We're funding a year-long grant for Beulah Evanjalin to implement nested MuSig in libsecp256k1-zkp. This is a joint effort between Beulah, Second, and Vora, with Jesse Posner providing weekly mentorship throughout the project.

Nested MuSig is a key dependency for us improving the security of Ark server funds, but the implementation will be open source and it’ll support many other great use-cases for the wider ecosystem. For instance, Vora needs it to support their cold storage-to-Lightning payments.

Improving Bark security with nested MuSig

In Bark, our implementation of the Ark protocol, an Ark server holds a single master key to cosign transactions in the protocol. To improve security, we’d prefer to distribute the key with multisig, but Bark’s use of pre-signed transaction trees makes that impossible with current MuSig implementations. 

What we need is nested MuSig—a way to nest multiple sub-keys under one MuSig key.

That capability doesn't exist in the libsecp library yet—bitcoin’s most secure, well-reviewed, and trusted cryptographic library—and requires some serious expertise to get done. 

Deep cryptography requires deep expertise

With impeccable timing, Jesse Posner, founder of Vora, approached us with a proposal. He'd been working on nested MuSig security proofs with Nadav Kohen, who recently joined Chaincode Labs, and he had a candidate who could do the implementation: Beulah Evanjalin, an open-source developer he'd been mentoring for several months.

Vora needs nested MuSig for their Lightning implementation too, so this work would serve both projects. Jesse offered to provide weekly mentorship throughout the grant. We'd provide the majority of funding. Beulah would build the implementation. It sounded like a great team up and we agreed!

Beulah's work in secp256k1-zkp

Beulah is already contributing to secp256k1-zkp, which is exactly where this implementation needs to live. She recently completed Chaincode Labs' secp256k1 workshop in Portugal, where she met the libsecp contributors and maintainers. She's active in the #secp256k1 IRC channel and has relevant PRs merged into the codebase.

Jesse has built a Python proof-of-concept implementation that demonstrates the approach, and he's working on the security proofs with Nadav. Beulah will take that foundation and turn it into production-ready code that any bitcoin project can use.

A new tool for L2s

Once this implementation is complete and integrated into Bark, the server's signing key will be distributed across multiple cosigning servers in different physical locations, providing a significant improvement in security. Although, from a user's perspective, nothing really changes—they’ll still interact with the Ark protocol the same way.

Some of the other ways we anticipate nested MuSig is going to make things better for bitcoin developers and users include: 

• Stronger and more resilient L2 coordinators: Operators can spread their signing authority across multiple machines or organizations, reducing single-point-of-failure risk without changing how users interact with the system.
• Better uptime and censorship resistance: If one cosigning server goes offline or faces local pressure, the remaining cosigners can still produce signatures. Threshold signing gives L2s a more robust operational backbone.
• Standardized on-chain footprint for operators: Traditional multisig reveals its structure on-chain (observers can see how many signers are required and identify patterns that expose coordinator infrastructure), but with nested MuSig, keys look like ordinary singlesig Taproot outputs on-chain. That means Ark servers, Lightning operators, and other layer two entities can enforce distributed security policies internally while keeping the details of those policies off the blockchain.

This work also lays the groundwork for future Ark optimizations. Nested MuSig with multiple levels could reduce VTXO sizes and cut down the number of public keys and nonces needed when cosigning large transaction trees—but that's a project for later.

Track the work

You can follow Beulah's updates on X and track her contributions to secp256k1-zkp on GitHub. Of course, we'll also be sharing the occasional update from our official account!