From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Sun, 15 Jun 2025 12:56:26 -0700
Received: from mail-yb1-f190.google.com ([209.85.219.190])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBCPKZTNTZYDRBX6KXTBAMGQEDVJ3V4Q@googlegroups.com>)
	id 1uQtSr-0007Mq-BR
	for bitcoindev@gnusha.org; Sun, 15 Jun 2025 12:56:26 -0700
Received: by mail-yb1-f190.google.com with SMTP id 3f1490d57ef6-e7d961b8930sf5143720276.1
        for <bitcoindev@gnusha.org>; Sun, 15 Jun 2025 12:56:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750017379; x=1750622179; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
        b=akQ6OLMlBJlan3cbP62Mete62RSfpAAydgbZYZp5qKCU+9Rc5X94su6jYDtevoJsG2
         bGOgP4Rw6cLcYCU77/W5di+u6UAJA/iMo1HLRvFu8e0cB1QaFkQSdJf+0bl66/qlVvtP
         OkFW7GWQCJ6WrvpeqUpgMBh3vBIwHFjnT1KK6Mf0uSubfRJZzTeupyYicZdAOFNThVB/
         zb4ew7zj/OtX3m9VwSRcZFxPNBoK0ebyFldDkYlFG0kNWn8SmFv4yqLm4LFbOXM1yNL6
         6Oy+Bgdi53NspzsGB34w18LvZv5zIMdr/WuM1BDCdQZmGxH2rf1wUxIz3NR0hrJaoVt3
         1lqw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1750017379; x=1750622179; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
        b=b2nLDLOPJsjgewE8BUjpxCuEWw7qzuFmRHSu9B4TLme8xALXIP3cCCvbAHwN5GTUQk
         70szLErZV5ZTek6mFCnK/3f5+7+VjzJwnGdEZy5wVo9NXoOdiVOFWSQTp/LYpLQ7i8v5
         fPoI4Ch+YXL//jJp14hKmbm3yxwR9Qkc9fP+VAwLPsMeeZC8K2nPEx8TKiO7OP9HsZZr
         aapAIOOuag5L3F3fWeHGUXr5ivAHSf3gf4HeJ7KHJmhJJjTc5Rio5Q4MIvMxKXVMkwbq
         e3FGq/NLGSxxKs2Ig5pNL5UY8nxSSWYwhz7ZCOuPpFztg8F39B0owwCPA6t6qHhgkZaH
         Epog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750017379; x=1750622179;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lot16vFee3MKPoLeNnSL7zIq+19Nl2/vq2F14KTnhkM=;
        b=PfadldZwECHD16HOaxchz5XjifENezwJXjgRd83F9DGmWodxP8Zf/YZmoMxeMHLv4l
         t635jMIE+grrS7RS/nyj1PQpJ5iXfHus4jc3ouvasmz2yGAuKJTZpfkYavqlrJLU9QoA
         vZS7LMZed0JMwJK3UOCbtKndCMrUHDVqOExhnBDWm26/VPFzeJsNg8AJ+h+lYDjS/1R+
         SZJIsQoTcidCvqiMbmRUB6nx9/i0daX1Ye57RDh4M3qPTFht9ZZHNJCVeMImeihlzVX2
         WR3tM9y5bDeNDgYrOc/zncmPexNCDhn+bRhwc4u/TzjdYPLT09A6aHvkXdfjHnEB3yXp
         GG5A==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVQ0r6U476zXl8UZ9MxCsCjKOmmdEIPYmgE1U1UoBWm3dD3HBgxdEp/4QCq5x51gWH/lRVzvodGWC2L@gnusha.org
X-Gm-Message-State: AOJu0YwNa8NkA7miF3Jg7FVZ1309F/8NQLCjBIcHmIf2vkbcR+DN7yai
	J5TfbaSPwNq7MPZlVoVMk0vhPmSDvprbb0Si0G+cD2XChCtOGWmJlis4
X-Google-Smtp-Source: AGHT+IGwUcLzCtH2lsG94TMgM4mYENHrxp0Fcm/m8Et2uUrIXi4LepjLkp3pxIryLggOnEHrT0v3Hg==
X-Received: by 2002:a05:6902:1608:b0:e81:28d3:a23c with SMTP id 3f1490d57ef6-e822abf558dmr10133746276.12.1750017379501;
        Sun, 15 Jun 2025 12:56:19 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZc97dHWbaEi9hxcnk3sIJkME8zMdCsHC481Eu8dRf5Rpg==
Received: by 2002:a5b:5c9:0:b0:e7d:801a:4dd6 with SMTP id 3f1490d57ef6-e8229065b06ls1599092276.0.-pod-prod-05-us;
 Sun, 15 Jun 2025 12:56:15 -0700 (PDT)
X-Received: by 2002:a05:690c:f07:b0:70c:a5c2:ceed with SMTP id 00721157ae682-7117543f76dmr91348257b3.25.1750017375510;
        Sun, 15 Jun 2025 12:56:15 -0700 (PDT)
Received: by 2002:a05:690c:2706:b0:6ef:590d:3213 with SMTP id 00721157ae682-71162a564f0ms7b3;
        Sun, 15 Jun 2025 12:43:52 -0700 (PDT)
X-Received: by 2002:a05:690c:6310:b0:70d:ff2a:d69a with SMTP id 00721157ae682-7117544096cmr105530627b3.27.1750016631226;
        Sun, 15 Jun 2025 12:43:51 -0700 (PDT)
Date: Sun, 15 Jun 2025 12:43:50 -0700 (PDT)
From: Owen Kemeys <owenjk@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <e65b99a8-5234-451d-b62e-9484c2d59c76n@googlegroups.com>
In-Reply-To: <CADL_X_cc2UdbFkFjL7ma9q=3mdgWs-s7+31UH62bdacmOLXK3A@mail.gmail.com>
References: <aEdoIvOgNNtT6L4s@mail.wpsoftware.net>
 <CAPfvXfL=7bQvhN5ZOJoS-hQ8TmUku=mNhxNop=ZhcyH+kqs9jw@mail.gmail.com>
 <46349b6c-ccec-4378-8721-aecec22752e7@mattcorallo.com>
 <de023ffa-6f8b-44bc-8e4d-6012e2ba3ccen@googlegroups.com>
 <8d158e3d-b3cc-44b6-b71b-ab2e733c047c@mattcorallo.com>
 <CAPfvXfLc5-=UVpcvYrC=VP7rLRroFviLTjPQfeqMQesjziL=CQ@mail.gmail.com>
 <aEsvtpiLWoDsfZrN@mail.wpsoftware.net>
 <f8b37a59-0897-40df-a08e-7812c806a716@mattcorallo.com>
 <CADL_X_fxwKLdst9tYQqabUsJgu47xhCbwpmyq97ZB-SLWQC9Xw@mail.gmail.com>
 <psUO5AHTglJ3KiGM5tTd0sqrFDUexydKzfkOpjOHcWM97OdluX_hIplsXxl_9vzS1pPOqMek3rVBhlzWiPyuvFvz7VmG9FNXapkMG97a7xc=@protonmail.com>
 <CADL_X_faQhCGS78y0Nggm_h=x_cEtshhbrZDDhQ=FEgbDXkc-Q@mail.gmail.com>
 <CAAS2fgSo=pdRhj=MkRDObXm5GtKpP3R5T4yck_pwBpn3_72f5Q@mail.gmail.com>
 <CADL_X_dTK0AtaWQGLzcNBug1=4x7CYn8ypvWAtHVzyGht47wuw@mail.gmail.com>
 <CAAS2fgSmmDmEhi3y39MgQj+pKCbksMoVmV_SgQmqMOqfWY_QLg@mail.gmail.com>
 <CADL_X_cc2UdbFkFjL7ma9q=3mdgWs-s7+31UH62bdacmOLXK3A@mail.gmail.com>
Subject: Re: [bitcoindev] CTV + CSFS: a letter
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_179840_519618962.1750016630765"
X-Original-Sender: owenjk@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_179840_519618962.1750016630765
Content-Type: multipart/alternative; 
	boundary="----=_Part_179841_1126738281.1750016630765"

------=_Part_179841_1126738281.1750016630765
Content-Type: text/plain; charset="UTF-8"

On Sunday, 15 June 2025 at 10:10:59 UTC-6 Jameson Lopp wrote:

It's the same problem as securely generating and storing keys. In order for 
presigned transaction vaults to actually be trustworthy then ephemeral key 
usage needs to occur on a hardened offline device that is highly unlikely 
to be compromised. I'm not aware of any of the hardware manufacturers 
offering functionality for generating and signing with ephemeral keys.


I'm talking my employer's book, but you can approximate this function for 
sure on Foundation Passport by generating a child seed then loading it as a 
temporary signing key (forgotten on power off). I'm sure Coldcard offers 
something similar and perhaps others. Of course, you'd have to remember to 
delete the seed before putting the device away, and it's derived, not 
generated from scratch, so undermining some of the security. But it's 
close, and the desired functionality could be added if there was demand, 
all the pieces are there.

The upcoming Passport Prime device would be perfectly placed to serve a 
workflow in a secure environment that generates an ephemeral key, signs, 
discards, and passes the PSBTs back to the online device. This is niche 
enough that we're unlikely to write the applet ourselves, but that's why 
it's an open source platform - hopefully some vault project will come along 
and assemble the building blocks in the right way; it shouldn't be hard.

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com.

------=_Part_179841_1126738281.1750016630765
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div><div dir=3D"auto">On Sunday, 15 June 2025 at 10:10:59 UTC-6 Jameson Lo=
pp wrote:<br /></div><blockquote style=3D"margin: 0px 0px 0px 0.8ex; border=
-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir=3D"ltr"><=
div></div></div><div dir=3D"ltr"><div><div>It's the same problem as securel=
y generating and storing keys. In order for presigned transaction vaults to=
 actually be trustworthy then ephemeral key usage needs to occur on a harde=
ned offline device that is highly unlikely to be compromised. I'm not aware=
 of any of the hardware manufacturers offering functionality for generating=
 and signing with ephemeral keys.</div></div></div></blockquote><div><br />=
</div><div>
<div>I'm talking my employer's book, but you can approximate this=20
function for sure on Foundation Passport by generating a child seed then
 loading it as a temporary signing key (forgotten on power off). I'm=20
sure Coldcard offers something similar and perhaps others. Of course,=20
you'd have to remember to delete the seed before putting the device=20
away, and it's derived, not generated from scratch, so undermining some=20
of the security. But it's close, and the desired functionality could be add=
ed if there was demand, all the pieces are there.</div><div><br /></div><di=
v>The upcoming Passport Prime device would be=20
perfectly placed to serve a workflow in a secure environment that generates=
 an=20
ephemeral key, signs, discards, and passes the PSBTs back to the online=20
device. This is niche enough that we're unlikely to write the applet=20
ourselves, but that's why it's an open source platform - hopefully some vau=
lt project will come along and assemble the=20
building blocks in the right way; it shouldn't be hard.</div></div></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com</a>.<br />

------=_Part_179841_1126738281.1750016630765--

------=_Part_179840_519618962.1750016630765--