Threshold Cryptography II: Unidentifiability in Decentralized FROST Implementation

This technical post analyzes the FROST threshold Schnorr signing protocol and describes an unidentifiability/consistency vulnerability in decentralized implementations that omit the signature aggregator: a malicious participant can send inconsistent nonce commitments to different peers, partitioning views, producing invalid signature shares from honest parties, enabling denial-of-service and false accusation of honest participants; mitigation suggested is adding an extra round to verify nonce commitment consistency.