Overview of anti-covert-channel signing techniques

He mentions that there are some side benefits as well. The storage solution could be any way in which bitcoins are stored, and the technique works regardless. If the SW party is split into two, generator and validator, some useful security properties emerge. The generator creates and passes on receiving addresses and withdrawal transactions while remaining offline, whereas the validator double checks everything the generator did. It works best if the validator is written entirely independently of the generator. The external software runs on a second SW, which is the second stage, and it would work with a non-trivial/random unhardened derivation just fine. K commitment is one of the proposed solutions collected by Peter in the thread. By committing to some k value, the hardware wallet cannot sneak out private keys in the R value.