From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9D1FBEB2 for ; Wed, 10 Jan 2018 23:47:26 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com [209.85.213.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 73A4AE3 for ; Wed, 10 Jan 2018 23:47:25 +0000 (UTC) Received: by mail-vk0-f51.google.com with SMTP id t4so461494vkb.9 for ; Wed, 10 Jan 2018 15:47:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=BRrnf7f15TeQ07+Pd3XjLrHGDoR7l0uQ/ishFAMv2RM=; b=XyU/4AqY5baebc2Y+k4GX5fN/2BQ1t8+1ZH0yyk/QDj/ztTqrC3IUucYAMzXGwvZ2g kLnGcNcCEGsxLYsvK5jZ9Sd8dz1Q1veu5Qm2Y/0gS3nzIgSwWrjSZdPQra/uaQfcBBfs reI/VQ/PtyjP/AwG/qSdwodG/JMVLBs17RgOjY+u6D/piLElMdt1ZgeTak3hFe6Hrz3Q IX4Z0MnuG6vgFj79y8dcDNjjHJJT75i9yrAddY1E8qNxW2jwu1xCb3f+561AAsmqMWkb 85K74oQMJg1buMDKxcGGdIyN35kRP0Rft1ABqn5w5G9jQ1NZRB0c9E03TodD0gJnbzcE Et5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=BRrnf7f15TeQ07+Pd3XjLrHGDoR7l0uQ/ishFAMv2RM=; b=nLvFFm3Gz1e9Ih7+Agaad+1RXmZvmkm4lLVRvaC+tegHHltWE+Cntqn2BaLdP7351o ZKgwdtloRcE/4RlIqpUPbDJXGVtkukzLKuSUFzA5ToFvVZB2larJUh72c6oIOtpenSWv C/iJvjOCoo6QBAYl+BYzVIVSL5EY1HHqKTaITjHiyvUk5CQgvcAr/mSR0ebGZ+KnThpG QL2lGtmapmEJEbbOx+c0I2giXZN3z20BS6/dBhJsOMSaRqgdIZQAuwOzi3Xx7qfrt2i6 WCPMBYA3brLLetyveLXZ7hbvMTanJ6wedwDubiDxPtRVIO/eS7OlLRWXKw0losQF8YzO PGNA== X-Gm-Message-State: AKwxytdCpDP3H0cdWcXlAC2fllBbx+2Hv6XVNzjJcng/3Z/jX2DGLRw1 Ea+L+TnF5oN4T1+8hyXMyLDD/m8qKrshdXnnHHabBQ== X-Google-Smtp-Source: ACJfBovxkhP12ih1FJZALGqyXLBDkg65om6eqWIFhOQP2PkGPBFo8N9nA5jB4lp1tVFlTE4+POfFofzEnCQvfxl1vqA= X-Received: by 10.31.120.1 with SMTP id t1mr172892vkc.172.1515628044540; Wed, 10 Jan 2018 15:47:24 -0800 (PST) MIME-Version: 1.0 Sender: gmaxwell@gmail.com Received: by 10.103.85.152 with HTTP; Wed, 10 Jan 2018 15:47:23 -0800 (PST) In-Reply-To: References: From: Gregory Maxwell Date: Wed, 10 Jan 2018 23:47:23 +0000 X-Google-Sender-Auth: UvfT9PIPrLgg2F7G7cb6j7kxV9w Message-ID: To: Pavol Rusnak Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 23:47:26 -0000 On Wed, Jan 10, 2018 at 8:28 PM, Pavol Rusnak wrote: > On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote: >> On 09/01/18 00:47, Gregory Maxwell wrote: >>> Have you considered using blind host-delegated KDFs, where the KDF >>> runs on the user's computer instead of the hardware wallet, but the >>> computer doesn't learn anything about they keys? >> >> Any examples of these? Yes, this scheme. https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217 > Actually, scratch that. HW wallet would not know whether the host > computer is lying or not. The computer would not learn about the keys, > but still could be malicious and provide invalid result. Is that correct? I believe that can be avoided by having the computer do somewhat more work and checking the consistency after the fact. (or for decode time, having a check value under the encryption...)