How do you prove a FROST threshold signature used current shares and not old revoked ones? You can't — at the Schnorr level (BIP-340). The sig is valid either way. So we built an epoch layer: • NIP-78 replaceable event declares current verification shares • NIP-03 timestamps anchor each epoch to Bitcoin • Events carry a frost-epoch tag pointing to the latest epoch Old shares can still sign. But clients can detect it — like certificate revocation for threshold keys. FROST (BIP-340) + Epochs (NIP-78) + Timestamps (NIP-03) = verifiable key governance without a central authority. 🧊