diff --git a/README.md b/README.md index 612fe9c9..7d3749be 100644 --- a/README.md +++ b/README.md @@ -172,6 +172,17 @@ keep frost network sign --group npub1... --message --relay wss://nos.lol - Generate threshold keys without any single party knowing the full private key. Each participant runs independently and coordinates via Nostr relay. +**Security: DKG vs Trusted Dealer** + +| Aspect | Trusted Dealer (`frost generate`) | Distributed DKG (`frost network dkg`) | +|--------|-----------------------------------|---------------------------------------| +| Key exposure | Full key exists on one machine | Full key never exists anywhere | +| Entropy source | Single machine | All participants contribute | +| Compromise risk | Single point of failure | Requires threshold breach | +| Use case | Testing/development | Production | + +The trusted dealer approach (`keep frost generate`) generates the full private key on a single machine. If that machine is compromised during generation, all funds are at risk. Distributed DKG ensures the complete key is never computed—each participant generates their share from independent entropy, so no single device ever holds enough information to reconstruct the key. + ```bash # Participant 1 (on first device) keep frost network dkg \ diff --git a/keep-cli/src/main.rs b/keep-cli/src/main.rs index 70dc1790..27a00184 100644 --- a/keep-cli/src/main.rs +++ b/keep-cli/src/main.rs @@ -1648,6 +1648,13 @@ fn cmd_frost_generate( ) -> Result<()> { debug!(threshold, total_shares, name, "generating FROST key"); + out.newline(); + out.warn("WARNING: Trusted dealer mode - for testing/development only."); + out.warn("The full private key exists on this machine during generation."); + out.warn("For production, use 'keep frost network dkg' for distributed key generation"); + out.warn("where the full key never exists on any single device."); + out.newline(); + let mut keep = Keep::open(path)?; let password = get_password("Enter password")?; diff --git a/keep-core/src/frost/dealer.rs b/keep-core/src/frost/dealer.rs index f126d91c..4081f62d 100644 --- a/keep-core/src/frost/dealer.rs +++ b/keep-core/src/frost/dealer.rs @@ -47,6 +47,15 @@ impl ThresholdConfig { } } +/// **WARNING: Testing/development only. Do not use in production.** +/// +/// The trusted dealer approach generates the full private key on a single machine during +/// key generation, which creates a single point of compromise. If that machine is breached +/// during generation, all funds are at risk. +/// +/// For production use, use distributed key generation (`keep frost network dkg`) where each +/// participant contributes entropy independently and the full private key is never computed +/// or exists on any single device. pub struct TrustedDealer { config: ThresholdConfig, }