I was thinking about 2 things...
1. The coldcard's co-signing feature https://coldcard.com/docs/coldcard-cosigning/
2. Their satscard/tapsigner.
In both cases, you could have the device generate a master key that you will never know. Only the device knows it (I might be wrong about the co-signing feature).
With the tapsigner, you give it a chaincode, and that _theoretically_ gives you a key that you know Coinkite would never know.
You can export the XPUB of m/0' (I think) and it will have your chaincode in it.
But... Since the rest of the derivation path is hardened in a typical key, you can't verify that the xpub for a typical wallet is derived using your chaincode.
So....
What if, just for that one key in a multisig setup, you don't use the typical derivation path so that you can confirm that it uses your chaincode, and since the change and index are not hardened, it still works as expected.
Just trying to think about how you can Guarantee that neither the manufacturer or yourself knows the private key.
Big Barry Bitcoin
npub1pk…tpxa6
2025-05-02 20:10:04
in reply to nevent1q…yzxr
Author Public Key
npub1pktmatjk0l8vn3jhfuwxaasjd65kn4ye9sce3egup7k993f8fg2q5tpxa6Published at
2025-05-02 20:10:04Event JSON
{
"id": "8c58656c6057a8334067838f4d9e6012cce32dc7fb6de546e92cea01d04a8a85",
"pubkey": "0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14",
"created_at": 1746216604,
"kind": 1,
"tags": [
[
"e",
"8c5ffbfc5c0ca1101bca9722243e01cf5712f2a1e67380b73f7c183ded1f77b2",
"",
"root"
],
[
"e",
"116e25900706ad96588da5d1ef159fde46dfcf1662c9f7c48b08123b6e284bb8",
"",
"reply"
],
[
"p",
"a789a409ff78d377294f1a5d3e4b294e80ade7118cc5670951e6ec35eaa7564c"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
],
[
"p",
"0f28196ced1024be7ceb3d7b194337bf8f21e7ad0a8be803b1ec0a7c52e926de"
],
[
"p",
"0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14"
],
[
"r",
"https://coldcard.com/docs/coldcard-cosigning/"
]
],
"content": "I was thinking about 2 things...\n\n1. The coldcard's co-signing feature https://coldcard.com/docs/coldcard-cosigning/\n\n2. Their satscard/tapsigner.\n\nIn both cases, you could have the device generate a master key that you will never know. Only the device knows it (I might be wrong about the co-signing feature).\n\nWith the tapsigner, you give it a chaincode, and that _theoretically_ gives you a key that you know Coinkite would never know.\n\nYou can export the XPUB of m/0' (I think) and it will have your chaincode in it.\n\nBut... Since the rest of the derivation path is hardened in a typical key, you can't verify that the xpub for a typical wallet is derived using your chaincode. \n\nSo....\n\nWhat if, just for that one key in a multisig setup, you don't use the typical derivation path so that you can confirm that it uses your chaincode, and since the change and index are not hardened, it still works as expected.\n\nJust trying to think about how you can Guarantee that neither the manufacturer or yourself knows the private key. ",
"sig": "c9611c59e9e4640d52c23cb8fb551ecdd3b856d22ad09b35a9b4bff10971c1c973842235681b2d59d21109b936f1047e5d2551803cc7ddd273161e9577b253c3"
}