Multi-Human Root

FROST threshold cryptography. No single human holds the full key. t-of-n participants required for every critical operation.

Phase 1

Initiation

Ceremony initiator proposes threshold parameters. Participants are invited via secure channel. Each confirms their HMR DID identity. Session established over Noise XX.

Phase 2

Commitment Round

Each participant generates a secret polynomial of degree t-1. Commitment values computed and broadcast to all peers. Every participant verifies all received commitments.

Phase 3

Share Distribution

Each participant evaluates their polynomial at every other participant's index. Shares encrypted and sent point-to-point via Noise XX. Invalid shares trigger identifiable abort with blame.

Phase 4

Key Derivation

Group public key derived from all commitments. Each participant derives their individual signing share. MHR DID generated from group public key. Document threshold-signed.

Result: did:oas:<namespace>:mhr:<group-public-key>

Common Threshold Configurations

2-of-3

3 humans

Small teams, co-founders

3-of-5

5 humans

Board of directors, multi-sig wallets

5-of-7

7 humans

Security-critical governance

7-of-11

11 humans

Enterprise key management

Security Properties

No Single Point of Failure

The full private key never exists in any single location. Compromise of fewer than t shares reveals nothing about the key.

Identifiable Abort

If any participant behaves maliciously during the ceremony, the protocol identifies the misbehaving party and aborts safely.

Coordinator-less

No central coordinator needed. The protocol runs peer-to-peer over Noise XX encrypted WebSocket channels.

Indistinguishable Signatures

Threshold signatures are indistinguishable from regular Ed25519 signatures. Verifiers cannot tell the key is shared.