CD175：寒霜快照 - 寒霜多重签名

他们运用各种启发式方法来确定这种概率，从而更有可能追踪链上的实体。

And they use different heuristics to basically nail down that probability and make it more likely that they can track entities through the chain.

当然，绝大多数人通过KYC交易所购买比特币，并在出入金环节绑定身份信息，这无疑让概率分析变得容易得多。

And of course, obviously, the fact that the overwhelming majority of people are buying Bitcoin through KYC exchanges and attaching themselves to their identity at the entry and exit points makes that probability analysis much easier.

就备份而言，那么设置流程，我认为是相对简单的。

So in terms of backup, what does so the setup process, I think, is relatively straightforward.

假设我正在设置一个三选二方案，或者说如果我拥有三个硬件设备，手机也算一个密钥吗？

I'm plugging in let's say I'm doing a two of three, or I guess if I have three hardware devices, is the phone one key too?

目前还没有，但它仍然对那种关键随机性有所贡献。

Not at the moment, but it still contributes to that that key Randomness.

生成仪式。

Generation ceremony.

是的。

Yeah.

好的。

Okay.

所以我插入了三个设备。

So I plug in three devices.

我打算三选二。

I'm making it two of three.

对。

Yep.

想必应用程序会让这变得相对简单。

Presumably, the app makes that relatively straightforward.

我会在每个设备上逐一进行批准操作。

I'm, like, approving on each device as I go.

没错。

Yep.

然后我会把它们分开存放，比如一个放办公室，一个放银行保险箱，可能留一个在家里。

Then I'm taking them apart and I'm putting, you know, like, one in an office, one in a safe deposit box, maybe keeping one at home.

我用手机来协调。

I have the phone to coordinate.

从历史上看，人们主要担心的是会出现某种硬件故障。

Now historically, the concern has been that you'd have some kind of hardware failure.

这就是我们采用离线备份的原因。

So that's why we have offline backup.

那么这种备份流程具体是怎样的？

So what does that backup process look like?

是不是需要为每个钱包保存一个种子？

Is that am I keeping a a seed for each?

是的。

Yes.

对。

Yes.

在你创建钱包后，应用程序会引导你完成备份流程。

So after you've created the wallet, the app will prompt you to do to run through the sort of backup process.

具体操作是将设备连接到手机，确认显示备份后，设备会提供一组助记词。

And what that would look like is you you plug one device into the phone, confirm to display the backup, and then it would present you a set of seed words.

在设备上显示吗？

On the device?

是的。

Yes.

在设备上显示。

On the device.

没错。

Yep.

是的。

Yep.

对。

Yeah.

在设计过程中，我们确实希望避免使用与BitKey管理相同的种子词，因为他们决定不处理这个问题，我们也想避开它，毕竟冗余设备会导致两个设备同时存在的情况。

We we in the design process, we really would have liked to avoid seed words the same as, like, BitKey manage were decided they were not gonna tackle that thing, and we would have liked to avoid it as well because, you know, you've got two out of you've got redundant devices.

所以如果你丢失一个设备，可能问题不大。

So maybe it would be okay if you if you lost one device.

但最终，我们认为必须采用完整备份方案，至少确保每个设备都有自己的备份，这样即使没有FrostSnap设备或软件，也能恢复所有资金。

But in the end, we felt we had to go with a full backup, you know, solution, at least it's so it's there so that, that each device has its own backup and you could, you know, recover recover all the money without any FrostSnap devices or without FrostSnap software.

因此，每个设备上都有一个备份。

And so, yeah, there's a there's a backup on each.

但我们希望借助Frost的技术，能通过一些技巧避免手动输入备份。

But we're hoping, like, because of Frost, there's some tricks we can use to avoid actually having to have you enter the backup.

就像你提到的场景，设备故障时——

So in in the scenario you mentioned, like, device fails.

没错。

Right.

你需要用新设备替换它。

So you got a new device to replace it.

通常你需要输入备份到设备才能恢复数据。

Normally, you would have to input your backup into the device in order to restore it.

但实际上我们应该能做到——虽然还没实现，但加密技术方面基本都已解决。

But actually, we should be able to we haven't implemented this yet, but we we we the the cryptography is all pretty much a solved a solved thing.

我们可以让你带上另外两台设备，然后你说，我想把另一台坏掉的设备上的共享内容恢复到这台新的空白设备上。

We can just take you take your other two devices and you say, I wanna restore the share of this other device that I that was broken onto this new blank device.

然后你应该能直接去访问那两台设备，最后再回到这台新设备，就能完全恢复数据，而无需实际输入备份信息。

And you should be able to just go visit those other two devices and then go finally go back to the the new one and have it just fully restored without having to actually enter in the backup.

明白吗？

You know?

所以如果你...嗯...

So if you if you yeah.

继续说吧。

Go ahead.

我对Frost的基本理解是，因为它独立于比特币协议之外，能让你实现密钥轮换，事后添加新密钥，而无需完全创建一个全新的钱包。

So I my basic understanding of Frost is Frost, because it's outside of the Bitcoin protocol, would allow you to, like, basically do, like, a key rotation, add a new key after the fact without actually, like, creating a a completely new wallet.

这种情况下，这会是一个完全不同的密钥——用引号说就是不同的助记词，还是说...

In this case, would that be an like, a completely new key with, quote, unquote, different seed words, or would that

实际上你可以选择，比如...

You actually choose, like

进行恢复。

to restoring.

选择。

Choose.

你可以选择是想恢复丢失的那份相同份额，还是想创建一份全新的份额？

You Do wanna you can actually choose do you wanna recover a new do you wanna recover that same share that you lost?

或者说你想从2/3模式变成2/4模式？

Or do you want to create an entirely new share that, you know, it it could go from a two out of three to a two out of four essentially?

对。

Right.

是的。

Yeah.

你基本上只是在添加一个密钥。

You're basically just adding a key.

阈值仍然保持不变。

The threshold's still the same amount.

虽然还是太空白，但你正在添加一个密钥到

It's still too blank, but you're adding a key to

总数里。

the total.

没错。

Yeah.

如果你已经丢失了另一个，那么基本上就是三选二的情况。

And if you've lost that other one, then it's, yeah, it's basically a two out of three.

对。

Yeah.

根据你之前的评论，我推测用户不需要备份其他任何东西。

And I'm I'm assuming based on your earlier commentary that there's nothing else the user needs to back up.

他们只需要备份

They just back

完全正确。

That's correct.

所以，是的，每个设备只需一组助记词。

So, yes, just just one set of seed words per device.

没错。

Yep.

因此，如果你丢失了应用，设备也会丢失，这时你有三分之二的备份缺失，你可以选择获取两台新的FrostNap设备，将助记词分别输入每台设备以恢复备份，之后就能正常使用了。

And so if you if you lose the app, you lose the devices, and you've got a two out of three, you can you can either get two new FrostNap devices, enter the Seedwords onto each device to restore those backups, and then you're good to go.

你不需要任何描述符或其他元数据。

You don't need any descriptors or any other metadata.

所有信息都包含在FrostSnap备份表上。

It's all contained on the FrostSnap backup sheet.

太棒了。

That's awesome.

你对这些设备有什么看法？作为早期设计决策的一部分，为了让它们易于制造且更开放，这些设备上没有安全元件。

What are your thoughts on, so these devices, you know, part of, your early designs decisions to like make them easy to manufacture and more open do not have secure elements on them.

从历史上看，安全元件的主要用途之一是防止物理篡改。

Secure elements historically, one of the main main use cases for them is to stop, you know, physical tampering.

你如何看待这种防盗措施？

How do you think about that theft mitigation?

比如我把设备放在办公室，而我的秘书心怀不轨且技术高超，能够入侵我的设备。

You know, I'm keeping it at my office, and I have an evil secretary who's very technically competent in compromising my device.

我认为，实际上安全元件对防止篡改帮助不大。

I think for my opinion, it actually doesn't secure elements don't help with tampering that much.

如果真的能进行物理篡改，比如接触到芯片——主MCU，因为我们确实展示过一种叫DarkSkippy的攻击方式。

If you can actually tamper with it, like, you know, get onto the chip, the the main MCU, because we've really like we showed this attack called DarkSkippy.

Darkskippy.com（如果人们没看过那个视频，但实际上觉得这就足够了）

Darkskippy.com if people haven't seen the video, but actually like that's sufficient.

如果你能随意篡改任何设备，就完全不需要触碰安全元件

If you can just tamper with any device, you don't need to hit the secure element at all.

只要你能更改设备固件，当用户输入PIN码时，安全元件就会释放密钥，然后你就能在上面进行签名

As long as you can change the firmware of the device, this when the when the user inputs their PIN, the secure element will release the key and you'll do a signature on it.

而我们植入的那个恶意固件——这个技术娴熟的管家安装的——会把种子通过比特币网络发送出去

And that that that malicious firmware we've put that the this maid, this technically competent maid has put on there will be will send the seed over the Bitcoin network.

所以我认为安全元件实际上真正关乎的是PIN码

And so the I think the the secure element actually is really about pin numbers.

它的作用是保护种子，确保只有知道PIN码的人才能将种子传输到主MCU上

So it's about protecting the seed and so that only the person who has the pin can actually get the seed onto the main MCU.

本质上它就是一块认证芯片，这就是它们的用途

So it's an authentication chip, basically, is the way they're used.

因此我们不会通过PIN码来认证用户

And so we don't use authentication of the user through a PIN number.

这是一个设计决策

That's that's one design decision.

我们经过大量讨论才达成这个设计决策

It took a lot to come to it, but that's what one design decision we came to.

当你用单签模式来看待PIN码的安全模型时，本质上你是在说：假设你有个冷钱包或Jade之类的带PIN码设备，这些设备可能就随便放在抽屉里

The the PIN numbers, when you look at the security model of it like a single SIG and you have the PIN numbers there, what is happening is basically you're saying, okay, you have a cold card or something or a jade or whatever, any of these devices with PIN numbers, and that device may be like laying around, maybe like in a drawer or something.

对

Right.

攻击者只需很短时间就能找到。

And that'll take an attacker like a short amount of time to find.

大概就，比如说15分钟，对吧？

Like maybe like, let's say 15, right?

如果他们搜查你家，可能在十五分钟内找到硬件钱包，但十五分钟内找不到助记词。

If they're going around your house, they could find your hardware wallet in fifteen minutes, but they wouldn't find your seed words in fifteen minutes.

那些助记词你放在超级安全的地方，比如...我也不知道，可能埋在花园里什么的，要找到得花好几个小时。

Like that seed words, you're putting them like in some super secure location that is like really, I don't know, you buried them in the garden or something, it would take like many hours or something.

所以PIN码的作用就是提供这种便利性。

And so the pin number is there to allow you to have that sort of convenience.

比如这个触手可及的设备用PIN码保护，而助记词不在手边，获取难度会大得多。

Like, have this this within arm's reach device with a pin number, and I have these seed words that are not within arm's reach, they're going to be harder to get to or something like that.

这就是PIN码存在意义的场景模式。

So that's the paradigm where the PIN sort of makes sense.

在我们的模式中，是通过地理分布来验证用户身份的。

For our paradigm, we're using the geographic distribution to sort of authenticate the user, if you like.

给设备加PIN码对我们帮助不大，因为实际上我们的设计可能把frost快照和助记词备份存在一起。

It wouldn't help us much to put a pin on the devices because actually, our design, we actually probably store the frost snaps with your seed word backup.

明白吗？

Okay?

所以这不像多重验证，我们采用多签本质就是因为它的不便利性。

So it's like there isn't this much multi then the reason we do this is multi sig is just by definition inconvenient.

懂我意思吗？

You know?

如果伸手可及的设备被别针固定住还得开车去取，那就没什么意义了。

There's not much point of an within arm's reach devices skewered by a pin if you have to go on a drive to get it.

对吧？

Right?

这就像是它不会、它不可能、它甚至根本谈不上方便。

It's like it's not it's not gonna it's not even gonna be convenient.

对于你的终极冷藏方案来说，本就不该追求方便。

It shouldn't really be convenient for your ultimate cold storage setup.

对吧？

Right?

你其实并不想要便利性。

You don't really want convenience.

它们算不上特别重要的功能。

They're not really a super important feature.

我是说，良好的用户体验才是。

I mean, good user experience is.

对吧？

Right?

你希望它易于使用，没有安全隐患之类的。

You want it to be easy to use and no foot guns and stuff.

我们希望耗尽毕生积蓄这件事应该很麻烦才行。

We want it to be inconvenient to spend all your life savings.

不应该几分钟内就能完成。

It shouldn't be able to happen in a couple of minutes.

这就是原因所在。

That's the reason why.

是啊。

Yeah.

我们就稍微深入探讨一下这个问题吧。

Let's just go down this rabbit hole a little bit.

首先，黑暗斯基皮是前一阵子的事了。

First of all, dark Skippy was a little bit a while ago.

所以为了帮我回忆一下，我是说，特别是在Cold card上，我认为安全元件能保护你免受黑暗斯基皮的攻击。

So just for a refresher for my sake, I mean, I think, like, I mean, in cold card specifically, I think the secure element protects you from dark Skippy.

具体来说

Specifically

对。

Yeah.

如果可以的话，我们可以改变措辞。

If we can we can change words.

对吧？

Right?

那些钓鱼词汇，那些钓鱼词汇。

The fishing words the the fishing words.

比如，当你输入密码的前半部分时，钓鱼词汇会有所不同。

Like, you enter the first half of your pin, the fishing words would be different.

不行。

No.

因为，我是说，一切仍然保持不变。

Because, I mean, it's the still the same everything.

就像，同样的安全元件。

Like, the same secure element.

钓鱼攻击必须相同，因为这是同一台设备。

The phishing must be the same like, it's the same device.

我是说，我们讨论的是一个女佣能打开你的冷钱包并更改主MCU上运行的固件，却无法破解安全元件。

Like, I mean, we're talking about, like, a a maid who can actually open up your cold card and change the firmware running on the main MCU, but they can't break the secure element.

就像，这种女佣根本不存在，显然的。

Like, that's some this is a maid that doesn't exist, obviously.

但如果真有这种女佣存在，是的，他们可以更改固件。

But if if that touch of maid existed, yeah, they could change the firmware.

关键是这就是为什么冷钱包配备了两个安全元件。

Point is that's why cold card has the secure two secure elements there.

不是吗？

No?

原因之一。

One of the reasons.

安全元件只是验证PIN码是否正确。

It wouldn't like, the the secure elements just authenticate it's the pin.

验证PIN码正确。

It's the right pin.

所以主MCU正在接收这些

So the main MCU is, like, taking those

同时保护着密码背后的秘密。

also protecting the secret behind the pin.

对。

Right.

但你会输入正确的密码，然后看到相同的正确词语显示出来，因为这是同一个设备。

But you're going to enter the correct pin and you're going to see the same the correct words come up because it's the same device.

我们并没有更换设备。

We're not we're not swapping out the device.

我们只是更换了主MCU上的固件。

We're just changing the firmware on the main MCU.

所以你会...但我想你会看到

So you're gonna But I guess you're gonna see

哦，但我会看到那个显示'固件验证失败'的大红灯。

Oh, but I would see the big red light that says firmware attestation failed.

对。

Right.

很可能。

Probably.

是的。

Yes.

那就是...那就是你

That's that's that's what you

会保护我的。

would protect me.

那个大红指示灯会保护我。

The big red light would protect me.

对。

Yep.

是的。

Yes.

所以这就是那个'但是如果'的情况。

So that's the but if yeah.

不过如果你能绕过那个大红指示灯的话。

If you can get around the big red light though.

不行。

No.

那个'不行'。

The no.

实际上那个大红指示灯，如果你能修改固件的话，我们也能绕过它。

The the big red light actually, we can get if you can change the firmware, we can get around the big red light also.

因为我们可以向安全元件发送错误的固件。

Because the big red we can send the wrong firmware to the secure elements.

所以问题在于主MCU，如果你在那上面进行签名验证，那就是唯一需要攻破的环节。

So the issue is like the main MCU, if you do the signing on there, that's all you need to compromise.

你不需要攻破其他任何安全元件之类的。

You don't need to compromise any other secure elements or whatever.

顺便说一句，实际上主MCU非常难以攻破。

It turns out the main MCU is actually very difficult to compromise, by the way.

这很简单。

It's trivial.

就像人们会认为，哦，安全元件是绝对无法攻破的。

Like people people will think that like, oh, yeah, the secure elements, it's super impossible to compromise.

主MCU并非如此，实际上Ledger展示过对安全元件的攻击，但他们无法攻击主MCU，似乎是因为他们做不到。

The main MCU isn't, but actually, know, Ledger showed an attacks on the on the secure elements, not they couldn't do the attack because they it seems like they couldn't pull off the one on the main MCU.

所以如果你相信能入侵主MCU，你就能控制整个设备。

But that so, yeah, the main so the if you believe you can corrupt the main MCU, you can corrupt the device.

这是非常难以实现的。

It is a very difficult thing to pull off.

明白吗？

Okay?

所以你必须拆开设备。

So you have to open up the thing.

你得把芯片取出来。

You'd have to take the chip out.

你需要熔化芯片之类的，之后再装回去，或者换一个芯片而不损坏其他部件。

You're gonna have to melt the chip or something and, like, you know, put it back in afterwards or put a different chip in afterwards without breaking anything.

但如果你能更改主芯片的固件，你就能把钱转走。

But if you were able to change the firmware on the main chip, you can you can you can take the money.

当用户输入PIN码时，他们毫不知情，实际运行的是被篡改的固件。

The the when you put in the user put it in the pin and they have none the wiser, they're running different firmware.

所有绿灯提示都会正常显示，因为主MCU会向安全元件谎报所有信息。

Everything the green lights and everything will happen because the the main MCU will lie to the secure elements about everything.

安全元件并不了解实际情况。

The secure elements don't know reality.

它们只能与主MCU通信。

They can only talk to the main MCU.

因此主MCU可以对它们隐藏一切。

So the main MCU can hide everything from them.

然后当你输入PIN码时，会出现相同的验证词，完成操作后需要签署文件，而你的种子词会因此包含在签名中。

And then, when you put in your PIN numbers, you'll get the same words, check words come up and you'll finish it up and you'll sign a thing and your seed words will be in the signature because of that.

所以我们不...嗯。

So we don't yeah.

好吧。

The Okay.

呃，我不是

Well, I'm not

来这里争论冷钱包安全模型的，但我相信NVK在这期节目后会给我启发。

here to get into a debate over the cold card security model, but I'm sure NVK will be insightful to me after this episode.

但抛开这些不谈，不特指冷钱包，我认为Ledger展示的攻击针对的是前代设备。

But regardless of that, regardless of cold cards specifically, I would say that Ledger's shown attack or whatever was the previous generation devices.

我记得攻击成本约60万美元，部分原因就在于安全元件。

It costs like $600,000 I believe partially because of the secure element.

之后他又添加了第二个安全元件，并采取其他措施进一步加固，使得攻击难度更大。

And then he added a second secure element and did some other stuff to harden it further and make it even more difficult.

不过除了所有这些...嗯。

But besides all of that Mhmm.

在你的生活中，你永远不会遇到能突破这些防御的攻击者。

There there's no attacker who's getting through those things that you will ever encounter in your life.

为了

For

当然。

sure.

是的。

Yeah.

是什么阻止了某人这样做，比如，我只有一个设备。

What stops someone from so, like, I have a single device.

对。

Yes.

现在让我们...我们通过女仆的情况进行了讨论。

Let's now let's we we went through the maid.

我们说的是，女仆需要攻陷多个设备，我猜。

We're we're saying the maid, she would need to compromise multiple devices, I guess.

没错。

Yes.

而且不仅如此。

And and not only that.

实际上，我们确实通过FrostNap对恶意女仆攻击有些防护措施。

So so we actually we actually do have some protection against an evil maid with FrostNap.

所以

So

好的。

Okay.

设备上的秘密份额实际上是加密的，而解密密钥存放在你的手机上。

The the secret share that's on that device is actually encrypted, and the the decryption key sits on your your phone.

还是电脑上？

Or the computer?

对。

Yeah.

电脑上。

The computer.

如果清洁工找到你的FrostNap设备并插到他们手机上

If if the maid was to find your FrostNap device and plug it into their phone

明白。

Okay.

这正是我接下来要问的。

That was my next question.

比如，他们能从中提取种子或密钥材料吗？

Like, can they pull the seed or the key material off of this?

我猜不行。

And I guess No.

在这种情况下它会是加密的。

It would be encrypted in that situation.

没错。

That's right.

因此，要真正获取那个解密密钥，那位女佣必须访问你三台设备中的两台，基本上

And and so to actually learn that decryption key, that maid would have to visit two out of your three devices to to essentially

所以那之后我的下一个问题是。

So that was my next question after that.

比如说，如果我丢了手机

So, like, if I lose my phone

是的。

Yeah.

只要我还有...只要我还有两三台设备，即使丢了手机也没问题？

As long as I have the if I long as long as have two or three devices, I'm still good if I lose my phone?

对。

Yep.

没错。

Yep.

所以这某种程度上又回到了同样的安全假设。

So it sort of falls back to the same security assumption.

是的，如果女佣能接触到三台设备中的两台，那他们基本上就能进行恢复操作，然后就能动用你的资金。

So if, yeah, if the maid can go and visit your two out of three devices, then they're essentially able to do recovery, and then they'll be able to spend your money.

但如果他们只能接触一台设备，就什么都做不了。

But if if they only manage to visit one device, they they can't do anything with it.

他们可以发起恢复流程，但无法立即开始签署授权会话。

They can start a recovery, but they can't start signing assigning session immediately.

所以在那一天

So for that day

我是说真正的原因，除了多重签名是分布式这一点之外，我的意思是，这就是为什么你不需要固定装置或其他东西的真正原因。

the real reason why I mean, besides the fact that multisig is distributed, I mean, that's the real reason why you don't need pins or whatever.

它们就像是彼此之间的那种固定装置。

They're, like, the kind of pins for each other.

是的。

Yeah.

我们某种程度上利用了手机的安全元件。

And the we sort of use the secure element of the phone.

所以要在FrostNap设备上启动签名，你必须解锁手机，这样才会将解密密钥释放到设备上，然后你才能进行签名会话。

So so the the to to initiate signing on the FrostNap device, you have to unlock your phone, which releases that decryption key to the device, and then you can do a signing session.

对于一个邪恶的女佣来说，他们需要找到你的一台设备，在那台设备上开始恢复，把它留在那里，再去找到你的另一台设备，完成恢复，只有这样他们才能回到第一台设备完成那个签名会话来花掉钱。

So for an evil maid, they would have to, you know, find one of your devices, start recovery on that device, leave it there, go find your other device, finish that recovery, and only then they would be able to go back to the, you know, first device and and finish that that signing session to spend the money.

所以仍然有很多障碍，而且地理分布仍然阻止他们完成攻击。

So it's still a lot of a lot of hoops and that you still got that geographic distribution stopping them from pulling off the attack.

太棒了。

That's awesome.

好的。

Okay.

但我们继续，那么我认为手机丢失可能是用户最常遇到的事情。

But let's go through so then what does the I think actually a phone being lost is probably the bigger, most common thing that's gonna happen to users.

那么那个恢复过程是什么样的？

Like, so what does that restore process look like?

没错。

Yep.

所以如果你还保留着你的设备

So so if you still got your devices

对。

Yeah.

你可以买部新手机，下载FrostSnap应用，然后连接你的第一个设备。

You can you can get a new phone, download the FrostSnap app, go and visit, you know, your first device, plug it in.

应用里有个按钮写着'恢复钱包'，点击后就会开始恢复流程。

It'll there's a in the app, there's a button saying, you know, restore wallet, and it'll just start that recovery.

设备会向手机发送其密钥的某种公开份额。

The device will send a a sort of a a public share of its its secret over to the phone.

接着你需要连接第二个设备，完成恢复操作，这时手机就能获取该钱包的公钥。

Then you would go visit your second device, plug that one in, you would and then you would finish restoration at that point, and the phone will learn the public key of that wallet at that point.

它会获取所有地址信息和解密密钥，让你能重新进行签名操作。

It'll learn all the addresses, and it will learn the metadata, the decryption key that will allow you to to go and sign again.

所以这是个三设备方案，但我只需要用新手机连接其中两个设备？

So it's a three device multi say I only need to go to two devices with the new

手机？

phone?

没错。

Yep.

是的。

Yep.

完全正确。

That's right.

如果你没有设备而只有备份，那么你可以获取一个空白的FrostNap设备，插入后输入助记词到设备中，这样就能恢复设备了。

And if if you don't have the devices and you only have the backups, then you can either get a blank FrostNap device and plug it in and enter the seed words onto the device, and that will, you know, restore restore the device that way.

明白了。

Got it.

太棒了。

That's awesome.

好的。

Okay.

这对我来说很合理。

That makes sense to me.

所以它的容错性相当好。

So it's pretty fault tolerant.

可能比常规的多重签名更具容错性。

It's probably more fault tolerant than regular multisig.

是的。

Yeah.

你不会有这个描述符的问题，这真的很不错。

You don't have this descriptor issue, which is which is really nice.

这确实非常非常好。

It's it's really, really nice.

你知道，有些人认为描述符问题的一个附加问题是，你必须将那些私密（非机密）信息与助记词一起存储，或者可能上传到Google Drive。

And you there's, you know, some people like, one of the problems with this the the descriptor issue is, like, add on issue with it is you have to sort of store that that private, not secret, that private information alongside your seed phrase or maybe you upload it to Google Drive.

没错。

Right.

这不仅是安全问题，更涉及隐私风险，对吧。

It's a privacy risk, not just security Right.

确实如此。

Exactly.

所以一旦有人发现，他们就会知道你账户里有多少钱，包括你所有的支付记录。

So if anyone finds out, they learn how much money you have, you know, all the all the payments you've been making.

因此有些人试图用类似'种子锤'之类的方法将描述符分割成多个部分。

And so some people try to, like, split that descriptor up into parts with things like seed hammer.

但你知道，这某种程度上只是在把问题推后。

But, you know, it's it's sort of just sort of pushing the problem away.

我得说，这并没有让用户体验变得多简单。

It's not making the UX much easier, I'll say that.

是啊。

Yeah.

对我来说，我可以毫无顾虑地把这个交给家人。

For me, like I can give this to my family, no problem.

知道吗，只要把这些小设备给他们，一个个插到手机上，整个账户就能恢复，然后马上就能开始签名和消费了。

You know, just give these little devices, just bring them, plug them one by one into a phone and the whole thing comes back and you can just sort of start signing and spending the whole thing right away.

嗯。

Yeah.

看起来相当直观。

It seems pretty intuitive.

对啊。

Yeah.

主要来说，这项技术就像是在幕后运作的玩意儿，对吧，Frost。

It's mainly like it is like we'd have this technology thing on on on behind the scenes, right, Frost.

我们努力向用户掩盖所有技术难点，隐藏密码学实际的复杂性，让你根本察觉不到它的存在。

We've tried to cover up any difficulties to the user, hide all those intricacies of the actual cryptography and that you don't really see it at all.

但愿如此。

Hopefully.

我们的首批用户可能会遇到一两个漏洞，但希望我们已经把它们隐藏好了。

Our first users might run into a bug or two, but hopefully we've hidden that.

最终我们所做的，就是试图利用技术让界面和用户体验变得真正简单。

And then in the end, what we've done is just tried to leverage the technology just to make it simple, the UI and UX really simple.

所以每台设备都自成一体，只要你有三台中的两台，就能取回所有资金，整个过程非常直观。

So you can just just each device is like its own thing, as long as you have two out of three of them, you get all the money back, and it's really straightforward to get it all back.

我明白了。

I see.

比如说，这是头等大事。

Like, is the number one thing.

比如，我希望其他人也能取到钱——虽然这通常不是硬件钱包的初衷，但总得想办法实现。

Like, we want I want my other people to be able to get the money, which is not what you really want to do mostly with hardware wallets, but you have to do it somehow.

往设备里添加更多密钥和PIN码之类的，确实能提升安全性。

And adding more secrets to things and adding more pins and stuff is like it improves security.

添加密钥总是能增强安全性。

Adding secrets to stuff always improves security.

但如果你毕生积蓄存放在这种存储里，它并不...它并不是最理想的选择。

But like, it doesn't have it it doesn't it's not great if your life savings is in such a storage.

对吗？

Right?

没错。

Right.

是的。

Yes.

或者安全。

Or secure.

但最初我们启动时，情况是人们会闯入你家，抢劫、钓鱼之类的。

But more people we started I mean, we started it off with, people coming in your house, robbing you and fishing and stuff.

但大多数比特币的丢失是由于错误操作、过度复杂化和自毁行为。

But, like, most Bitcoin is lost by mistakes and overcomplicating things and foot guns.

纯粹是用户自己犯错。

Just users making mistakes.

呃，在我们开始前，我看到观众提了些问题。

I well, before we get I see some audience questions.

我们稍后会处理。

We'll get to that in a second.

但在讨论之前，劳埃德，针对你刚才提到的观点——作为一个家庭主夫和多签爱好者，我认为多签最棒的功能之一就是解决遗产继承问题，比如我突然遭遇不测。

But before we get to that, onto that point that you were just making, Lloyd, As a family man myself and as a lover of multisig, one of the best parts of multisig in general is that inheritance question that's, you know, I'm get hit by a bus or God forbid or something happens to me.

这些比特币该如何传承？

How does that Bitcoin pass down?

看起来有很多聪明的方法可以实现无需信任第三方的安全主权继承，与其让我空谈理论，你们团队是怎么考虑这个问题的？

I mean, it seems like there's a lot of clever ways you can handle secure sovereign inheritance here without a trusted third party, instead of me just theorizing on it, how are you guys thinking about that?

这是产品服务的核心要素吗？

Is that a core element of a product offering?

是的，目前来说，这很像我们的首款产品，我们的先锋版，你可以把它当作四分之二之类的比例。

Yeah, at the moment I'd say like, it's very like our first product, our first, our frontier edition is just, gotta, you maybe make it like a two out of four or something.

你自己拿两个，然后两个留给朋友，一个给你妻子或其他人，对吧？

You got two for yourself and like two, you want to leave with a friend and one with your wife or whoever, right?

然后你就离开，他们用设备只是为了获取

And then that's just, you go away and they use the devices just to get the

反馈，他们再把两个设备一起带回来。

feedback They bring back their two together.

对，没错。

Yeah, exactly.

这就是我们首版的运作方式。

That would be the way for our first edition.

未来我们还有更宏大的计划，关于如何把事情做得更好。

We have much bigger plans in the future about how to do things really well.

Frost确实让我们能实现非常有趣的功能，因为除了在链上使用单一公钥和单签名外，你还可以对同一笔资金设置多重访问结构。

Frost does allow us to do really interesting things here because in addition to having this single public key and single signature on chain, you can have multiple access structures to the same money.

好的。

Okay.

所以我个人可以设置一个三分之二的结构。

So I could have a two out of three personally.

对吧？

Right?

但说到我的恢复方案，我可以采用三选三的模式。

But then for my recovery, I could have like a three out of three.

一个与我妻子，一个与我最好的朋友，一个与我的律师或类似的人。

One with my wife, one with my best friend, one with my lawyer or something like that.

对吧？

Right?

所以这个三选三与我现有的二选三是并行的。

And so that that three out of three is in parallel to the two out of three that I have.

这样你实际上可以完全分离访问结构和设备，那个三选三始终保持有效。

And so you can actually totally separate out the access structures and the devices, and that three out of three always stays valid.

比如说如果我丢失一个设备、弄坏一个设备或想淘汰一个，我可以更改我的二选三而不影响那个方案，它可以永久保留。

Let's say if I lose one device or break a device or I wanna, you know, get rid of one, I can change my two out of three without affecting that one, and that can stay there permanently.

这很酷。

That's cool.

是的。

Yeah.

这是数学赋予我们的一个非常棒的特性。

So that's a really nice feature of the mathematics that allows us do that.

我们还没有实际实现这个功能，但我们会做到的。

We haven't gotten on to actually implementing that feature, but we will.

所以这就是那件事。

So that's that's like the one thing.

不过我想最终要由其他人来想办法实现。

But then I guess, like, it'll be up to other people to figure out.

希望我们能提供这些工具，让别人了解你们如何用FrostSnap乐高积木搭建安全策略。

Like, hopefully, we can have the tools available to let other people figure out how you use these FrostSnap Lego blocks to construct your security policy.

对吧？

Right?

是的。

Yeah.

但大概，你们也会有，比如

But presumably, also have you have, like

我的意思是，我不知道你们具体怎么想的，但大概你们会有个基础配置，然后让高级用户发挥创意自定义配置。

I mean, I don't know if how if you how you guys are thinking about it, but presumably, you have, like, a handhold setup, and then you have, like, power users using their own creativity kind of setup.

对吧？

Right?

我是说，我挺喜欢这种模式。

Like, I mean, I like I like that.

我喜欢这种简约理念——可能不是两套或四套。

I I like the simple idea of maybe not two or four.

我喜欢这种完全不同的套装的简约理念。

I like the simple idea of, like, the complete a complete different set.

对吧？

Right?

比如三套中的第三套。

Like, a three of three.

然后这就是我继承的套装。

And then I just this is, my inheritance set.

对吧？

Right?

我就给每个不同的心腹或者随便什么人各发一个。

And I just give one to each one to three different confidants or whatever.

是的。

Yep.

是的。

Yep.

如果你觉得其中一个人会弄丢一个，你可能四分之三的概率会成功

And If you think one of them are gonna lose one of them, you may get a three out of four

之类的。

or something.

四分之二也有点勉强。

Two of four is a little bit weak too.

对吧？

Right?

因为他们中只要有一个人对你或另一个人发动扳手攻击就够了。

Because they all it really takes is one of them to then wrench attack you or wrench attack the other one.

没错。

Yeah.

没错。

Yeah.

确实如此。

That's true.

这个我有点不太清楚。

That's a little bit I don't know.

这有点冒险。

It's a little bit dicey.

对。

Yeah.

对。

Yeah.

我同意。

I agree.

对。

Yeah.

还有，是的。

And Yes.

那复制设备之类的方案呢？

What about what about like copying devices?

这真的有用吗？

Does that actually helpful at all?

或者说如果我有两把相同的钥匙，技术上应该比较容易实现吧？

Or like if I have two versions of the same key, is that I I mean, I assume that would be relatively easy to do tech wise.

是啊。

Yeah.

这真的是可取的做法吗？

Is that actually something that's desirable?

这就像我们实际上不可能停下来，因为既然你有备份，就可以直接把备份加载到另一个设备上。

It's like it's actually impossible for us to stop because since you have the backup, you can just load the backup into another device.

是啊。

Yeah.

人们应该这样做还是不被鼓励这样做？

Should people do that or is that discouraged?

我们目前还不太清楚。

We don't really know yet.

我想如果是这个第一版，我们某种程度上是在把这些...嗯...

I think if this first edition, we're sort of we're sort of putting these yeah.

把这些基础模块放出来，我们并没有强烈建议用户应该怎么做。

The the building blocks out there, and we're not we're not giving, a strong opinion on what users should do.

我们甚至对用户应该购买多少都没有强烈建议。

We're not even giving a strong opinion on how many they should buy.

我们正在考虑在网站上做些功能，比如建立一个工作流程，你可以选择有多少个秘密地点和多少个可信赖的人，然后系统可能会推荐你需要多少设备以及使用什么阈值。

We're sort of we're we're looking at making some things in the website, like, sort of like a, you know, sort of like a workflow where you can choose, I've got this many secret places and this many trusted people, and then it might give you a recommendation on how many devices and what and what threshold you might wanna use.

但刚开始时，我们确实...

But to start off with, we yeah.

我们采取了一种不预设立场的做法。

We're we're taking sort of an unopinionated approach.

让用户自己决定什么最适合他们的场景，我们会从中学习。

Let let the users sort of decide what's what fits their their scenario the best, and and we'll we'll learn from that.

好的。

Okay.

是的。

Yeah.

关于复制设备这件事，就像尼克说的，这可能是你们首先需要正式实现的功能之一，因为你们已经可以做到这一点了。

The the copying devices thing is that is like Nick said, it's probably one of the first things you'll have to formally implement because, yeah, you can already do it.

只是它大概能正常工作。

It just it probably it it works.

只是用户体验方面还不够理想。

It just the UX is not super great for it.

Frost的一个问题是，唯一的缺点在于你必须提前选择要用哪些设备进行签名。

One of the problems with Frost, like, the only downside that is there is that you have to choose which devices up front you're going to sign with.

所以当你开始签名时，比如创建交易之类的操作，这挺有意思的。

So when you start signing, like, just create the transaction and stuff Interesting.

你必须事先声明：'我要用这些设备来签名'。

You have to say, I'm gonna be signing with these guys.

你可以想办法绕过这个限制。

You can you can kinda hack around it.

有些技巧可以在后台悄悄处理这个问题。

There are tricks to make it sort of in behind the scenes.

只需要并行运行多个签名会话，这样就不用担心最终用哪些设备完成签名了。

Just do lots of signing sessions in parallel so you don't have to worry about which ones end up getting signed with.

但一开始我们会观察这个问题到底有多严重。

But at the beginning, we're gonna see how much of a problem this is.

用户真的非常讨厌这种设定。

People, like, really hate that.

但当你开始克隆设备时，显然需要考虑用户体验（UX）的设计。

But when you start cloning devices, you obviously have to start making the UX, like take that into account.

所以你必须喜欢这个设备——如果我正在用这台设备签名，而它包含设备A或设备B，但显然我不能同时使用A和B，因为它们共享相同的份额。

And so you have to like like this device, if I'm signing with this one and I have device a or device b from this one, but I can't use device a and b at the same time, obviously, because they've got the same share.

因此你需要稍微更新UX设计来帮助用户理解这个概念。

So you have to like update the UX a bit to understand that concept.

这会很有趣。

It is gonna be interesting.

不过我们确实做了件事：已经获得了推进许可。

But one thing we did do is we already have go ahead.

我们...我们做的一件事是：每台设备只保留一个密钥，明白吗？这是为了保持简洁。

We we did we one thing we did do is we have only one secret per device, okay, to keep things simple.

因为否则事情会变得...最初我们设计的是每台设备可以存放任意数量的密钥，作为多重签名方案的一部分。

Because otherwise things get re we originally, we were having, like, as many keys as you want on each device, right, as part of many different multisigs as you want.

这简直疯了——要在界面上解释清楚，并让用户选择签名方式简直是一场噩梦。

And that made mad that was madness to try and explain that in the UI and trying to get people to choose what to sign with and things like that.

当设备持有同一密钥的多个份额时，某台设备可能比其他设备更有价值或更特殊。这听起来像很酷的功能（最初确实如此），但实际处理逻辑并向用户清晰展示实在太困难了。

With devices having multiple shares of the same key, so one device could be worth more than another one, more special than others, which sounds like a cool feature and it did originally, but it was so hard to actually wrangle the logic and sort of present it to the user to understand.

是啊。

Yeah.

我想说的是，比如Coldcard就通过销售不同颜色的设备取得了巨大成功。

Well, what I was gonna say is, like, Coldcard, for instance, has had found great success selling different color devices.

所以当你们扩大规模时...我指的不只是比特币爱好者或收藏家喜欢不同颜色，还包括像Can这样的组织...

So, like, as you guys scale I mean, not only to just Bitcoins or collectors, they like different colors, but like also from like Can an organ you

买不同颜色的煤卡吗？

buy different colored coal cards?

颜色真多啊。

So many different colors.

我们有

We have

各种颜色都有。

all different colors.

我之前不知道。

I didn't know that.

是啊。

Yeah.

所以我觉得，从组织管理的角度来看也说得通。

So I because also, it makes sense from like an organization point of view.

对吧？

Right?

因为比如我的蓝色卡片——它们其实可以都是同一张。

Because like my blue one my blue one could be they could all be the same one.

同理我的橙色卡片也可以都是同一张，如果你在做复制的话。

And like my orange one could all be the same one if I if you are doing the duplication thing.

对。

Yes.

嗯。

Mhmm.

那是个

That's a

聪明的主意。

smart idea.

然后在用户体验设计上，你可以给它命名。

And then in the UX, it could you know, you can name it.

所以就这样，好吧。

So then it's like, okay.

我用蓝色和橙色签名。

I'm signing with blue and orange.

然后这其实无所谓。

And then it doesn't matter.

比如它们可能出现在不同地方，我可能会有重复的签名，但我就是用蓝色和橙色签。

Like, they might be in different I might have duplicates of them places, but I'm signing with blue and orange.

然后你可以稍微

And then you can kinda

没错。

Exactly.

对。

Yeah.

这样就能做成生意，因为你只需要卖多种颜色。

That And then it's for business because you just sell multiple colors.

是啊。

Yeah.

这是我们最初遇到的问题之一：当所有设备颜色相同时，你创建钱包后拔下它们，接着去签名时选择要在哪些设备上签名，再重新插上时很容易混淆。

That was one of the first problems we we ran into is when all the when all the devices had the same color, it was very easy to you create a wallet and then you'd unplug them, and then you would go to sign, and you choose which devices you're gonna sign on, and you start plugging them in, and you you mix them up.

你根本分不清哪个设备对应哪个名字。

You have no idea which one had which name.

是啊。

Yeah.

所以我们给它们分配颜色，并且未来也会考虑在应用中展示这些颜色。

So we're giving them a color, and and we'll we'll look to be we'll be looking to present that color in the app as well in the future.

哦，你是说在屏幕上给它们分配颜色？

Oh, you are giving it but you're giving them a color on the screen?

它们屏幕上没有名字

They don't have a name on

但设备颜色实际上会保存在设备上。

the screen, but the the the device color will actually be saved on on the device.

哦，明白了。

Oh, okay.

哦，所以和我说的一模一样。

Oh, so it's exactly what I said.

多种颜色。

Multiple colors.

你可以在应用里展示这个功能。

You can present that into the into the app.

对。

Yeah.

那就给他们点颜色瞧瞧，老兄。

Show them the colors then, dude.

是啊。

Yeah.

我有我有我有三个。

I've I've got I've got three of them.

我明白了。

I see.

就像，我们达成一致了。

Like, we're on the same page.

橙色，我我虽然没有蓝色，但我我确实说过，当然，

Orange, I I there's no blue, but I I did say, of course,

你我们有一个蓝色我们有一个蓝色和一个红色。

you We've we've got a blue we've got a blue and a red.

我只是还没拿到那几个。

I just I just haven't got those ones yet.

我会我会

I'll I'll

那些是干净的。

be Those are clean.

等等。

Wait.

你能把它们再放回屏幕上吗？

Can you put them back up on the screen again?

是的。

Yeah.

是的。

Yeah.

当然。

Sure.

当然。

Sure.

不错。

Nice.

所以这是个全金属外壳吗？

So is that an all metal case?

还是

Or

这是个全金属外壳。

That is an all metal case.

对。

Yep.

非常漂亮。

Very nice.

所以你们有五种不同颜色？

So you have five different colors?

是的。

Yes.

五种不同的颜色。

Five different colors.

是的。

Yep.

明白了。

Got it.

好的。

Okay.

所以我们在这方面达成了一致。

So we were on the same page on that front.

我还有一个问题。

I had one more question.

哦，那购买流程是怎样的？

Oh, so what's what's the buying process like?

它们现在可以预购了吗？

They're up for preorder right now?

是的。

Yep.

可以在frostnap.com上预购。

They're up for preorder on frostnap.com.

我们按套装定价。

We're pricing them in sets.

所以每台设备15万套。

So a 150,000 sets per device.

所以它们现在正在打折吗？

So they're on sale right now?

是的。

Yes.

它们在打折。

They're on sale.

没错。

Exactly.

对。

Yeah.

对。

Yeah.

所以

So

只是我们在那里设置了一点筛选条件。

only We're having a bit of a filter there.

所以只有，你知道，只有非常认真的人才会购买它们，这正是我们一开始想要的。

So only, you know, only very serious people are are buying them, which is what we sort of want at the beginning.

所以这是我们的第一批产品，目前主要是为了支持我们，因为我们现在需要一些支持来维持这个项目。

So this is our first first batch, and it, is just yet to support us, because, we need a bit of support at the moment to keep this project going.

希望我们能参与预购，成为第一批的一部分。

So hopefully, we can get in there and preorder, and get part of the first batch.

我想我们会在接下来几周内某个时候关闭预购，因为我们要开始实际发货了。

And I guess we'll be closing the preorder thing at some point in the next few weeks as we start actually shipping the devices.

嗯。

Yeah.

那如果我今天预订，什么时候能收到设备？

So if I preorder today, when am I getting my device?

本月晚些时候，大概在

Later this month, probably towards

月底从澳大利亚发货？

the end shipping from Australia?

可能是马来西亚。

Probably Malaysia.

很可能是马来西亚。

Likely Malaysia.

我们会

We'll

运到美国需要多久？

How long does that take to get to America?