A simple backup scheme for wallet accounts

The sender criticizes the need for an additional secret to access descriptors, proposing instead a method where the encryption of a common secret is part of the backup, eliminating the need for extra secrets to be stored individually. This approach is particularly beneficial in scenarios where the goal is to limit decryption capabilities to specific conditions, such as requiring the cooperation of multiple heirs before accessing a backup. The discussion also references possible extensions to this scheme, citing work by @josh that explores adding complexity to this simple scheme, potentially affecting its adoption despite the theoretical benefits.

A significant portion of the dialogue addresses the use of XOR operations in revealing or constructing a shared secret necessary for decrypting a ciphertext payload, challenging the practicality of straightforward XOR operations among individual secrets given the structured constraints of cryptographic frameworks. Furthermore, the emails touch upon the handling of account numbers in reused devices across multiple setups, advocating for a non-mandatory predictable derivation method to enhance privacy by concealing the total number of participants in any given setup.

Key management within digital wallets is another focal point, with discussions around whether incorporating a component, referred to as 'T', would compromise the predictability and recoverability of xpubs. A proposed solution involves adding a '/T' step to the derivation path rather than altering the descriptor template, suggesting flexibility in maintaining the integrity of existing systems while accommodating necessary functionalities.

The conversation extends to strategies for avoiding xpub derivation reuse across wallets, proposing a derivation path format that incorporates UNIX time to uniquely distinguish between paths. This method not only enhances security but also aids in user-friendliness by providing a rescan hint based on a universally understandable metric—time.

Packaging complex solutions into a Rust crate combined with WebAssembly (WASM) is mentioned as a way to simplify adoption despite inherent complexities. This part of the discussion acknowledges the dual advantages and challenges of multi-party wallets, emphasizing stronger privacy protections at the cost of potentially complicated recovery processes.

Recursive secret splitting is explored as an innovative approach to generalize existing schemes, allowing for flexible participant configurations and thresholds aligned with miniscript rules. However, the sender expresses a preference for simpler choices due to the potential barriers imposed by implementation complexity on user adoption.

The creation of descriptor-encrypt, a Rust library, is highlighted as a significant advancement, offering a tailored encryption approach that aligns access control policies directly with the spending policies of the descriptor. This development promises enhanced security and privacy of digital assets by enabling only authorized spenders to decrypt the descriptor.

Finally, the discussion touches upon the importance of a robust backup strategy for public keys and descriptors, underscoring the shift from focusing solely on safeguarding secrets to ensuring the recoverability of public-facing cryptographic components. This perspective is crucial for maintaining operational continuity and security in digital asset management.