.220
signatures over Nostra.

672
00:56:51.760 --> 00:56:59.855
Yeah. I I I I did a a demo with, Nostra. It worked it worked fine. I think it it may it's nice because you got the same kind of public key

673
00:57:00.475 --> 00:57:04.975
cryptography going on, in Nostra, same kind of public keys. So you can sort of,

674
00:57:06.715 --> 00:57:17.600
simplify things a little bit by choosing choosing, you know, if you have existing Nostra kind of public keys and you verify that out of band, like you've got your different accounts, you can sort of Like your Choose these accounts. Or whatever.

675
00:57:17.980 --> 00:57:21.280
Yeah. Contact list. You can choose them out of the contact list and that sorts out a few

676
00:57:21.580 --> 00:57:35.625
issues in the cryptography that we have to sort finesse when you're just doing it with these devices in in person. So So we got, we don't, we don't exactly know exactly where we're going to go with that. But, you could imagine that you don't even have the Frost app devices.

677
00:57:36.164 --> 00:57:37.865
You can just do Frost over Nostra.

678
00:57:38.724 --> 00:57:44.800
I guess Frost, we're, we're, we, our vision is that, you know, it is probably good to have separate devices for keys.

679
00:57:45.100 --> 00:57:46.880
And we don't know how it happens

680
00:57:47.180 --> 00:57:51.360
when, you know, you just want to add a guy to your organization, have a key on their phone or whatever.

681
00:57:51.900 --> 00:58:02.015
Probably, you probably that's going to happen. I mean, it's just going to happen just because the the software is out there and probably, I mean, even with the Frostnap software we have already pub open source, you can probably just do that,

682
00:58:02.635 --> 00:58:03.855
pretty easily. So,

683
00:58:04.474 --> 00:58:05.535
it's gonna happen.

684
00:58:06.234 --> 00:58:09.135
Yeah. I mean, the remote signing stuff in general is that's

685
00:58:09.460 --> 00:58:17.000
part of the, like, organization building blocks. That's not like an individual doesn't really need remote signing, but, like, open SaaS needs remote signing.

686
00:58:17.460 --> 00:58:18.680
Yeah. We need it. Yep.

687
00:58:19.060 --> 00:58:21.320
Yeah. Yep. Yeah. Exactly. Yeah.

688
00:58:23.355 --> 00:58:24.255
Awesome. Well,

689
00:58:24.635 --> 00:58:25.375
I definitely

690
00:58:26.795 --> 00:58:29.455
I mean, I'm not gonna make excuses, but

691
00:58:29.915 --> 00:58:35.535
I definitely should have played around with the actual software before we had this conversation. So I look forward to doing that.

692
00:58:35.850 --> 00:58:38.170
Yep. Please do. Please do. I,

693
00:58:39.290 --> 00:58:42.270
it seems it's just fascinating to me. Like, I think it's,

694
00:58:43.050 --> 00:58:48.270
like, this could be a game change. I mean, the problem is is, like, Bitkey was cool because

695
00:58:49.665 --> 00:58:55.685
it made it easy for the average person, but it did take a lot of it made a lot of security trade offs to do that.

696
00:58:56.225 --> 00:59:06.570
I mean, even if you think about, like, how you guys are only selling for Bitcoin, originally, Bitkey only sold for dollars. Right? So it's like a completely different demographic in a lot of ways, at least in the beginning.

697
00:59:06.950 --> 00:59:07.450
Yep.

698
00:59:08.550 --> 00:59:12.730
But, like, the way I think about Bitkey is, like, Bitkey is more trying to protect you from,

699
00:59:15.545 --> 00:59:16.925
messing something up.

700
00:59:17.545 --> 00:59:21.725
Yeah. Because I kinda try to protect you from yourself and create full tolerance

701
00:59:22.425 --> 00:59:26.045
rather than securing you from sophisticated external actors.

702
00:59:26.585 --> 00:59:31.310
And that's a reasonable trade off, I think, for a lot of people who, like, threat model does not include the NSA

703
00:59:32.250 --> 00:59:36.110
or big tech or the NSA and big tech colluding together.

704
00:59:37.850 --> 00:59:42.270
But this seems to try and like, you're kind of you're making it

705
00:59:43.130 --> 00:59:45.390
pretty easy, pretty fault tolerant,

706
00:59:45.905 --> 00:59:50.724
but then also very secure. Like, you you're not really making that same security trade off,

707
00:59:51.665 --> 00:59:52.224
which is,

708
00:59:52.865 --> 01:00:01.045
that that could be, like, the holy grail. That could be very, very helpful to boost self custody and improve the current self custody setups of a lot of people.

709
01:00:01.410 --> 01:00:08.230
Yeah. We think so. On that. Yeah. Trying to keep that that same high level of security while

710
01:00:08.609 --> 01:00:13.910
not just adding more and more secrets to to have that security and so that, therefore, you have,

711
01:00:14.609 --> 01:00:15.750
very easy recoverability,

712
01:00:16.210 --> 01:00:20.205
which is, yeah, a very important thing in in terms of security,

713
01:00:20.585 --> 01:00:26.525
being able to access it, not not forgetting a PIN or a, a PIP 39 passphrase or something

714
01:00:26.985 --> 01:00:29.085
and and losing losing all your money.

715
01:00:29.510 --> 01:00:31.349
I have one more question for you. The

716
01:00:33.750 --> 01:00:39.609
I mean, this is like bleeding edge shit. Right? So Yeah. I mean, I don't know of anyone else doing

717
01:00:41.270 --> 01:00:44.010
frost stuff on Bitcoin. Is there, like,

718
01:00:45.435 --> 01:00:48.735
god forbid, you guys both die. Or is there, like,

719
01:00:49.675 --> 01:00:52.895
is there another wallet that I can restore Frost

720
01:00:53.275 --> 01:01:01.920
Bitcoin stuff on, or am I running, like, Bitcoin core to do it? Can I answer A very important one? Yeah. So we're going to make

721
01:01:02.380 --> 01:01:08.560
a a very small tool, probably like a 100 lines of Python or or Rust or something that will take

722
01:01:08.940 --> 01:01:10.800
two of your seed phrase backups

723
01:01:11.934 --> 01:01:12.434
and

724
01:01:12.734 --> 01:01:18.275
basically squish them together and output an Xpriv that you can load into Sparrow,

725
01:01:18.575 --> 01:01:20.194
Electrum, Bitcoin Core.

726
01:01:21.055 --> 01:01:23.155
Which just sweeps it to a regular wallet?

727
01:01:23.630 --> 01:01:26.930
Yeah. Exactly. I think Lloyd's actually managed to to,

728
01:01:27.390 --> 01:01:31.570
Vibe code one of these tools, you know, to say, here's what the backup looks like.

729
01:01:32.830 --> 01:01:35.890
You know, give me the code that will output the XPriv,

730
01:01:37.065 --> 01:01:38.365
based on these backups.

731
01:01:39.145 --> 01:01:40.845
And so it's It's really amazing.

732
01:01:41.865 --> 01:01:45.005
So what so actually that changed the fact of the

733
01:01:45.305 --> 01:01:57.670
the ability to vibe code or the AI, you know, coding agents really it sort of changed my it changed our opinion on the on the backup format. So I went trying to optimize for the ability to explain

734
01:01:57.970 --> 01:01:58.470
it

735
01:01:59.170 --> 01:02:05.910
to a computer and have the computer just generate code that does it, actually became, like, one of the top design priorities of it.

736
01:02:06.215 --> 01:02:23.410
And so it ended up being that we just used BIP 39 words. So they're not a BIP 39 backup, obviously, but they just BIP 39 words. So it's the same standard. With the num Yeah. With the same words and it's got the it's got the number at the front of it. So which, which, share it is, so which key it is in in the multizig.

737
01:02:24.030 --> 01:02:31.490
And that's that's basically it. And a bit more a bit more checksums and some, stuff like that. But basically, you just need to take the first 24 words.

738
01:02:32.750 --> 01:02:49.109
You put that into a sec p two five six k one secondret key. So it's some sort of secret key that you would you would normally use to Bitcoin. And then you just do this this, one mathematical operation between them, and then you get back to the x priv. And so you can actually explain that in, like, three bullet

739
01:02:49.650 --> 01:02:51.750
points to a thing and have it put out Python,

740
01:02:53.170 --> 01:03:02.470
to to get you back your your x priv. So that's, that's, one one thing we've actually achieved in the design of the backup format. So it's 25 bit 39 words.

741
01:03:03.885 --> 01:03:07.985
So what does that but what does that look like in practice? Like, I so I do that,

742
01:03:08.765 --> 01:03:09.265
and

743
01:03:10.445 --> 01:03:16.065
and then what do I see in Sparo? Is it sweep is it is it doing a sweep transaction, or is it actually

744
01:03:16.605 --> 01:03:18.385
It would just actually look like a wallet.

745
01:03:18.740 --> 01:03:26.359
You look like the wallet. So you'd have your your My UTXOs would still be separate or whatever. It'd be like a front it would be like a wallet restore.

746
01:03:26.660 --> 01:03:43.775
It's like a translation almost. Not a it's not a wallet sweep. Yeah. Exactly. Yep. You'd just be able to use it as a normal wallet in Spirer with a private key. Just convert a hot wallet, but yeah. Yep. Yep. Yeah. Oh, that's awesome. I mean, that's better than the status quo of like, with Bitkey, you basically have to sweep. You can't

747
01:03:45.195 --> 01:03:47.455
you can't restore the wallet in Sparrow.

748
01:03:49.790 --> 01:04:01.410
Yeah. I mean, obviously Hopefully, hopefully, hopefully, eventually, like, the Sparrow will be able to put in our backups directly, and you wouldn't even need a separate tool. Right? Yeah. I mean, if anyone would do it, it's Craig. I mean, the guy's a fucking legend.

749
01:04:02.085 --> 01:04:06.885
Yep. I mean, I I presume the the when I ask this question, it's, like, more of a

750
01:04:07.685 --> 01:04:11.224
I mean, if you're bullish on Frost, then the idea is you're kind of

751
01:04:11.765 --> 01:04:15.145
setting the ball in motion, and you're like, there should be, like, a

752
01:04:16.280 --> 01:04:24.060
a Frost ecosystem of apps that will a Frost Bitcoin ecosystem of apps that will develop over time. But in the meantime, it's important to have, like, the,

753
01:04:24.920 --> 01:04:28.619
you know, the big exit button if I need to get out or something.

754
01:04:29.235 --> 01:04:30.055
Exactly. Exactly.

755
01:04:30.435 --> 01:04:39.155
Yep. Yeah. So it'd be it'd be much nicer if you could, you know, not have to enter your backup on, you know, a hot wallet. You could just enter that backup on another hardware wallet,

756
01:04:39.875 --> 01:04:41.335
and and restore that way.

757
01:04:41.859 --> 01:04:47.640
Awesome. Well, guys, this has been great. I look forward to testing it out. Thank you for pushing the limit on

758
01:04:49.300 --> 01:04:52.599
self custody and pushing the ball forward and trying new things.

759
01:04:53.060 --> 01:04:54.359
We need more of that.

760
01:04:55.765 --> 01:05:00.105
Do you before we wrap, let's wrap with some final thoughts. We'll start with,

761
01:05:01.125 --> 01:05:09.225
Nick. Final thoughts. Yeah. Yeah. Just thanks very much for having us. If you wanna support FrostNap and the, you know, the future of self custody,

762
01:05:09.840 --> 01:05:12.180
you can preorder now at frostnap.com.

763
01:05:12.880 --> 01:05:17.220
And I think you'll you'll have a great time and, your your opinions on

764
01:05:17.600 --> 01:05:21.220
what self custody can look like will will be changed forever. So, yeah,

765
01:05:21.760 --> 01:05:24.660
please please buy some devices and and try them out.

766
01:05:25.375 --> 01:05:27.635
Love it. Thanks, Nick. Lloyd, final thoughts.

767
01:05:28.255 --> 01:05:31.315
Yeah. Thanks so much for having us, and thanks everyone for listening.

768
01:05:32.335 --> 01:05:37.875
Yeah. Look forward to the future where you don't you guys don't have all your money in your house. That makes sense. Let's get it done.

769
01:05:38.335 --> 01:05:39.635
It's an important future.

770
01:05:40.599 --> 01:05:42.540
You're running back. You're not in your house.

771
01:05:43.000 --> 01:05:44.060
Not in your house.

772
01:05:45.080 --> 01:05:46.780
I I cosign that.

773
01:05:48.440 --> 01:05:52.119
Guys, thanks for coming on. Freaks, you can go to frostsnap.com

774
01:05:52.119 --> 01:05:54.540
if you want to preorder some devices.

775
01:05:55.645 --> 01:05:57.265
I'm gonna put all of their links,

776
01:05:57.805 --> 01:06:04.305
Noster x, whatnot, in the show notes. All the links for CIL dispatch are at cildispatch.com.

777
01:06:04.365 --> 01:06:06.545
Thank you to the freaks who support the show.

778
01:06:07.485 --> 01:06:15.349
You guys keep me coming in week in, week out. There'll be another civil dispatch next week. If you pay attention at primal.net/odell,

779
01:06:15.349 --> 01:06:19.050
I'll let you guys know when it is. Hopefully, we'll have the Nostril live chat

780
01:06:19.510 --> 01:06:20.330
up and running.

781
01:06:21.830 --> 01:06:26.125
For those who joined late, there's just been an ongoing DDoS on ZapStream,

782
01:06:26.905 --> 01:06:30.685
that Kieran has not been able to get a handle of. So it is what it is.

783
01:06:31.225 --> 01:06:33.325
Lloyd, Nick, thank you for joining.

784
01:06:33.785 --> 01:06:35.245
Freaks, this is for y'all.

785
01:06:35.785 --> 01:06:36.605
Thank you.

786
01:06:37.065 --> 01:06:38.365
Stay on the stack sets.