New Feature: Key Refresh

The Problem: Vault Address Changes on Rotation

In traditional threshold signature schemes, rotating participants — such as removing an inactive signer or adding a new one — requires generating a new key set. Since a Bitcoin vault address is derived from the group’s public key, this means every rotation produces a new vault address, breaking compatibility with contracts, wallets, or dApps relying on the original address.

This limitation introduces significant operational complexity, including the need to migrate funds, update integrations, and manage coordination overhead.

The Solution: Key Refresh

With Mainnet Beta, sBTC will support Key Refresh, a capability defined in the FROST specification. Key Refresh allows an existing or partially changed participant set to refresh their secret shares of the same underlying private key, maintaining the same group public key and thus preserving the vault address.

What This Enables

  • A refreshed participant set securely receives new secret shares of the original private key.

  • The group public key remains unchanged, preserving continuity across all external systems.

  • No updates are required for smart contracts, wallets, or third-party integrations relying on the original vault.

Benefits of FROST Key Refresh in sBTC

  • Participant Set Flexibility — Add or remove signers as needed, without regenerating vaults or migrating funds.

  • Operational Continuity — Maintain long-term use of the same vault address across protocol upgrades or governance decisions.

  • Simplicity for Integrators — Wallets and dApps don’t need to update key references or track new public keys.

How It Works (Simplified)

  1. The current signing set collaboratively reconstructs the private key using their existing shares.

  2. They then generate a new secret sharing of that same private key using FROST’s refresh protocol.

  3. The new secret shares are securely distributed to a (possibly different) participant set.

  4. The new participants can now jointly produce valid threshold signatures using the same public key as before.

Why This Matters

By supporting Key Refresh, the sBTC bridge becomes more secure, upgradeable, and production-grade. The system can now:

  • Replace inactive or compromised participants

  • Adjust quorum thresholds over time

  • Refresh shares to mitigate long-term key exposure risks

— all without changing the vault address or interrupting service.

Last updated