1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
Delivery-date: Sun, 15 Jun 2025 12:56:26 -0700
Received: from mail-yb1-f190.google.com ([209.85.219.190])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCPKZTNTZYDRBX6KXTBAMGQEDVJ3V4Q@googlegroups.com>)
id 1uQtSr-0007Mq-BR
for bitcoindev@gnusha.org; Sun, 15 Jun 2025 12:56:26 -0700
Received: by mail-yb1-f190.google.com with SMTP id 3f1490d57ef6-e7d961b8930sf5143720276.1
for <bitcoindev@gnusha.org>; Sun, 15 Jun 2025 12:56:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1750017379; x=1750622179; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
b=akQ6OLMlBJlan3cbP62Mete62RSfpAAydgbZYZp5qKCU+9Rc5X94su6jYDtevoJsG2
bGOgP4Rw6cLcYCU77/W5di+u6UAJA/iMo1HLRvFu8e0cB1QaFkQSdJf+0bl66/qlVvtP
OkFW7GWQCJ6WrvpeqUpgMBh3vBIwHFjnT1KK6Mf0uSubfRJZzTeupyYicZdAOFNThVB/
zb4ew7zj/OtX3m9VwSRcZFxPNBoK0ebyFldDkYlFG0kNWn8SmFv4yqLm4LFbOXM1yNL6
6Oy+Bgdi53NspzsGB34w18LvZv5zIMdr/WuM1BDCdQZmGxH2rf1wUxIz3NR0hrJaoVt3
1lqw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1750017379; x=1750622179; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
b=b2nLDLOPJsjgewE8BUjpxCuEWw7qzuFmRHSu9B4TLme8xALXIP3cCCvbAHwN5GTUQk
70szLErZV5ZTek6mFCnK/3f5+7+VjzJwnGdEZy5wVo9NXoOdiVOFWSQTp/LYpLQ7i8v5
fPoI4Ch+YXL//jJp14hKmbm3yxwR9Qkc9fP+VAwLPsMeeZC8K2nPEx8TKiO7OP9HsZZr
aapAIOOuag5L3F3fWeHGUXr5ivAHSf3gf4HeJ7KHJmhJJjTc5Rio5Q4MIvMxKXVMkwbq
e3FGq/NLGSxxKs2Ig5pNL5UY8nxSSWYwhz7ZCOuPpFztg8F39B0owwCPA6t6qHhgkZaH
Epog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1750017379; x=1750622179;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
b=PfadldZwECHD16HOaxchz5XjifENezwJXjgRd83F9DGmWodxP8Zf/YZmoMxeMHLv4l
t635jMIE+grrS7RS/nyj1PQpJ5iXfHus4jc3ouvasmz2yGAuKJTZpfkYavqlrJLU9QoA
vZS7LMZed0JMwJK3UOCbtKndCMrUHDVqOExhnBDWm26/VPFzeJsNg8AJ+h+lYDjS/1R+
SZJIsQoTcidCvqiMbmRUB6nx9/i0daX1Ye57RDh4M3qPTFht9ZZHNJCVeMImeihlzVX2
WR3tM9y5bDeNDgYrOc/zncmPexNCDhn+bRhwc4u/TzjdYPLT09A6aHvkXdfjHnEB3yXp
GG5A==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVQ0r6U476zXl8UZ9MxCsCjKOmmdEIPYmgE1U1UoBWm3dD3HBgxdEp/4QCq5x51gWH/lRVzvodGWC2L@gnusha.org
X-Gm-Message-State: AOJu0YwNa8NkA7miF3Jg7FVZ1309F/8NQLCjBIcHmIf2vkbcR+DN7yai
J5TfbaSPwNq7MPZlVoVMk0vhPmSDvprbb0Si0G+cD2XChCtOGWmJlis4
X-Google-Smtp-Source: AGHT+IGwUcLzCtH2lsG94TMgM4mYENHrxp0Fcm/m8Et2uUrIXi4LepjLkp3pxIryLggOnEHrT0v3Hg==
X-Received: by 2002:a05:6902:1608:b0:e81:28d3:a23c with SMTP id 3f1490d57ef6-e822abf558dmr10133746276.12.1750017379501;
Sun, 15 Jun 2025 12:56:19 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZc97dHWbaEi9hxcnk3sIJkME8zMdCsHC481Eu8dRf5Rpg==
Received: by 2002:a5b:5c9:0:b0:e7d:801a:4dd6 with SMTP id 3f1490d57ef6-e8229065b06ls1599092276.0.-pod-prod-05-us;
Sun, 15 Jun 2025 12:56:15 -0700 (PDT)
X-Received: by 2002:a05:690c:f07:b0:70c:a5c2:ceed with SMTP id 00721157ae682-7117543f76dmr91348257b3.25.1750017375510;
Sun, 15 Jun 2025 12:56:15 -0700 (PDT)
Received: by 2002:a05:690c:2706:b0:6ef:590d:3213 with SMTP id 00721157ae682-71162a564f0ms7b3;
Sun, 15 Jun 2025 12:43:52 -0700 (PDT)
X-Received: by 2002:a05:690c:6310:b0:70d:ff2a:d69a with SMTP id 00721157ae682-7117544096cmr105530627b3.27.1750016631226;
Sun, 15 Jun 2025 12:43:51 -0700 (PDT)
Date: Sun, 15 Jun 2025 12:43:50 -0700 (PDT)
From: Owen Kemeys <owenjk@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <e65b99a8-5234-451d-b62e-9484c2d59c76n@googlegroups.com>
In-Reply-To: <CADL_X_cc2UdbFkFjL7ma9q=3mdgWs-s7+31UH62bdacmOLXK3A@mail.gmail.com>
References: <aEdoIvOgNNtT6L4s@mail.wpsoftware.net>
<CAPfvXfL=7bQvhN5ZOJoS-hQ8TmUku=mNhxNop=ZhcyH+kqs9jw@mail.gmail.com>
<46349b6c-ccec-4378-8721-aecec22752e7@mattcorallo.com>
<de023ffa-6f8b-44bc-8e4d-6012e2ba3ccen@googlegroups.com>
<8d158e3d-b3cc-44b6-b71b-ab2e733c047c@mattcorallo.com>
<CAPfvXfLc5-=UVpcvYrC=VP7rLRroFviLTjPQfeqMQesjziL=CQ@mail.gmail.com>
<aEsvtpiLWoDsfZrN@mail.wpsoftware.net>
<f8b37a59-0897-40df-a08e-7812c806a716@mattcorallo.com>
<CADL_X_fxwKLdst9tYQqabUsJgu47xhCbwpmyq97ZB-SLWQC9Xw@mail.gmail.com>
<psUO5AHTglJ3KiGM5tTd0sqrFDUexydKzfkOpjOHcWM97OdluX_hIplsXxl_9vzS1pPOqMek3rVBhlzWiPyuvFvz7VmG9FNXapkMG97a7xc=@protonmail.com>
<CADL_X_faQhCGS78y0Nggm_h=x_cEtshhbrZDDhQ=FEgbDXkc-Q@mail.gmail.com>
<CAAS2fgSo=pdRhj=MkRDObXm5GtKpP3R5T4yck_pwBpn3_72f5Q@mail.gmail.com>
<CADL_X_dTK0AtaWQGLzcNBug1=4x7CYn8ypvWAtHVzyGht47wuw@mail.gmail.com>
<CAAS2fgSmmDmEhi3y39MgQj+pKCbksMoVmV_SgQmqMOqfWY_QLg@mail.gmail.com>
<CADL_X_cc2UdbFkFjL7ma9q=3mdgWs-s7+31UH62bdacmOLXK3A@mail.gmail.com>
Subject: Re: [bitcoindev] CTV + CSFS: a letter
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_179840_519618962.1750016630765"
X-Original-Sender: owenjk@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_179840_519618962.1750016630765
Content-Type: multipart/alternative;
boundary="----=_Part_179841_1126738281.1750016630765"
------=_Part_179841_1126738281.1750016630765
Content-Type: text/plain; charset="UTF-8"
On Sunday, 15 June 2025 at 10:10:59 UTC-6 Jameson Lopp wrote:
It's the same problem as securely generating and storing keys. In order for
presigned transaction vaults to actually be trustworthy then ephemeral key
usage needs to occur on a hardened offline device that is highly unlikely
to be compromised. I'm not aware of any of the hardware manufacturers
offering functionality for generating and signing with ephemeral keys.
I'm talking my employer's book, but you can approximate this function for
sure on Foundation Passport by generating a child seed then loading it as a
temporary signing key (forgotten on power off). I'm sure Coldcard offers
something similar and perhaps others. Of course, you'd have to remember to
delete the seed before putting the device away, and it's derived, not
generated from scratch, so undermining some of the security. But it's
close, and the desired functionality could be added if there was demand,
all the pieces are there.
The upcoming Passport Prime device would be perfectly placed to serve a
workflow in a secure environment that generates an ephemeral key, signs,
discards, and passes the PSBTs back to the online device. This is niche
enough that we're unlikely to write the applet ourselves, but that's why
it's an open source platform - hopefully some vault project will come along
and assemble the building blocks in the right way; it shouldn't be hard.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com.
------=_Part_179841_1126738281.1750016630765
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div><div dir=3D"auto">On Sunday, 15 June 2025 at 10:10:59 UTC-6 Jameson Lo=
pp wrote:<br /></div><blockquote style=3D"margin: 0px 0px 0px 0.8ex; border=
-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir=3D"ltr"><=
div></div></div><div dir=3D"ltr"><div><div>It's the same problem as securel=
y generating and storing keys. In order for presigned transaction vaults to=
actually be trustworthy then ephemeral key usage needs to occur on a harde=
ned offline device that is highly unlikely to be compromised. I'm not aware=
of any of the hardware manufacturers offering functionality for generating=
and signing with ephemeral keys.</div></div></div></blockquote><div><br />=
</div><div>
<div>I'm talking my employer's book, but you can approximate this=20
function for sure on Foundation Passport by generating a child seed then
loading it as a temporary signing key (forgotten on power off). I'm=20
sure Coldcard offers something similar and perhaps others. Of course,=20
you'd have to remember to delete the seed before putting the device=20
away, and it's derived, not generated from scratch, so undermining some=20
of the security. But it's close, and the desired functionality could be add=
ed if there was demand, all the pieces are there.</div><div><br /></div><di=
v>The upcoming Passport Prime device would be=20
perfectly placed to serve a workflow in a secure environment that generates=
an=20
ephemeral key, signs, discards, and passes the PSBTs back to the online=20
device. This is niche enough that we're unlikely to write the applet=20
ourselves, but that's why it's an open source platform - hopefully some vau=
lt project will come along and assemble the=20
building blocks in the right way; it shouldn't be hard.</div></div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com</a>.<br />
------=_Part_179841_1126738281.1750016630765--
------=_Part_179840_519618962.1750016630765--
|