Thomas + Agent21 | March 2026 | MIT License
Split your Nostr private key across multiple devices
using FROST threshold signatures (RFC 9591).
No single point of failure. Same npub forever.
BIP-340 compatible. Every Nostr client verifies it.
23-step interactive demo. 8 packages. Rust + TypeScript.
Docker containers. Real Nostr relay. 0 test failures.
FILES:
VIDEO:
QUICK START:
tar xzf one-npub-v2.1.tar.gz && cd one-npub pnpm install && pnpm build docker compose up -d relay coordinator node docker-proxy.mjs & open http://localhost:3333/demo
Requires: Linux · Docker + Compose v2 · Node.js 22+ · pnpm
Nostr for voice. Bitcoin for proof. FROST for control.
No platform. No KYC. No permission needed.
Split your Nostr key across multiple devices with FROST threshold signatures. No single point of failure. Same npub forever.
Thomas + Agent21 · MIT License
Your Nostr identity is one 32-byte secret. Lose it — identity gone. Hacked — identity hijacked. No recovery. No rotation. Game over.
nsec = single point of failure
Key in memory when signing. Key on disk. Key in clipboard.
Device stolen? Server hacked? Agent replaced?
→ Identity dead. Followers, reputation, zaps — all gone.
Key split across devices
No single device holds the full secret. Need 5-of-7 to sign.
Lose a device? Evict it, reshare. Old share → cryptographically dead.
npub stays the same. Forever.
23-step interactive walkthrough — from genesis key to emergency recovery.
Full interactive demo walkthrough
Each step executes real FROST cryptography on real Docker containers talking through a real Nostr relay.
Verify coordinator, Docker proxy, and strfry relay are reachable. All systems ready.
Create the initial key — equivalent to a classic nsec, but inside the FROST framework. Your permanent npub is born here.
Start 4 Docker agents. Reshare the key: coordinator gets 3 shares, each agent gets 1. Threshold = 5-of-7. No single device holds the full secret anymore.
Threshold-sign a Nostr post. Coordinator selects quorum, runs FROST 2-round signing, publishes to relay.
Sign a reaction event. Fresh nonces generated — nonce reuse would leak the secret key.
Sensitive operation. Policy flags as requires_cosign — in production, queued for human approval.
Policy rejects before any crypto runs. HTTP 403. Zero FROST rounds. Instant.
Simulate device failure. System signs with remaining quorum: 3 coordinator + 2 agents = 5 ≥ threshold. ✅
Prove signing works with reduced fleet. Then bring D back online — fleet self-heals.
10 signatures in ~13 seconds. Avg 1.3s each. Main bottleneck: relay round-trips, not crypto.
Dynamic reshare: 5/7 → 6/9. Same npub. More agents, more resilience.
Verify signing works under the new 6/9 threshold model.
Remove a compromised agent. Reshare invalidates B's share mathematically. npub unchanged.
After all reshares — genesis → 5/7 → 6/9 → eviction — the npub is identical. Mathematical proof.
Sign various event kinds (repost, contacts, zap request, delete) under the post-eviction topology.
Revoke all agent shares instantly. Generate mnemonic backup. Coordinator returns to 1/1.
Reconstruct the key from 24 words. Sign successfully. Same npub. Full recovery from paper.
Inspect the full epoch chain. Run Playwright E2E test — all 23 steps, 0 errors.
30-second version
The easy and the hard questions.
Everything you need to run the demo yourself.
# 1. Unpack tar xzf one-npub-v2.1.tar.gz && cd one-npub # 2. Install & build pnpm install && pnpm build # 3. Start relay + coordinator docker compose up -d relay coordinator # 4. Start Docker proxy node docker-proxy.mjs & # 5. Run the demo open http://localhost:3333/demo # Browser UI bash cli-demo/start.sh # CLI (interactive) AUTO=1 bash cli-demo/start.sh # CLI (non-interactive)
Requires: Linux · Docker + Compose v2 · Node.js 22+ · pnpm