FROSTED: the first step towards a seedless future

FROSTED seedless wallet

FROSTED is a Flutter demo application that integrates a Rust-based implementation of the FROST (Flexible Round-Optimized Schnorr Threshold) by the Zcash Foundation.

It showcases an interactive demo, primarily focused on building cryptocurrency seedless wallets using threshold signatures, enhancing security and flexibility for blockchain users.


Most of you are familiar with BIP39 cryptocurrency wallets. The problem with such a wallet is obvious: if your seed is compromised, your funds are gone.

Can we do better?

  • Distributed Trust: In seed-based wallets, the entire security hinges on the seed phrase. If this seed is compromised, all associated assets are at risk. In contrast, seedless wallets distribute trust across multiple key shards. An attacker would need to compromise multiple shards to gain control, significantly raising the security bar.
  • Reduced Single Points of Failure: By avoiding a single seed phrase, seedless wallets eliminate a critical single point of failure. This distributed approach to key management reduces the risk of total asset loss due to single key compromise.

Key shard security

This is the most important aspect: the key shards must be encrypted and stored separately such that an attacker is unable to perform the keysign operation.

Example for 2 out of 3 threshold setup:

  • One key shard protected by the secure enclave of the processor
  • One key shard backed up on a cloud provider
  • One key encrypted using a PIN or passphrase

In the future, it can be integrated in both Syrius desktop and Syrius mobile wallets.

PS: I’m planning to apply for an AZ grant for this project.


A demo is worth a thousand words:

I invite you to test the latest release.

Very cool. Maybe @Nostromo can use this with the Gravity Wallet?

@aliencoder if you have 2 of 5 required, would you sign a TX in syrius AND would you need to use another device to sign also?

Or, do you map the location of the other seed shards in Syrius and sign all shards right from syrius? If a second device is not needed to sign, can an attacker compromise syrius and download the mapped shards and still sign messages?

1 Like

Yes. And Dr. Blaze with the Syrius Mobile Wallet.

All the operations are performed locally. It is implemented using the Trusted Dealer setup that assumes a trusted entity (eg. the non-tampered app on your certified device) to run the keygen ceremony.

The security of the FROSTED implementation comes from the idea that every key shard should be decrypted only by an authorized party.

Think it this way: you can have 2 shards on your mobile device, one encrypted by your secure enclave processor and another one by a passphrase. The attacker needs both your FaceID/TouchID and your passphrase in order to be able to perform a successful keysign ceremony. The 3rd shard (backup shard) can be safely stored on your Google Drive or iCloud account.

So the attacker must spoof your passphrase and compromise your Google Drive or iCloud account (assuming that he is not a nation-state that can break into the secure enclave), which is significantly harder than social engineering a user into giving up his mnemonic.


Seedless under the right setup seems to be a lot less stressful than managing the security of a 24 word seedphrase. Backups, social recovery, etc all becomes much more manageable.

I recently came across the concept of ICP’s Oisy wallet. I didn’t fully grasp the technical implementation; it appears to involve an embedded contract and some form of ID layer, which already raises some privacy concerns. Nevertheless, it seems to effectively implement a similar seedless multi-party threshold signature.

What I found particularly impressive was the user experience of the wallet, which requires no app or extension installation. If we can replicate this while simultaneously including PoW providers for a truly feeless onboarding experience, that could be something truly amazing.


FROST is far superior than ICP’s ECDSA TSS.

1 Like

:cold_face: :cold_face: