Citadel Dispatch

Share on social media:

Nick and Lloyd are the founders of Frostsnap. A novel hardware and software project that uses FROST to create easy to use, fault tolerant, and secure self custody bitcoin multisig wallets.

Nick on Nostr: https://primal.net/p/nprofile1qqsfrkatna3xvr54ykzgp5hjelmdeld4z0eg4p06f764a6vn5k6xszgthr8m6
Nick on X: https://x.com/utxoclub
Lloyd on Nostr: https://primal.net/p/nprofile1qqsrtnjl8xtejc4k7h38gz6akjv0v75vrsdhlznu0slr2n3tatf8w3qjmn8ve
Lloyd on X: https://x.com/LLFOURN
Frostsnap Website: https://frostsnap.com/
Frostsnap Repo: https://github.com/frostsnap/frostsnap/
Frostsnap on Nostr: https://primal.net/p/nprofile1qqsy3hc9jy28npuqzmc908td6cmx6dtaf36llel2adch6kynwksywecl78fv9
Frostsnap on X: https://x.com/FrostsnapTech

EPISODE: 175
BLOCK: 912302
PRICE: 928 sats per dollar

(00:00:02) Jack Mallers on Bloomberg

(00:02:31) Happy Bitcoin Friday

(00:04:01) Introducing Frostsnap

(00:06:01) Design Choices for Frostsnap

(00:08:01) Challenges in Multisig and Self Custody

(00:16:02) Frost Protocol Benefits

(00:26:01) Backup and Recovery Process

(00:38:10) Security Considerations and Device Features

(00:50:57) Purchasing and Preorder Details

(01:00:29) Future of Frost and Self Custody

Video: https://primal.net/e/nevent1qqs8mmlwrpsncun4uepuhkh4ku2vyc9tlmjuv3f3v9ryq50ehlta7rq02cnfq

more info on the show: https://citadeldispatch.com
learn more about me: https://odell.xyz

[00:00:03] Unknown:

Last time you were on our program, you   gave this idea. It kinda went viral on on x after   we spoke, but it was this idea of the idea of existing and being paid to exist through cryptocurrency.   The idea   that, you know, you sitting there at at work all day long, you're not necessarily being compensated   for what you're doing, and you see crypto as being a solution to that. I I I gotta be honest with you. I didn't quite get it. Okay. I want you to paint that picture for me and and get me on board. Yeah. Well, I so first of all, I think it's Bitcoin, not crypto. You know that. But just to clarify for the audience, it's it's Bitcoin specific. Well, that's just your view that that Bitcoin is the crypto that you're focused on. Yeah. But I think it's Bitcoin is the money within the crypto sphere. Okay. And the point really here is is this, Tim. Every single day,  

[00:00:50] Jack Mallers:

you make a decision   on how to get compensated for your time, your energy, your effort, your labor. I'm watching you. I'm sitting in the in the behind the scenes. I'm watching you haul your butt. You're doing a great job on this show. You need to somehow capture the value you're creating for all of us here.   And you need to somehow save that value so that tomorrow you can pay rent, You can get groceries. You can travel home and see your parents. But that comes every two weeks in the form of a paycheck to me. Right. But what the Whoever sees the value in that. They they hired me. Correct. So you're gonna get a paycheck in the form of dollars, but those dollars are losing value in the things that you need in your life anywhere between 220%.   Depends on what you want. You want a Caesar salad? 2%. You want a nice house? 20%.  

And so you need to find a way to persist and save and store that wealth.   And you make a decision every single day, whether you know it or not. Unfortunately, because the dollar is being debased,   everyone is a speculator here filming and watching us. And so you have to make that decision. And in my opinion, over the last fifteen years, and it will continue to be so, Bitcoin is the best place to do that. Take the wealth you're creating today, bring it with you tomorrow.  

[00:02:32] ODELL:

Happy Bitcoin Friday, freaks. It's your host, Odell,   here for another   Citadel   Dispatch. The interactive live show focused on actual Bitcoin and Freedom Tech discussion.   That intro clip was our good friend, Jack Mallers,   spreading the good word of Bitcoin on Bloomberg. Well, it seemed like a relatively hostile interview, but he handled it pretty well.   As always, freaks,   dispatch has no ads or sponsors.   Were brought to you by viewers like you supporting the show   with your hard earned sets.   The easiest way to do that is through podcasting two point o apps like fountain podcast. You can find that in your favorite app store.   Largest app of last episode was Pringle Mac with 5,000 sets.  

The other way you can support the show is by going to primal.net/citadel   or searching citadel in your favorite nostril app.   The largest zap we got there was actually much larger.   Rider die freak Trazin t r a z y n   said awesome rip as always, and he zapped 76,000   sets. Thank you, Trazin.   Unfortunately, our natural live chat is not working right now.   But we will be piping in the chat from YouTube, Twitch,   x, all the big tech socials.   So if you do have questions,   hit us with them. Comments.   Whatnot.   We have a great show lined up today. We have the cofounders   of Frost Snap. We have Nick here. How's it going, Nick?  

Doing great. Great to be back. Looking forward to it. Good to have you. Return guest is this is third time on the show, and first time guest,   cofounder Lloyd. How's it going, Lloyd?  

[00:04:18] Lloyd:

Very well. Thanks for having us.  

[00:04:20] ODELL:

It's a pleasure. It's a pleasure.   Frostnap, easy Bitcoin multisig powered by Frost.   Why should we care? Looks pretty cool.  

[00:04:29] Nick:

Oh, lots of reasons. Lots of reasons.   Yeah. We could we could   maybe we could paint a picture of, like,   some of the problems with self custody today and,   how FrostNAP sort of aims to solve these problems.  

[00:04:45] ODELL:

Well, let's first start with,   like, the   the actual choice of design. The   USB c,   they connect to each other, and then they connect to the phone kind of in, like, a   centipede type of formation.  

[00:05:04] Lloyd:

The hardware centipede?  

[00:05:06] ODELL:

Why'd you yeah. Why'd you guys choose that   versus   Bluetooth or SD card or QR code or  

[00:05:16] Lloyd:

There's a pretty pretty simple reason is that the you don't   as a as an architect or designer, you wanna try and avoid batteries on the devices.   And then the the if you have a phone, your only source of power is the phone, the phone's battery. You just like to leverage that. And so you only have one USB port there and so you just try and make more of them. So each each device provides a USB port to the other one. And that's pretty much the only reason. It's like, we wanted, yeah, mobile first experience so you can just   all your mobile is the only thing you need,   to recover, to sign, to generate keys.  

And so, yeah, we just   found that that was the simplest solution, actually.   It allows us to keep the devices small, very simple to manufacture.   And, you know, at the beginning, we were dead we would not,   Bluetooth   also is like a whole, you know, I mean, the the point is it's a perfectly good USB port there. Right? And so,   but, you know, we may have to eventually use Bluetooth for iPhones because that's what other people have had to do.   But for our very first edition, we we were not really thinking, like,   we really I mean, at the beginning when we designed this thing, we're not even thinking, like, it's gonna be a commercial product. It may have just been, like, an open source seed signer,   thing. It is open source, but it could have just been a community funded project, community organized project. So we wanted something that would, like, be very easy to manufacture for everyone   and also just work in a perfectly nice way. And that's, that's what the that's what ended up becoming the the FrostNet frontier. That's what you got in your hands. Oh, that's the alpha version.  



[00:06:47] ODELL:

Yeah. I like the original, like, testing version.   Three Yeah. Printed cases.   I mean, I I think it's like it's   like it's easy to joke around about, like, the human centipede,   comparisons or whatever, but, like, it's actually a very intuitive like, it makes sense. Like, you connect like, if you're gonna do two or three multisay, you connect three devices, you plug it into the bottom of the phone.   It's like,   it it's just intuitive,   brain wise,   particularly probably for new users. With multisig, you got a lot of moving parts. You got a lot of things going on.   But, yeah, that was going to be one of my questions is   famously,   Apple locks down that USB c port. So,   you might be able to get around it. Like, I know,   what old card does is you can it, like, creates a virtual disk. I don't know,   like, how much how how easy that is to do, but,   historically, people have used like, Ledger uses Bluetooth for their mobile connectivity to iPhone and,   Obviously, the corporate queue, seat signer,   passport, like, they use QR codes.  

Mhmm. So right now, you're Android only. Right? We're Android only. You connect it to USB. Android  

[00:08:08] Nick:

Android, Linux, and Windows.   And then,   Mac OS   will be pretty soon,   but iPhone is is a while off yet. Oh, so you do have desktop apps already? Yep. Yep.  

[00:08:21] ODELL:

Awesome. Okay. So,   what are we trying to solve here? Where does besides the fact that is more intuitive just   physically,   what are we trying to solve here in terms of pain points with other multisig options or other hardware wallet options?  

[00:08:36] Nick:

Yeah. So maybe one of the first things is is multisig   at the moment is still a little bit out of reach for majority of Bitcoin users.   You know, the   user experience of having multiple devices,   with setting them up over QR codes,   having to export   xPubs and descriptors and load them into   another wallet, like Sparrow or Electrum,   it's pretty tricky still. Even though it's getting better and better, it's still a little bit tricky.   And,   one important thing in that is the   the recoverability   of a of a multisig has a bit of a, you know, a a gotcha with,   needing a backup of the descriptor.  



[00:09:20] ODELL:

Right. So, like, in practice, that's like you keep, like, a sparrow backup config file or whatever.  

[00:09:27] Nick:

Yeah. Or you have a you know, you've got a copy of your public key alongside every every set of seed words.   So, yeah, the the the first thing is is making multisig,   accessible,   and that is to solve the problem of,   Bitcoiners storing their life savings,   in their home, which I think, unfortunately, you know, still a lot of a lot of Bitcoiners do today,   partly because they're a bit concerned or a bit, you know, they're a bit worried of how how to set up a multisig.  

[00:09:58] ODELL:

They're overwhelmed.  

[00:10:00] Nick:

Yeah. Yeah. Mhmm. That's why we see, you know, so many successful collaborative custody   custody models,   or even, you know, just not not going self custodial at all and and just going with the custodial option.  

[00:10:14] Lloyd:

Yeah. For me, it's like the thing that I could not get over is that descriptor thing is probably number the one number one thing. It's not that I couldn't do it. Obviously, I could figure it out. Yes.   I definitely can figure it out. But, my I don't really wanna give that to my family.   This particular problem and this particular issue is in this description.   So it's like,   that was the bridge too far for me, but I definitely have this problem that all my money was in my house. Right?   Yeah. And I really don't want that that problem either. It's also a risk to my family. If everyone knows that I have all my money in my house,   you know, which and if you're a Bitcoiner, you can pretty much assume, you know, with a high probability that that's the case.  

In practice, that turns it seems to work out, into if you look at the range attacks and stuff, the ones where they actually just go into the person's house is look like they're overwhelmingly   successful.   And then we don't have a great sample size yet because the the attacks are not so frequent, although they seem to be getting more frequent.   But, you know, like, I was looking at it. It's like 16   there were about 17 attacks,   and all but two of them, like, got all the money from the person. This is a home invasion type attacks, but they just go to the person's house.   And the two that failed were really just because the guy fought them off. Like, the one I mean, there's one that probably people remember here, which is the one where the there was, like, that streamer. Like, she was an OnlyFans or, like, I remember. She was, like, some streamer   Yeah. I think they're in Texas.  

Yeah. Yeah. The influencer in Texas and the her the boyfriend shot them off. I mean, that is really if they get into your house and you don't have guns, it basically it's done. I even have to give them everything.  

[00:11:50] ODELL:

I mean,   it doesn't really matter. But,   in her case,   I think she had, like, $20,000,000   on Coinbase.   Yep. So, like,   Coinbase probably wouldn't have let that transaction go through. That's true. Yeah. Because it's still probably better than that they shot them off. But,   I mean, and that's not the end as Bitcoiners, that's not the answer we want either. Is that, like, they're trusting a custodial solution. But in her situation, like, I mean, I know people that try and withdraw, you know, $500,000   from Coinbase when they get flagged. So, like, I really doubt Coinbase would have been   just a single $20,000,000   withdrawal out.  



[00:12:31] Lloyd:

Yeah. Yeah. I mean, that's the that's the but the tension there is really high because, yeah, if she had had been fully self custodial in that moment and had done it, you know, with a   a single hardware wallet and and her boyfriend had not had, you know, was not prepared, it could have been very, very, very bad. And so we don't want that tension to exist. We want self custody to be the the actual best way because, you know, Coinbase, they could still they have a chance to get some money out at least. It's still a it's still a it's still, an attractive target if you know and people have lost all their money from exchange accounts. Like, if they that is actually what they frequently happens is the home invasions. They do it with someone who has an exchange account. They just have to they're forced to log in. They're forced to forced to do everything.   It's still like a it's still a risk to have it in an exchange if you're,   because those policies, they don't they're not often catered to this kind of situation where you're getting coerced, and you def it's definitely you. Like, they fully authenticate it's you. You've got your two FA codes and everything, but  

[00:13:27] ODELL:

it wasn't that you want what you wanted to do. I mean, the only exchange account, like, the multisig kinda solves or mitigates at least is,   the less morbid attack, which is actually more common,   which is like the phishing or password compromises or reusing passwords or your email account, your two factor gets compromised.   We see those attacks happen all the time.   Yeah.   And just from the, like, the way multisig works,   you're probably less likely to get hit with like, successfully hit with a phishing attack, I think. I mean,  

[00:14:03] Lloyd:

maybe single sig you, like, put in your seed words or whatever. But, like, I don't really, like, see the situation where someone, like, falls for phishing attack and is, like, getting multiple devices, like, signing, like, putting in a Bitcoin address, confirming a device, sending. That that's what I'm really hoping. Like, I think that is the case. Like, there are people who are, like, you call them up and they will just give the seed words if it's a technical support thing or whatever. But, hopefully, if you have to drive to a different location, like a different hemisphere of the brain locks in, you're like, what am I actually doing here? Like, I dialed on Telegram. It's telling me to drive around town and and you stop at that point. So maybe that would just be the method may it may be that the people save more money from just that fact. Right? You give it to people and they just have to drive to spend to tell the guy on the phone their seed words, and it just saves a lot of money like that, putting rent to tax all the way to the site.  

[00:14:54] Nick:

Yeah. Yeah. Yeah. And I think that that's,   that's an important part of multisig is is, yeah, not being able to spend your life savings in in a matter of minutes.   So, yeah, even if you, you know, single sync   solutions   don't really have, like, you know, you you got a pin or whatever, but that's that's not gonna stop you from spending all your money,   to   to, you know, to an attacker in a matter of minutes or even a scammer   to be instantly tricked.  

[00:15:22] ODELL:

Lloyd, the live chat is complaining about your mic. What mic is Is it better now live chat? Lloyd is better. That sounds good. Okay. Thank you. Were we on it? Next one. Do we switch which mic we're on? Or   I just I just lowered the gain on it. Okay. I think that's much better. I also lowered the gain on my side. I've been lowering the gain on my side. Speak again.   What's the best hardware wallet?   Frost snap. Okay. Sounds much better. Thank you, live chat.   We do live moment I, I fixed the audio a little bit before we publish on the podcast app. So   Cool. Only the few people who joined us on,   so far have have had that issue.  

Okay.   So so we're trying to solve   make self custody easier, make multisig easier,   but how does it actually do that besides   like, where does Frost come in? What I mean, that's the big thing here. Right? This is the first major hardware platform, I believe,   that is using Frost at its core. What makes that different from regular,   good old fashioned multisig?  

[00:16:27] Nick:

So   in terms of the user experience of creating the wallet,   I suppose you could do that with sort of a traditional multisig   setup. But   it makes it it's very natural to do with Frost.   One of the reasons for that is,   when you create a wallet to use with Frost,   it uses a product a a protocol called distributed key generation.   And,   what that means is is it's not each device   creating its own private and public key pair.   Each device   contributes some some randomness,   to to an overall key and sort of this key generation   ceremony.  

And,   this actually comes with some very nice security benefits where you can   you can,   you can include the phone in in this process.   So so   the the phone itself can also contribute randomness,   into into the key. And so, you know, even if all the devices,   were malicious or backdoored,   so long as your your phone or your laptop is honest,  

[00:17:38] ODELL:

you'll you'll receive you'll end up with a a Basically, as long as one device is honest. Right? Because if your phone is compromised   and the device is not malicious, you should be good in that situation too. Yep. Yep. That's right. Yep.  

[00:17:51] Nick:

Yep.   So, yeah, it's quite it's quite natural for Frost.   And that's also one reason why we we use the USB   c port. Like, we're not doing things over QR codes and things,   is because there's there's a few rounds of communication,   in that in that process.   So, yeah, it's it's very natural to do to do in the setup how we have it.  

[00:18:14] Lloyd:

Yeah.   And then, we got the you got a single public key. That's one of big advantage of Frost. You don't have   a multiple public keys, one for each hardware wallet. So no one can really see your no one can see you're doing Frost on chain, and you get the same fees as the cheapest fees you can currently get on BigQuery. Looks like a single sig on chain?  

[00:18:33] ODELL:

Yep. Yep. Yep. Because this is, like, extra protocol. This is outside of the protocol.  

[00:18:38] Nick:

Yeah. It's, like, off it's off chain. So instead of doing multisig in Bitcoin script,   the the multisig is done through mathematics,   called threshold signatures.   And, yeah, that That's interesting. You end up with a single public key.   And and, yeah, the privacy benefit is actually quite huge there because   at at the moment with traditional multisig, if you,   you know, if you you buy something with your Bitcoin, you actually reveal to the whole world, you know, I've got a five out of eight multisig. But isn't that isn't that kind of a good privacy leak in terms of your transaction  

[00:19:13] ODELL:

tax? Like, that's because, like, crazy person   crazy person comes into your house and is like, okay. Where's your single sick wallet or whatever?   But it's like, no. I'm using multi tickets. Like, now I saw your on chain pattern and   you're clearly using single. So it's like, no. I'm using frost. You don't understand.  

[00:19:32] Lloyd:

But I mean, that may happen one day.  

[00:19:35] ODELL:

Specifically. Yeah. Mostly joking. I mean, specifically,   it's not really that bad of a privacy leak on regular multisig if   you're using a normal like, a a common,   threshold amount. Like, if you're using two or three or whatever, there's a decent amount of two or threes. There's a decent amount of three or fives. But, yeah, you're right. If you're using, like, five of eight or something, there's, like, probably four people or, like, a couple organizations that are using five of eight. And then all those transactions are   probably the same people. Right?  



[00:20:06] Lloyd:

Yeah. Yeah. Yeah. The it makes it much easier to follow through the chain.   Right? That's the chain analysis.   The only, the only the   the obvious counterpoint to that is right now, very few people are using Taproot. And so that'll be easy to follow as well. But if in an ideal world where everyone were using Taproot, it would be, much more private in the sense of more difficult to do chain analysis.   Assuming some other things as well. Like, chain I don't wanna I don't wanna chain analysis, they're actually very effective.   Everyone should know that. You're gonna act pretty it it's pretty easy to follow change addresses and stuff  

[00:20:41] Nick:

through the the blockchain.  

[00:20:42] Lloyd:

Right. And so it but it definitely definitely helps to have, the same sort of script pub key on the chain, the same multisig  

[00:20:50] ODELL:

as you follow it through. Well, our listeners on dispatch, I think, are pretty,   at least aware of the on chain privacy trade offs.   I,   but to the ones that might not be basically, it comes down to probability analysis.   And so they're doing their   the blockchains forever. They're doing probability analysis on whether or not Bitcoin has ex has changed hands and if ownership has changed hands.   And they use different heuristics   to   to basically nail down that probability and make it more likely that they can track entities through the chain. And, of course, obviously,   the fact that the overwhelming majority of people are buying Bitcoin through KYC exchanges and attaching themselves to their identity at the entry and exit points,   makes that probability analysis much easier.  

Okay. So in terms of backup,   what does so the setup process, I think, is relatively straightforward. I'm plugging in let's say I'm doing a two of three. Or I guess   if I have three hardware devices, is the phone one key too?  

[00:21:55] Nick:

Not at the moment, but it still contributes to that that key Randomness. Generation ceremony. Yeah. Okay. So I plug in three devices. I'm making a two of three.  

[00:22:05] ODELL:

Yep. Presumably, the app makes that relatively straightforward. I'm, like, approving on each device as I go.   Yep.   Then I'm taking them apart, and I'm putting, you know, like, one in an office, one in a safe deposit box, maybe keeping one at home.   I have the phone to coordinate.   Now,   historically, the concern has been that you'd have some kind of hardware failure, so that's why we have offline backup. So what does that backup process look like? Is that am I keeping a a seed for each?  

[00:22:35] Nick:

Yes. Yes. So after you've created the wallet,   the app will prompt you to do to run through the sort of backup process.   And what that would look like is you you plug one device into the phone,   confirm to display the backup,   and then it would present you, a set of seed words,  

[00:22:54] ODELL:

at the end of the day. Device?  

[00:22:55] Nick:

Yes. On the device. Yep.   Yep.   Yeah. We  

[00:23:01] Lloyd:

in the design process, we really would have liked to avoid seed words the same as, like, Bitkey manage were decided they were not gonna tackle that thing, and we would have liked to avoid it as well because, you know, you've got two out of you've got redundant devices. So maybe it would be okay if you, if you lost one device.   But in the end, we felt we had to go with,   a full backup,   you know, solution. At least it's so it's there. So that, that each device has its own backup and you could, you know, recover   recover all the money without any Frost snap devices or without Frost snap software.  

And so, yeah, there's a there's a backup on each. But we're hoping, like, because of frost, there's some tricks we can use to avoid actually having   to have you enter the backup. So in in the scenario you mentioned like your device fails.   So you've got a new device to replace it.   Normally, you would have to input your backup into the device in order to restore it. But actually,   we should be able to we haven't implemented this yet yet, but we we we the the cryptography is all pretty much a solved   a solved thing. We can just take you take your other two devices and you say like, I want to restore the share of this other device   that I that was broken onto this new blank device. And you should be able to just go visit   those other two devices   and then go finally go back to the   the new one and have it just fully restored without having to actually enter in the backup.  

You know, if if you if you yeah. Go ahead. So I my  

[00:24:29] ODELL:

my basic understanding   of Frost is Frost,   because it's outside of the Bitcoin protocol, would allow you to, like, basically do, like, a key rotation, add a new key,   after the fact without actually, like, creating a a completely new wallet. In this case, would that be an like, a completely new key with, quote, unquote, different seed words,   or would that just be, like  

[00:24:54] Nick:

to you can actually choose do you wanna you can actually choose, do you wanna recover a new do you wanna recover that same share that you lost,   or do you want to,   create an entirely new share,   that, you know, it it could go from a two out of three to a two out of four, essentially?  

[00:25:11] ODELL:

Right.   Yeah. Your business is adding a key. The threshold's still the same amount. It's still two,   blank, but you're adding  

[00:25:19] Nick:

a key to the total. Yeah. And if you lost that other one, then it's, yeah, it's basically two out of three.   Yeah.  

[00:25:26] ODELL:

And I'm I'm assuming,   based on your earlier commentary,   that there's nothing else the user needs to back up.  

[00:25:35] Nick:

They just back up That's correct. That's correct. So, yes, just just one set of seed words per device.   Yep. And so if you if you lose the app, you lose the devices,   and you've got a two out of three, you can you can either get two new Frostnap devices,   enter the seed words   onto each device to restore those backups,   and then you're good to go.   You don't need any descriptors or any other metadata.   It's all all contained on the the FrostSnap backup sheet.  

[00:26:06] ODELL:

That's awesome.   So,   what are your thoughts on,   so these devices,   you know, part of,   your early design decisions to, like, make them easier to manufacture   and more open do not have secure elements on them.   Secure elements historically,   one of the main main use cases for them is to stop, you know, physical tampering.   How do you think about that theft mitigation? You know, I'm keeping it   at my office, and I have an evil secretary who's   very technically competent in compromising my device.  

[00:26:49] Lloyd:

I think for my opinion, it actually doesn't secure elements don't help with tampering that much. If you can actually tamper with it, like, you know, get onto the chip, the the main MCU,   because we've really like, we showed this attack called dark skippy.   Yeah. Darkskippy.com   if people haven't seen the the video, but actually, like, that's sufficient. If you can just tamper with any device, you don't need to hit the secure element at all.   As long as you can change the firmware of the device,   this when the when the user inputs their PIN, the secure element will release the key and you'll do a signature   on it. And that that that   malicious firmware   that we've put that the this made, this technically competent   made has put on there, will be will send the seed over the Bitcoin network.  

And so the I think the the secure element actually   is really about pin numbers.   So it's about protecting the seed and so the only the person who has the pin can actually get the seed onto the main MCU. So it's an authentication   chip basically is the way they're used.   And so we don't use   authentication   of the the user through a PIN number.   That's that's one   design decision. It took a lot to come to it, but that's what one design decision we came to.   The   the PIN numbers when you look at the security model of it like a single SIG and you have the PIN numbers there, what is happening is basically you're saying,   okay. You have a call card or something or a jade or whatever, any of these,   these devices with PIN numbers, and that device may be, like, laying around. It may be, like, in a in a drawer or something. Right. And that'll take an attacker, like, a short amount of time to find.  

Like, maybe, like, let's say fifteen minutes. Right? If they're they're they're going around your house, they could find your hardware wallet in fifteen minutes, but they wouldn't find your seed words in fifteen minutes. Like, that seed words, you're putting them, like, in some super secure location that is, like, really I don't know. You buried them in the garden or something. It would take, like, many hours or something. And so the PIN number is there to allow you to have that sort of convenience. Like, I have this this within arm's reach device with a PIN number, and I have these seed words that are not within arm's reach. They're gonna be harder to get to or something like that. So that's the the paradigm where the pin sort of makes sense.   For our paradigm, we're using the geographic distribution to sort of authenticate the user if you like.  

It wouldn't help us much to put a pin on the devices because,   actually, we didn't in our design, we actually probably store the frostnaps with your seed word backup.   K? So it's like there isn't this much multisig the then the reason we do this is multisig is just by definition inconvenient.   You know? There's not much point of an within the arm's reach devices skewed by a pin   if you have to go on a drive to get it. Right? It's like it's not it's not it's not even gonna be convenient.   It shouldn't really be convenient for your ultimate cold storage setup. Right? You don't really want convenience. They're not really a super important feature. I mean, good user experience is. Right? You want that to be easy to use and not no no foot guns and stuff. We want it to be inconvenient to spend all your life savings. So it took it shouldn't hap be able to happen in a couple of minutes.  

[00:30:08] ODELL:

Minutes. You know? So that's Okay. So let's Yeah. Let's just go down this rabbit hole a little bit. First of all, dark Skippy was a little bit a while ago.   So just for a refresher,   for my sake, I mean, I think, like I mean, in cold cards specifically,   I think the secure element   protects you from dark Skippy.  

[00:30:32] Nick:

You And what is the other alright. It's going well.  

[00:30:35] ODELL:

Yeah. If we can we can change words. Right?   Specifically, the the fishing words. Like, you enter the first half of your PIN, the fishing words would be different.  

[00:30:47] Lloyd:

No. Because, I mean, it's still the same everything. Like, the same secure element. The phishing words would be the same like, it's the same device. Like, I mean, we're talking about, like, a a maid who can actually open up your call card and change this firmware running on the main MCU, but they can't break the secure element. Like, that's some this is a made that doesn't exist, obviously. But if if that's such a made existed,  

[00:31:06] ODELL:

yeah, they could change the firmware. Just that's why cold card has the secure two secure elements there. No?  

[00:31:12] Lloyd:

One of the reasons. It wouldn't like, the the secure elements just authenticate. It's the PIN. It's the right PIN. So the main MCU is, like, taking the also protecting the secret  

[00:31:21] ODELL:

behind the PIN.  

[00:31:23] Lloyd:

Right. But you're gonna enter the correct PIN, and you're gonna see the same the correct words come up. This is the same device. We're not we're not swapping out the device. We're just changing the firmware on the main MCU. So you're gonna but I guess you're gonna see Oh, but I would see the big red light that says firmware attestation failed. Right. Probably. Yes. That that phishing that's when you would protect me. The big red light would protect me.   Yeah. Yes. So that's the but if, yeah, if you can get around the big red light, though. No. The no. The the big red light, actually, we can get if you can change the firmware, we can get around the big red light also. Because the big red we can send the wrong firmware to the secure elements.   So the   the the the issue is, like, the main MCU,   if you do the signing on there,   that's all you need to compromise. You don't need to compromise any other secure elements or whatever.  

It turns out the main MCU is actually very difficult to compromise, by the way. It's not it's not trivial. Like, people   people think that, like, oh, yeah. The secure elements are like, it's super impossible to compromise. The main MCU isn't, but actually,   you know, Ledger showed an attacks on the on the secure elements, but not they couldn't do the attack because they it seems like they couldn't pull off the one on the main MCU.   But, that so yeah. The main so the if you believe you can corrupt the main MCU, you can corrupt the device.   It is a very difficult thing to pull off. Okay? So you have to open up the thing. You'd have to take the chip out. You're gonna have to melt the chip or something and like, you know, put it back in afterwards,   or put a different chip in afterwards,   without breaking anything. But if you were able to change the firmware on the main chip, you can you can, you can take the money. The the when you put in the user put us in the PIN and they have none the wiser, they're running different firmware. Everything the green lights and everything will happen because the the main MCU will lie to the secure elements about everything. The secure elements don't know reality. They can only talk to the main MCU.  

So the main MCU can hide everything from them. And then,   when you put in your PIN numbers, you'll get the same words. Check words come up, and you'll finish it up, and you'll sign a thing, and your seed words will be in the signature,   because of that. So we don't yeah. The Okay. Well, I'm not I'm  

[00:33:25] ODELL:

I'm, I'm I'm not here to get into a debate over the cold card security model,   but,   I'm sure MBK will be insightful to me after this episode.   But   I,   regardless of that   Yep. Regardless of cold cards specifically, and I would say that   Ledger's,   shown attack or whatever was the previous generation devices. It cost, like, $600,000,   I believe, partially because of the secure element.   And then he added a second secure element and did some other stuff to harden it further and make it even more difficult.  

[00:34:05] Lloyd:

But besides all of that. Mhmm. There there's no attacker who's getting through those things that you will ever encounter in your life.  

[00:34:12] ODELL:

Yeah. What stops someone from so, like, I have a single device. Yes. Let's now let's   we we went through the maid. We're we're saying the maid,   she would need to compromise multiple devices, I guess.  

[00:34:26] Nick:

Yes. And and not only that. So so we actually,   we actually do have some protection against, an evil maid with Frostnap.   So Okay.   The the secret share that's on that device,   is actually encrypted,   and the the decryption key   sits on your your phone.  

[00:34:46] ODELL:

Or the computer.  

[00:34:48] Nick:

Yeah. Or the computer. So if if the maid was to find your Frostnap device and plug it into their phone Okay. That was my next question. Like, can they pull the seed or the key material off of this? And I guess No. It would be encrypted in that situation. That's right. And and so to actually learn that decryption key,   that made would have to visit   two out of your three devices,  

[00:35:09] ODELL:

to to essentially Oh, so that was my next question after that. So, like, if I lose my phone  

[00:35:14] Nick:

Yeah.  

[00:35:15] ODELL:

As long as I have the if I as long as I have two or three devices, I'm still good if I lose my phone?  

[00:35:21] Nick:

Yep. Yep. So it sort of falls back to the same security assumption. So if, yeah, if the maid can go and visit your two out of three devices, then they're essentially able to do recovery, and and then they'll be able to spend your money. But if if they only manage to visit one device, they they can't do anything with it. They can start a recovery, but they can't start signing a signing session   immediately.  

[00:35:43] ODELL:

So for that day the real reason why I mean, besides the fact that multisig   is distributed, I mean, that's the real reason why you don't need pins or whatever. They're, like, the kind of pins for each other.  

[00:35:55] Nick:

Yeah. And the we sort of use the secure element of the phone.   So so the the to   to initiate signing on the Frostnap device, you have to unlock your phone, which releases that decryption key,   to the device, and then you can do a signing session.   So for an evil maid, they would have to, you know, find one of your devices,   start recovery on that device,   leave it there,   go find your other device,   finish that recovery,   and only then they would be able to go back to the, you know, first device and and finish that that signing session,   to spend the money. So it's still a lot of a lot of hoops and that you still got that geographic distribution,   stopping them from pulling off the attack.  



[00:36:42] ODELL:

That's awesome. Okay. But let's go through   so then what does the   I think, actually, a phone being lost is probably the bigger, most common thing that's gonna happen to users.   Like, so what does that restore process look like?  

[00:36:58] Nick:

Yeah.   So so if you still got your devices,   Yeah. You can you can get a new phone, download the FrostSnap app,   go and visit, you know, your first device, plug it in.   It'll there's a in the app, there's a button say, you know, restore wallet, and it'll just start that recovery. The device will,   send a a sort of a a public share of its its secret over to the phone.   Then you would go visit your second device, plug that one in. You would and then you would finish restoration at that point, and the phone will,   learn the public key of that wallet at that point. It'll learn all the addresses,   and it will learn the metadata, the decryption key,   that will allow you to to go and sign again.  



[00:37:44] ODELL:

So it's a three device multisig. I only need to go to two devices with the new phone. Yep.  

[00:37:50] Nick:

Yep. That's right. And if if you don't have the devices and you only have the backups,   then you can either get a blank Frosnap device   and plug it in and enter the seed words,   onto the device, and that will, you know, restore restore the device that way.  

[00:38:09] ODELL:

Got it.   That's awesome. Okay. That makes sense to me.   So it's pretty fault tolerant. It's probably more fault tolerant than regular multisig.  

[00:38:19] Nick:

Yeah. You don't have this descriptor issue, which is which is really nice.   It's it's really, really nice.   And you there's you know, some peep like, one of the problems with this the the descriptor issue is like, an add on issue with it is   you have to sort of store that,   that private not secret, that private information   alongside your seed phrase or maybe you upload it to Google Drive.   Right. It's a privacy risk, not just security risk. So if anyone finds out, they learn how much money you have,   you know, all the all the payments you've been making.   And so some people try to, like, split that descriptor up into parts with things like Seedhammer.  

But, you know, it's it's sort of just started pushing the problem away.   It's not not making the UX much easier. I'll say that.  

[00:39:08] Lloyd:

Yeah. For me, like, I can give this to my family. No problem. You know, just give these these little devices.   Just bring them you know, plug them one of them one by one into a phone, and the whole thing comes back. And you can just sort of start,   signing and spending the whole thing right away.  

[00:39:24] ODELL:

Yeah. It seems pretty intuitive.  

[00:39:26] Lloyd:

Yeah. So it's mainly like it is like we'd have this technology thing on on on behind the scenes. Right? Frost?   We've tried to cover up any difficulties to the user, hide all those,   in intricacies of the actual cryptography and that you don't really see it at all,   hopefully.   Our first users might, you know, run into a bug or two, but hopefully, we've   we've hidden that. And then in the end, we've what we've done is just try to leverage the technology just to make it simple,   the u the UI and the UX really simple. So you can just just each device is like its own thing. And as long as you have two out of three of them,   you get all the money back, and it's really straightforward to get it all back.  

I see like, is the number one thing. Like, we want I want my other people to be able to get the money, which is not what you really really want to do mostly with hardware wallets, but you have to do it somehow. And adding more secrets to things and adding more pins and stuff   is like   it improves security. Adding secrets to stuff always improves security.   But, like,   it doesn't have it doesn't it's not great if your life savings is in such a storage. Right? Right. Such as secure.  

[00:40:35] Nick:

Yeah. But more people we started  

[00:40:37] ODELL:

I mean, we started it off with,   people coming in your house, robbing you, and fishing and stuff. But, like, most Bitcoin is lost by mistakes and overcomplicating   things and Yeah. Foot counts. Like, just users making mistakes.   I, well, before we get I see some audience questions. We'll get to that in a second. But before we get to that, onto that point that you were just making, Lloyd,   as a family man myself   and as a lover of multisig, one of the best parts of multisig in general is   that inheritance question that's, you know, I'm   get hit by a bus or, god forbid, or something happens to me. How does that Bitcoin pass down?  

I mean, it seems like there's a lot of clever ways you can handle   secure   sovereign   inheritance here without a trusted third party.   Instead of me just theorizing on it, how are you guys thinking about that? Is that a core element of a product offering?  

[00:41:42] Lloyd:

Yeah. At the moment, I'd say, like, it's very like, our first product, our first our Frontier Edition is just you gotta you maybe make it, like, a two out of four or something. You got two for yourself and, like, two you wanna leave with a friend and one with your wife or what whoever. Right? And then that's just you, you go away and they use the devices just to get They work together. They bring their two together.   Yeah, exactly. That, that would be the, that would be the way for our first edition. We have much bigger plans in the future about how to do things, really well.   Frost does allow us to do really interesting things here   because in addition to, you know, having the single public key and single signature on chain, you can have multiple access structures to the same money.  

Okay. So I could have a two out of three personally. Right? But then for   my recovery, I could have, like, a three out of three. One with my wife, one with my best friend, one with my lawyer or something like that. Right?   And so that that three out of three is in parallel to the two out of three that I have.   And so you can actually totally separate out the access structures and the devices, and that three out of three always stays valid. Let's say if I lose one device, I break a device, I want to, you know, get rid of one, I can change my two out of three,   without affecting that one. And I can stay there permanently. That's cool.  

Yeah. So that's a really nice feature of the mathematics   that allows us to do that. We haven't gotten on to actually implementing that feature,  

[00:43:05] Nick:

but we will.  

[00:43:07] Lloyd:

So that's that's, like, the one thing. But then I guess, like, it'll be up to other people to figure out. Like, hopefully, we can have the tools available   to let other people figure out how you use these Frost Snap LEGO blocks   to construct your security policy. Right?  

[00:43:24] ODELL:

Yeah. But, presumably,   you also have   you have, like I mean, I don't know if how if you how you guys are thinking about it, but, presumably, you have, like, a handhold   setup, and then you have, like,   power user using their own creativity kind of setup.   Right? Like,   I mean, I like I like that. I I like the simple idea of,   maybe not two of four. I like the simple idea of, like, the complete a complete different set. Right? Like, a three of three, and then I just   this is, like, my inheritance set. Right? And I just give one to each one to three different confidants or whatever.   Yep. Yep. If you think one of them are gonna lose one of them, you may get a three out of four or something. Two of four is a little bit weak too. Right? Because they all it really takes is one of them to then wrench attack you or wrench attack the other one. Yep. Yeah. That's true. That's a little bit   I don't know. It's a little bit dicey.  



[00:44:23] Lloyd:

Yeah. Yeah. I agree. Yep.  

[00:44:27] ODELL:

And Yeah. So What about what about, like, copying devices?   Does that actually helpful at all? Or, like, if I have two versions of the same key, is that I I mean, I assume that would be relatively easy to do tech wise. Is that actually something that's desirable?  

[00:44:43] Nick:

It's like it's actually impossible for us to stop because since you have the backup, you can just load the backup into another device.  

[00:44:49] ODELL:

Yeah. Should people do that or is that discouraged?  

[00:44:53] Nick:

We don't really know yet. I think in this investigation, we're sort of we're sort of putting these, yeah, the the building blocks out there,   and we're not we're not giving, like, a strong opinion on what users should do. We're not even giving a strong opinion on how many they should buy.   We're sort of we're we're looking at making some things in the website, like, sort of like a, you know,   sort of like a workflow where you can choose I've got this many secret places and this many trusted people, and then it might give you a recommendation on how many devices and what and what threshold,   you might wanna use.  

But to start off with, we yeah. We're we're taking sort of an unopinionated   approach. Let let the users sort of decide what's what fits their,   their scenario the best, and and we'll we'll learn from that.  

[00:45:39] Lloyd:

Okay. Yeah. The the copying devices thing is, the like Nick said, it's probably one of the first things you'll have to formally implement because, yeah, you can already do it. It just, it probably it it works. It just,   the UX is not super great for it. One of the problems with,   Frost, like, the only downside that is there is that you have to choose which devices upfront you're going to sign with. So when you start signing, like, you could create the transaction and stuff. Interesting. You have to say, I'm gonna be signing with these guys.   You can you can kind of hack around it. There are tricks to make it sort of in behind the scenes. Just do lots of signing sessions in parallel so you don't have to worry about which ones end up getting signed with. But   at the beginning, we're gonna see how much of a problem this is. People like really hate that.  

But when you start cloning devices, you obviously have to start making the   the UX, like, take that into account. And so you have to, like, sit like, this device if I'm signing with this one and I have device a or device b from this one, but I can't use device a and b at the same time, obviously, because got the same share. So you have to, like, update the UX a bit, to, to understand that concept. It is gonna be interesting. But one thing we did do is we already have go ahead. Yeah. We have we did we have one thing we did do is we have only one secret per device,   k, to keep things simple. Because otherwise, things get we originally, we were having, like, as many keys as you want on each device. Right? As part of and many different multisigs as you want.  

And that made mad that was madness to try and explain that in the UI and trying to get people to choose what to sign with and things like that,   with devices having multiple shares of the same key. So one device could be worth more than another one, more special than others, which sounds like a cool feature and it did originally, but it was so hard to actually wrangle the logic and sort of present it to the user to understand. Yeah.  

[00:47:27] ODELL:

Well, what I was gonna say is,   like, Coldcard, for instance,   has had found great success   selling different color devices.   So, like, as you guys scale   I mean, not only do just Bitcoiners are collectors, they like different colors. But, like, also from, like, an organ Can you can you buy different colored cold cards? So many different colors. We have all different I didn't know that. Yeah. So   I but it also it makes sense from, like, an organization point of view. Right? Because, like,   my blue one,   my blue one could be   they could all be the same one.  

And, like, my orange one could all be the same one if, if you are doing the duplication thing.   Yes. That's a smart idea. And then in the UX, it could you know, you can name it. So then it's like, okay. I'm signing with blue and orange. And then it doesn't like, they might be in different I might have duplicates of them places, but I'm signing with blue and orange. And then you can kinda name it. Exactly. Yeah. That And then it's good for business because you just sell multiple colors.  

[00:48:33] Nick:

Yeah. That was one of the first problems we, we ran into is when all the when all the devices had the same color, it was very easy to you create a wallet,   and then you'd unplug them, and then you would go to sign, and you choose which devices you're gonna sign on, and you start plugging them in, and you you mix them up. You have no idea which one had which name.   Yeah. So we're giving them a color, and   and, we'll we'll look to we'll be looking to present that color in the app as well,  

[00:48:57] ODELL:

in in the future. Oh, you are giving them but you're giving them a color on the screen?  

[00:49:02] Nick:

You don't have a name on the screen, but the the   the device color will actually be saved on on the device. Oh, okay. Oh, so it's exactly what I said. Well, the color. You can you can present that into into the app. Yeah. Show them the colors, Ben. Yeah. I've got I've got three of them. I see. Look. We're on the same page. Orange, I I there's no blue, but I I did say of course, you can We've we've got a blue we've got a blue and a red. I just I just haven't got those ones yet. I'll I'll be seeing Those are clean. Wait. Can you put them back up on the screen again? Yeah. Yeah. Sure. Sure. Nice.  

[00:49:33] ODELL:

So is that an all metal case? Or That is an all metal case. Yep.   Very nice.   So you have five different colors?  

[00:49:42] Nick:

Yes. Five different colors. Yep.  

[00:49:44] ODELL:

Got it.   Okay. So we were on the same page on that front.   I had one more question.   Oh,   so,   what's what's the buying process like? They're up for preorder right now? Yep. They're up for preorder on frostsnap.com.  

[00:50:01] Nick:

We're pricing them in sets.   So a 150,000  

[00:50:05] ODELL:

sets per device. So they're on sale right now?  

[00:50:08] Nick:

Yes. They're on sale. Exactly.   Yeah.   Yeah.  

[00:50:13] Lloyd:

So we're we're we're having a bit of a filter there. So only, you know, only very serious people are are buying   them, which is what we sort of want at the beginning. So this is our first first batch and it, is just yet to support us, because, we need a bit of support at the moment to keep this project going. So hopefully,   we can get in there and preorder,   and get part of the first batch. And I guess we'll be closing the preorder thing at some point in the next few weeks as we start actually, shipping the devices.  

[00:50:41] ODELL:

Yeah. So if I preorder today, when am I getting my device?   Later this month. Probably towards And are you shipping from Australia?   Probably Malaysia. Likely Malaysia. We'll How long does that take to get to America?  

[00:50:54] Nick:

Whatever makes the most sense for you guys in The US.   Okay. Your new tariffs.  

[00:50:59] ODELL:

Oh, yeah. Is Australia a tariff?  

[00:51:02] Lloyd:

I think it's tariffs less than Malaysia, but I'm not up to date on that. Yeah. We're less than we're less than Malaysia. Man. Oh, yeah. That's true. We're gonna have to I don't know what what was going on with the tariffs. Maybe Nick can tell us what the the geopolitical situation is.   No. I haven't been going too closely.  

[00:51:17] ODELL:

So, like, the use so I would pick how many devices I buy. Right? Like Yep.  

[00:51:22] Nick:

Yep. There's a minimum of three. It it the you can use the devices as, like, a single sig hardware wallet.   Doesn't make a whole bunch of sense. You might as well, yeah, get get three or more. So we we've set a minimum of of three devices.  

[00:51:36] ODELL:

Plebdevs is asking   in the comments does I think we answered this question, but does each device have full group info?   Is it also encrypted, or does that start on the mobile phone app?  

[00:51:49] Lloyd:

Yep. I think the group info, he means, like, the XPub probably, like, of the whole wallet. You need you just need two devices to restore and practice. That's what it is. Right? If it's too But it is it it is, it the device has, like, this share of the group info, so not all the group info is on the device. It has a share of it. And if you get enough devices,   then the phone you're plugging it into will be able to reconstruct the full group info.  

[00:52:13] ODELL:

And   scale up?   Like, if it's an eight of 10   Yep. Does do I need, like, four devices or something to recover?  

[00:52:22] Lloyd:

Or No. Eight.   Need the same.   You'll always I need eight. I need eight to recover. You get you get zero information   until you actually   I need the threshold.   I need the full threshold. Yes. You need the full threshold. We do so we do have some information there. So we have the name. This is and user feedback would be helpful here. We have, like, the name of the device.   So   and we have the name of the wallet it's a part of.   So if you plug it, like, if anyone finds your thing, it's gonna be like, this is Matt's life savings.   I'm not gonna And then Fair enough. Fair enough. Yeah. He so don't maybe don't name it that, you know, but, we have to figure out if that's a good idea or if people don't want that to know anything.  

We thought it was, like, I'm I'm thinking more like should do it in my family to sort of know that. Like, oh, you found the right thing. Like, this is the right thing. Good on you. You're making progress,   towards the thing.  

[00:53:15] ODELL:

Then maybe give the cheat name. It'll say the wallet name, like, the whole wallet name, and then also the device name. Right? So it'd be like   Matt savings,   and then it would be like office or something. Yeah. Exactly. Yeah. Exactly. Or key one, whatever you wanna name it. Yeah. It has it has those three things. It has the number of the thing,  

[00:53:34] Lloyd:

the the the the name you gave it, and the name of the wallet. And that's the three bits of metadata you get when you find a device.  

[00:53:42] ODELL:

Is there,   physical limitation on how many of these things I can plug in?  

[00:53:48] Nick:

We actually don't know what the limit is yet. I think, the biggest we've done, I think, is an 11 of 19, and we we ran out of devices at the time. And that was on a phone. You had 19 of these plugged in? Yeah. Yeah. And we made a key. Yeah.   So it's it's gotta be higher than that.   We'll we'll probably figure we'll probably find that out in the next few weeks, but it's pretty fun not to know. Maybe someone else will find that before us.   Yeah.  

[00:54:14] ODELL:

I mean, it starts getting pretty ridiculous.  

[00:54:17] Nick:

Yeah. I   think, you know, the only   maybe some really peculiar organizational   situation   that might might be useful for that.   You know, you've got a a flat hierarchy organization of, you know, 20 people or so, and you wanna make a, you know, 11 out of 20 or something.  

[00:54:36] Lloyd:

I could definitely Organization's a whole different thing though. This is this is just for personal personal savings. We don't have, we haven't tackled organizations yet, but you can imagine there's like a million things there.  

[00:54:47] ODELL:

Like user access controls and stuff. Yeah.  

[00:54:52] Lloyd:

Like, there's there's a lot of things. And,   the the big one I mean, one of the big the the big advantage of Frost is that you could you could actually change out members of the organization with keys without changing   the descriptors   or the the public keys of the wallet. Like, if you have a if you have a multisig right now,   you wanna remove someone from the board or whatever and they have a key in the multisig, you have to change like, you have to cancel the outstanding invoices or whatever of the company,   and then do the thing and then reissue the invoices because that those old addresses are no longer   Yeah. Valid.  

And so yeah. So with Frost, we can actually change it behind the scenes without changing the whole addresses   organization and, you know, infrastructure.   So that's, one real big advantage, I think.  

[00:55:39] ODELL:

No. This could be amazing for organizations. I mean, Multisig in general is amazing for organizations,   but Frost Multisig,   all of us all of a sudden opens up a ton of huge possibilities. But you need, like, the actual UX to   Yeah. Handle it all.  

[00:55:53] Nick:

Yeah. Exactly. A big one,   will be remote signing.   So I can have my Frosnap device and you can have your Frosnap device, and we can be, you know, on the other side of the world, and we can both plug our devices in and and, you know, do a signing session.  

[00:56:10] Lloyd:

Not an option or something.  

[00:56:12] Nick:

Pardon?  

[00:56:13] ODELL:

That's not that's not ready yet, though. Not yet. Not yet. Probably probably six months or something, will have that. And how do you see that? What is the transport mechanism?  

[00:56:22] Nick:

I'm I I really I'd I'd really like to use Nosta as sort of the,   the the   communication layer for that,   for the primary reason that you're not so dependent on Frostnap as the company. So   if if you know the Frostnap Nosta Relay is not available, you can just plug in your own relay into the app and you can communicate with your your peer that way,   and and send,   you know, Frost,   signatures over Nostra.  

[00:56:52] Lloyd:

Yeah. I I I I did a a demo with, Nostra. It worked it worked fine. I think it it may it's nice because you got the same kind of public key   cryptography going on, in Nostra, same kind of public keys. So you can sort of,   simplify things a little bit by choosing choosing, you know, if you have existing Nostra kind of public keys and you verify that out of band, like you've got your different accounts, you can sort of Like your Choose these accounts. Or whatever.   Yeah. Contact list. You can choose them out of the contact list and that sorts out a few   issues in the cryptography that we have to sort finesse when you're just doing it with these devices in in person. So So we got, we don't, we don't exactly know exactly where we're going to go with that. But, you could imagine that you don't even have the Frost app devices.  

You can just do Frost over Nostra.   I guess Frost, we're, we're, we, our vision is that, you know, it is probably good to have separate devices for keys.   And we don't know how it happens   when, you know, you just want to add a guy to your organization, have a key on their phone or whatever.   Probably, you probably that's going to happen. I mean, it's just going to happen just because the the software is out there and probably, I mean, even with the Frostnap software we have already pub open source, you can probably just do that,   pretty easily. So,   it's gonna happen.  



[00:58:06] ODELL:

Yeah. I mean, the remote signing stuff in general is that's   part of the, like, organization building blocks. That's not like an individual doesn't really need remote signing, but, like, open SaaS needs remote signing.  

[00:58:17] Lloyd:

Yeah. We need it. Yep.  

[00:58:19] Nick:

Yeah. Yep. Yeah. Exactly. Yeah.  

[00:58:23] ODELL:

Awesome. Well,   I definitely   I mean, I'm not gonna make excuses, but   I definitely should have played around with the actual software before we had this conversation. So I look forward to doing that.  

[00:58:36] Nick:

Yep. Please do. Please do. I,  

[00:58:39] ODELL:

it seems it's just fascinating to me. Like, I think it's,   like, this could be a game change. I mean, the problem is is, like, Bitkey was cool because   it made it easy for the average person, but it did take a lot of it made a lot of security trade offs to do that.   I mean, even if you think about, like, how you guys are only selling for Bitcoin, originally, Bitkey only sold for dollars. Right? So it's like a completely different demographic in a lot of ways, at least in the beginning.   Yep.   But, like, the way I think about Bitkey is, like, Bitkey is more trying to protect you from,   messing something up.  

Yeah. Because I kinda try to protect you from yourself and create full tolerance   rather than securing you from sophisticated external actors.   And that's a reasonable trade off, I think, for a lot of people who, like, threat model does not include the NSA   or big tech or the NSA and big tech colluding together.   But this seems to try and like, you're kind of you're making it   pretty easy, pretty fault tolerant,   but then also very secure. Like, you you're not really making that same security trade off,   which is,   that that could be, like, the holy grail. That could be very, very helpful to boost self custody and improve the current self custody setups of a lot of people.  



[01:00:01] Nick:

Yeah. We think so. On that. Yeah. Trying to keep that that same high level of security while   not just adding more and more secrets to to have that security and so that, therefore, you have,   very easy recoverability,   which is, yeah, a very important thing in in terms of security,   being able to access it, not not forgetting a PIN or a, a PIP 39 passphrase or something   and and losing losing all your money.  

[01:00:30] ODELL:

I have one more question for you. The   I mean, this is like bleeding edge shit. Right? So Yeah. I mean, I don't know of anyone else doing   frost stuff on Bitcoin. Is there, like,   god forbid, you guys both die. Or is there, like,   is there another wallet that I can restore Frost   Bitcoin stuff on, or am I running, like, Bitcoin core to do it? Can I answer A very important one? Yeah. So we're going to make  

[01:01:02] Nick:

a a very small tool, probably like a 100 lines of Python or or Rust or something that will take   two of your seed phrase backups   and   basically squish them together and output an Xpriv that you can load into Sparrow,   Electrum, Bitcoin Core.  

[01:01:21] ODELL:

Which just sweeps it to a regular wallet?  

[01:01:24] Nick:

Yeah. Exactly. I think Lloyd's actually managed to to,   Vibe code one of these tools, you know, to say, here's what the backup looks like.   You know, give me the code that will output the XPriv,   based on these backups.  

[01:01:39] Lloyd:

And so it's It's really amazing.   So what so actually that changed the fact of the   the ability to vibe code or the AI, you know, coding agents really it sort of changed my it changed our opinion on the on the backup format. So I went trying to optimize for the ability to explain   it   to a computer and have the computer just generate code that does it, actually became, like, one of the top design priorities of it.   And so it ended up being that we just used BIP 39 words. So they're not a BIP 39 backup, obviously, but they just BIP 39 words. So it's the same standard. With the num Yeah. With the same words and it's got the it's got the number at the front of it. So which, which, share it is, so which key it is in in the multizig.   And that's that's basically it. And a bit more a bit more checksums and some, stuff like that. But basically, you just need to take the first 24 words.  

You put that into a sec p two five six k one secondret key. So it's some sort of secret key that you would you would normally use to Bitcoin. And then you just do this this, one mathematical operation between them, and then you get back to the x priv. And so you can actually explain that in, like, three bullet   points to a thing and have it put out Python,   to to get you back your your x priv. So that's, that's, one one thing we've actually achieved in the design of the backup format. So it's 25 bit 39 words.  

[01:03:04] ODELL:

So what does that but what does that look like in practice? Like, I so I do that,   and   and then what do I see in Sparo? Is it sweep is it is it doing a sweep transaction, or is it actually   It would just actually look like a wallet.   You look like the wallet. So you'd have your your My UTXOs would still be separate or whatever. It'd be like a front it would be like a wallet restore.   It's like a translation almost. Not a it's not a wallet sweep. Yeah. Exactly. Yep. You'd just be able to use it as a normal wallet in Spirer with a private key. Just convert a hot wallet, but yeah. Yep. Yep. Yeah. Oh, that's awesome. I mean, that's better than the status quo of like, with Bitkey, you basically have to sweep. You can't   you can't restore the wallet in Sparrow.  



[01:03:50] Lloyd:

Yeah. I mean, obviously Hopefully, hopefully, hopefully, eventually, like, the Sparrow will be able to put in our backups directly, and you wouldn't even need a separate tool. Right? Yeah. I mean, if anyone would do it, it's Craig. I mean, the guy's a fucking legend.  

[01:04:02] ODELL:

Yep. I mean, I I presume the the when I ask this question, it's, like, more of a   I mean, if you're bullish on Frost, then the idea is you're kind of   setting the ball in motion, and you're like, there should be, like, a   a Frost ecosystem of apps that will a Frost Bitcoin ecosystem of apps that will develop over time. But in the meantime, it's important to have, like, the,   you know, the big exit button if I need to get out or something.  

[01:04:29] Nick:

Exactly. Exactly.   Yep. Yeah. So it'd be it'd be much nicer if you could, you know, not have to enter your backup on, you know, a hot wallet. You could just enter that backup on another hardware wallet,   and and restore that way.  

[01:04:42] ODELL:

Awesome. Well, guys, this has been great. I look forward to testing it out. Thank you for pushing the limit on   self custody and pushing the ball forward and trying new things.   We need more of that.   Do you before we wrap, let's wrap with some final thoughts. We'll start with,  

[01:05:01] Nick:

Nick. Final thoughts. Yeah. Yeah. Just thanks very much for having us. If you wanna support FrostNap and the, you know, the future of self custody,   you can preorder now at frostnap.com.   And I think you'll you'll have a great time and, your your opinions on   what self custody can look like will will be changed forever. So, yeah,   please please buy some devices and and try them out.  

[01:05:25] ODELL:

Love it. Thanks, Nick. Lloyd, final thoughts.  

[01:05:28] Lloyd:

Yeah. Thanks so much for having us, and thanks everyone for listening.   Yeah. Look forward to the future where you don't you guys don't have all your money in your house. That makes sense. Let's get it done.  

[01:05:38] ODELL:

It's an important future.  

[01:05:41] Lloyd:

You're running back. You're not in your house.  

[01:05:43] ODELL:

Not in your house.   I I cosign that.   Guys, thanks for coming on. Freaks, you can go to frostsnap.com   if you want to preorder some devices.   I'm gonna put all of their links,   Noster x, whatnot, in the show notes. All the links for CIL dispatch are at cildispatch.com.   Thank you to the freaks who support the show.   You guys keep me coming in week in, week out. There'll be another civil dispatch next week. If you pay attention at primal.net/odell,   I'll let you guys know when it is. Hopefully, we'll have the Nostril live chat   up and running.  

For those who joined late, there's just been an ongoing DDoS on ZapStream,   that Kieran has not been able to get a handle of. So it is what it is.   Lloyd, Nick, thank you for joining.  

[01:06:34] Nick:

Freaks, this is for y'all.   Thank you.  

[01:06:37] ODELL:

Stay on the stack sets.