Introducing NOIST: a non-interactive, single-round t-of-n threshold signing protocol

NOIST is a non-interactive, single-round t-of-n threshold signing scheme.

NOIST allows multiple untrusted entities to come together and jointly produce a group key and generate signatures in constant time, where a disruptive signer cannot force a re-do of the entire round. The resulting signature is a single 64-byte BIP-340 compatible Schnorr signature.

NOIST is specifically designed for Brollup to aggregate liquidity under a unified framework. Brollup operators operate through an internal consensus mechanism to; (1.) jointly control the liquidity, (2) co-sign vTXOs & virtual channels, and (3) advance the rollup state. To outsiders, they appear as a single entity with a well-known public key, resembling a single-sig server.

Key-features

1. Non-interactive
   FROST and ROAST signatories are required to run an uptime software instance (i.e., on a server) to participate in the signing rounds. NOIST, on the other hand, allows signatories to produce a partial signature using any software, with timing not being a concern. This is because partial signatures are guaranteed to produce a valid full signature at some point in the future.
2. Single-round
   FROST and ROAST require multiple rounds to produce a valid signature. In contrast, NOIST guarantees to produce valid signature in a single round, as long as at least t participants collaborate. A disruptive signer from the subset n-t cannot force a re-do of the entire round.
3. Mutability
   FROST and ROAST quorums are immutable once the shares are distributed. In contrast, NOIST allows signatories to add or remove participants or change setup parameters such as the threshold, as long as at least t participants collaborate. This keeps the group key unchanged while distributing new shares to the added members.

Watch the full video to learn more