Blockstream proposes new multisig standard called ROAST

Blockstream’s research division, which focuses on Bitcoin (BTC), has proposed a new sort of multisig standard dubbed Robust Asynchronous Schnorr Threshold Signatures (ROAST).
Blockstream proposes new multisig standard dubbed ROAST
Blockstream proposes new multisig standard dubbed ROAST

It aims to eliminate transaction failures caused by absent or malicious signers and can operate at scale.

The word multisig or multisignature refers to a transaction that requires two or more signatures to be approved before it can be completed. In cryptography, the standard is frequently used.


The primary idea behind ROAST is to make transactions between the Bitcoin network and Blockstream’s sidechain Liquid more efficient, automated, safe, and private, according to a May 25 blog post from Blockstream research.

ROAST has been proposed as a signature standard that might be used in conjunction with and improve threshold signature methods such as FROST (Flexible Round-Optimized Schnorr Threshold Signatures):

“ROAST is a simple wrapper around threshold signature schemes like FROST. It guarantees that a quorum of honest signers, e.g., the Liquid functionaries, can always obtain a valid signature even in the presence of disruptive signers when network connections have arbitrarily high latency.”

While FROST can be a successful way for signing off on BTC transactions, the researchers pointed out that its structure of coordinators and signers is meant to abort transactions in the event of absent signers, making it secure but not ideal for “automatic signature software.”

The researchers claim that ROAST can overcome this problem by ensuring that each transaction has enough credible signers to avoid failures, and that it can be done on a much wider scale than Blockstream’s 11-of-15 multisig standard.

“Our empirical performance evaluation reveals that ROAST scales effectively to large signer groups, such as a 67-of-100 arrangement with the coordinator and signers on separate continents,” according to the post.

“Even with 33 malicious signers that try to block signing attempts (e.g. by sending invalid responses or by not responding at all), the 67 honest signers can successfully produce a signature within a few seconds.”

The team utilized an idea of a democratic council responsible for “Frostland” legislation to explain how ROAST works in a simple way.

Essentially, the claim is made that getting laws (transactions) signed off in Frostland can be difficult due to a variety of causes that can cause the majority of council members to become unavailable or absent at any particular time.

To offset this, a council secretary compiles and maintains a large enough list of supportive council members (signers) at all times, ensuring that there are always enough members to pass legislation.

“If at least seven council members actually support the bill and behave honestly, then at any point in time, he knows that these seven members will eventually sign their currently assigned copy and be re-added to the secretary’s list.”

“As a result, the secretary can always be guaranteed that seven members will be on his list again at some point in the future,” the post continues, “and the signing procedure will not become stuck.”

ROAST is the result of a partnership between Blockstream researchers Tim Ruffing and Elliott Jin, the University of Erlangen-Viktoria Nuremberg’s Ronge and Dominique Schröder, and the CISPA Helmholtz Center for Information Security’s Jonas Schneider-Bensch.

In addition to the blog post, the researchers included a link to a 13-page study paper that delves deeper into ROAST.