Struct ThresholdPolicy 

pub struct ThresholdPolicy {
    pub threshold: u8,
    pub signers: Vec<String>,
    pub policy_id: String,
    pub scope: Option<Capability>,
    pub ceremony_endpoint: Option<String>,
}

Policy for threshold signature operations (M-of-N).

This struct defines the parameters for FROST (Flexible Round-Optimized Schnorr Threshold) signature operations. FROST enables M-of-N threshold signing where at least M participants must cooperate to produce a valid signature, but no single participant can sign alone.

Protocol Choice: FROST

FROST was chosen over alternatives for several reasons:

• Ed25519 native: Works with existing Ed25519 key infrastructure
• Round-optimized: Only 2 rounds for signing (vs 3+ for alternatives)
• Rust ecosystem: frost-ed25519 crate from ZcashFoundation is mature
• Security: Proven secure under discrete log assumption

Key Generation Approaches

Two approaches exist for generating threshold key shares:

1. Trusted Dealer: One party generates the key and distributes shares

   • Simpler to implement
   • Single point of failure during key generation
   • Appropriate for org-controlled scenarios

2. Distributed Key Generation (DKG): Participants jointly generate key

   • No single party ever sees the full key
   • More complex, requires additional round-trips
   • Better for trustless scenarios

Integration with Auths

Threshold policies can be attached to high-value operations like:

• sign-release: Release signing requires M-of-N approvers
• rotate-keys: Key rotation requires multi-party approval
• manage-members: Adding admins requires quorum

Example

let policy = ThresholdPolicy {
    threshold: 2,
    signers: vec![
        "did:key:alice".to_string(),
        "did:key:bob".to_string(),
        "did:key:carol".to_string(),
    ],
    policy_id: "release-signing-v1".to_string(),
    scope: Some(Capability::sign_release()),
    ceremony_endpoint: Some("wss://auths.example/ceremony".to_string()),
};
// 2-of-3: Any 2 of Alice, Bob, Carol can sign releases

Storage

Key shares are NOT stored in Git refs (they are secrets). Options:

• Platform keychain (macOS Keychain, Windows Credential Manager)
• Hardware security modules (HSMs)
• Secret managers (Vault, AWS Secrets Manager)

The policy itself (public info) is stored in Git at: refs/auths/policies/threshold/<policy_id>

Fields

threshold: u8

Minimum signers required (M in M-of-N)

signers: Vec<String>

Total authorized signers (N in M-of-N) - DIDs of participants

policy_id: String

Unique identifier for this policy

scope: Option<Capability>

Scope of operations this policy covers (optional)

ceremony_endpoint: Option<String>

Ceremony coordination endpoint (e.g., WebSocket URL for signing rounds)

Implementations

impl ThresholdPolicy

pub fn new(threshold: u8, signers: Vec<String>, policy_id: String) -> Self

Create a new threshold policy

pub fn is_valid(&self) -> bool

Check if the policy parameters are valid

pub fn m_of_n(&self) -> (u8, usize)

Returns M (threshold) and N (total signers)

Trait Implementations

impl Clone for ThresholdPolicy

fn clone(&self) -> ThresholdPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ThresholdPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for ThresholdPolicy

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for ThresholdPolicy

fn eq(&self, other: &ThresholdPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for ThresholdPolicy

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for ThresholdPolicy

impl StructuralPartialEq for ThresholdPolicy