From 1342ead71a91a01473697b818e37b9799fb7078d Mon Sep 17 00:00:00 2001
From: Conrado Gouvea <conradoplg@gmail.com>
Date: Fri, 22 Jul 2022 14:44:06 -0300
Subject: [PATCH] make explicit that key share holders can break unlinkability

---
 zip-frost.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zip-frost.rst b/zip-frost.rst
index 44fc9a21..bc7d7e81 100644
--- a/zip-frost.rst
+++ b/zip-frost.rst
@@ -96,7 +96,8 @@ With those considerations in mind, the threat model considered in this ZIP is:
   the unlinkability property). A rogue Coordinator will be able to break
   unlinkability and privacy, but should not be able to create signed transactions
   without the approval of `MIN_SIGNERS` participants, as specified in FROST.
-- All key share holders are also trusted with the privacy of the transaction.
+- All key share holders are also trusted with the privacy and of the transaction,
+  thus a rogue key share holder will be able to break its privacy and unlinkability.
   A future specification may support a scenario where individual key share
   holders are not trusted with it.