Oddbean new post about | logout
 In my understanding, FROST can't help you here, because the new owner has no way to confirm the previous owner deleted their key shares. I could be wrong, would love to be surprised. Ed25519 too can do FROST so that will be good news. 
 They don't need to delete. You just rotate the polynomial to a position the leaked key is not part of the polynomial anymore. 
 based 
 OK but can't the old shares still sign things for the same public key?

Maybe I am missing something. 
 Signers have to agree on a polynomial to sign. My understanding is that once the leaked key signs with the wrong polynomial, the other signers can just reject that share.  
 I need to read more. But my intuition says, the old owner already had all shares necessary to generate a full valid signature, so that is impossible to verifiable lose.

The only scenario that makes sense to me, is if the company from the start setup the key shares with a trusted 3rd party that assures the new owner that the previous owner doesn't have enough shares to sign on their own. maybe that is what you meant all along. 
 Yeah, but even more fundamentally you also dont know if the private key that is at the basis of the multisig exists somewhere. Transfer of ownership requires a record one way or another, and so we are back to all the ledger shannigans we are all too familiar with. I agree ICANN can't be beaten when it comes to this stuff; this means the problem has no 'solution', mere mitigation with trade-offs one way or another.

Hence i am so bored and tired of thinking about this, and just grugbrain myself behind Nostr; because ultimately what we need is 'sort of good enough'+momentum=succes. I believe Nostr is sort of good enough and has momentum.

Congratulations on building the Nostr's Ethereum