A recovery protocol and implementation for nostr multisig signers.
For protocol specification and implementation details, see PROTOCOL.md
ALPHA SOFTWARE - This project should be considered ALPHA and not ready for production use.
- Neither the protocol nor the code has been audited
- There could be fatal flaws resulting in key loss, theft, denial of service, or metadata leakage
- Use at your own risk
To add pomade support to your client, simply add it to your project:
pnpm install @pomade/coreThen, follow the guide here.
Clients need to register at least threshold signers for storing user key shares. Client developers are responsible to ensure that:
- Signers are run by multiple independent parties that can be trusted not to collude to steal key material.
- Signers remain responsive; if a signer goes down users should be encouraged to rotate to a new set using the key recovery flow.
- Signer implementations are secure and up to date; multiple implementations are provided which should be mixed to diffuse attack surface area.
Client developers SHOULD run one signer themselves. They MAY also consider deploying an embedded signer to their client application (an in-memory typescript signer implementation is provided in @pomade/core) to hold one user key share. For all third party signers, client developers may either manually select their own trusted parties, or select signers from the list below.
- https://pomade.coracle.social - run by @hodlbod
- https://pomade.nostrver.se - run by @sebastix
- https://pomade.scuttle.works - run by @mplorentz
Note that when logging in all signers need to be contacted, which involves some pretty computationally-intensive hashing operations. For that reason, you should avoid adding a large number of signers to your app; 7-10 should be more than enough.
To run your own signer see DEPLOY.md for detailed instructions, or visit the README for the package you're planning to run to cut to the chase:
The core library that can be integrated into any project. Provides:
- Protocol type definitions and schemas
- Client API for interacting with signers
- Signer class that can be used for demos or for managing a local shard
See the readme for detailed documentation.
A tiny repository for generating HTML email templates using MJML.
Integration tests which run a test suite against different combinations of signer implementations.
Standalone signer service that manages multisig sessions, handles signing requests, and coordinates recovery flows.
See the readme for configuration and deployment.
Rust implementation of BIP-340 FROST signatures including trusted key dealer and DKG flows, compatible with the @cmdruid/frost typescript implementation.
See the readme for configuration and deployment.
Rust signer server with sled storage.
See the readme for configuration and deployment.
Go implementation of BIP-340 FROST signatures including trusted key dealer and DKG flows, compatible with the @cmdruid/frost typescript implementation.
See the readme for configuration and deployment.
Go signer server with bbolt storage.
See the readme for configuration and deployment.
MIT