Replying to Avatar Big Barry Bitcoin

Mostly just spitballing. Benefit in my head is:

1. Create an opendime where you know Coinkite doesn't know the key, and the recipient knows you don't know the key.

2. Create a #bitkey but know that Block doesn't know the key on your device as well as on their server.

I think it's powerful being able to give your customers the ability to verify that your products are not cheating them.

The tapsigner can be verified, but you have to export your key and decrypt it on a secure computer to prove it to yourself.
Avatar
salvatoshi 8mo ago

I'm gonna shill this blog post I wrote some time back: https://www.ledger.com/blog/towards-a-trustless-bitcoin-wallet-with-miniscript

If you don't trust a signing device, it's really hard to meaningfully use it without additional devices - I don't think creative paths can help much. For example, a device could lie about the xpubs you ask.

Reply to this note

Please Login to reply.

Discussion

Avatar
Big Barry Bitcoin 8mo ago

... But if you use that xpub to generate an address and the device signs it, where can the lie exist?

Avatar
Big Barry Bitcoin 8mo ago

To be clear, knowing that the chain code is in the xpub and it is one you supplied yourself. This is how you would know it isn't malicious.

Avatar
salvatoshi 8mo ago

Yes, of you provide a chain code yourself and it has enough entropy, then it works somewhat. But it's not better than a 2-of-2 between the device and the software wallet in terms of security model, and I think the latter is easier to analyze.