📅 Original date posted:2018-01-10
📝 Original message:On Wed, Jan 10, 2018 at 8:28 PM, Pavol Rusnak <stick at satoshilabs.com> wrote:
> On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote:
>> On 09/01/18 00:47, Gregory Maxwell wrote:
>>> Have you considered using blind host-delegated KDFs, where the KDF
>>> runs on the user's computer instead of the hardware wallet, but the
>>> computer doesn't learn anything about they keys?
>>
>> Any examples of these?
Yes, this scheme.
https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217
> Actually, scratch that. HW wallet would not know whether the host
> computer is lying or not. The computer would not learn about the keys,
> but still could be malicious and provide invalid result. Is that correct?
I believe that can be avoided by having the computer do somewhat more
work and checking the consistency after the fact.
(or for decode time, having a check value under the encryption...)
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 18:09:30
in reply to nevent1q…qqsg
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 18:09:30Event JSON
{
"id": "188a02d0a2876a943e536d0c9355c417ccb47200c07f4fd0137726fa4d85ac10",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686161370,
"kind": 1,
"tags": [
[
"e",
"ac3c87f148ca764c85262d935c0d26818cde51a790aa045223a08240c1ff8e91",
"",
"root"
],
[
"e",
"d108aa93d5e083be88caa4cdab36a0efe94e397a5990a81cb6576fe787081248",
"",
"reply"
],
[
"p",
"7631397e469f47f3535567311f5f7c17129e0ff2cb253df015e3d92ddfd92c63"
]
],
"content": "📅 Original date posted:2018-01-10\n📝 Original message:On Wed, Jan 10, 2018 at 8:28 PM, Pavol Rusnak \u003cstick at satoshilabs.com\u003e wrote:\n\u003e On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote:\n\u003e\u003e On 09/01/18 00:47, Gregory Maxwell wrote:\n\u003e\u003e\u003e Have you considered using blind host-delegated KDFs, where the KDF\n\u003e\u003e\u003e runs on the user's computer instead of the hardware wallet, but the\n\u003e\u003e\u003e computer doesn't learn anything about they keys?\n\u003e\u003e\n\u003e\u003e Any examples of these?\n\nYes, this scheme.\nhttps://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217\n\n\u003e Actually, scratch that. HW wallet would not know whether the host\n\u003e computer is lying or not. The computer would not learn about the keys,\n\u003e but still could be malicious and provide invalid result. Is that correct?\n\n\nI believe that can be avoided by having the computer do somewhat more\nwork and checking the consistency after the fact.\n\n(or for decode time, having a check value under the encryption...)",
"sig": "1df80767c2a6452c4551db543f04a3fa2b2c96470a1a1282bc70ab74869d0e6ecc05f1b6eaad787098e1478a05f4d4baa8d15d5dcecca9f38d119bae5957e746"
}