Skip to content

Add descriptor proposal authorization #271

New issue
New issue
Closed
#277
Closed
Add descriptor proposal authorization#271
#277
Assignees
wksantiago
Labels
easyenhancementNew feature or requestnostr-frostNostr FROST coordination protocolp2PrioritysecuritySecurity-related issues
@kwsantiago

Description

@kwsantiago
kwsantiago
opened on Feb 24, 2026

Problem

Any member of a FROST group can currently call request_descriptor and propose a new wallet policy. In company treasury setups, only designated roles (e.g., CFO, CEO) should be able to initiate descriptor coordination — other members should only contribute and verify.

Solution

Add a descriptor_proposers field to FROST group configuration:

pub descriptor_proposers: HashSet<u16>,  // share indices allowed to propose

Changes needed

  • Add descriptor_proposers field to group metadata storage in keep-core (alongside existing share/key package data)
  • Check authorization in handle_descriptor_propose() in node/descriptor.rs — reject proposals from non-authorized share indices
  • Default: all members can propose (backwards compatible)
  • CLI: keep frost set-proposers --group <hex> --indices 1,2
  • Mobile: expose via UniFFI for Android wallet settings

Context

For groups that know each other (company treasury, family vault), restricting who can propose policy changes prevents confusion from multiple competing proposals and limits the attack surface if a single device is compromised.

Metadata

Metadata

Assignees

Labels

easyenhancementNew feature or requestnostr-frostNostr FROST coordination protocolp2PrioritysecuritySecurity-related issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions