bitcoin-dev
Overview of anti-covert-channel signing techniques
Original Postby Tim Ruffing
Posted on: March 22, 2020 09:43 UTC
In an email conversation, Russell O'Connor suggests that public keys are deterministic and can be spot-checked for easy detection of non-standard proposals.
However, Marko Bencun argues that this defense is weak as devices may start to behave differently over time. Bencun also points out that, while most hardware wallets allow users to import their own BIP39 seed, it is still necessary to compare the public keys output by the hardware wallet with a second computation to ensure that the device is using the correct seed. This defeats the purpose of a hardware wallet as it requires storing the seed on a second device. Both parties agree that there is a need for a clearly specified full protocol that can be analyzed.