Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 28325FB6 for ; Wed, 10 Jan 2018 20:28:22 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.sldev.cz (mail.sldev.cz [51.254.7.247]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B73B9E3 for ; Wed, 10 Jan 2018 20:28:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.sldev.cz (Postfix) with ESMTP id ECFD1E89D; Wed, 10 Jan 2018 20:53:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.sldev.cz Received: from mail.sldev.cz ([127.0.0.1]) by localhost (mail.sl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXI52R2xHRel; Wed, 10 Jan 2018 20:53:36 +0000 (UTC) Received: from [10.8.8.107] (unknown [10.8.8.107]) by mail.sldev.cz (Postfix) with ESMTPSA id 7F890E3AE; Wed, 10 Jan 2018 20:53:36 +0000 (UTC) To: Bitcoin Protocol Discussion , Gregory Maxwell References: From: Pavol Rusnak Message-ID: Date: Wed, 10 Jan 2018 21:28:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: sk-SK Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 20:28:22 -0000 On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote: > On 09/01/18 00:47, Gregory Maxwell wrote: >> Have you considered using blind host-delegated KDFs, where the KDF >> runs on the user's computer instead of the hardware wallet, but the >> computer doesn't learn anything about they keys? > > Any examples of these? Actually, scratch that. HW wallet would not know whether the host computer is lying or not. The computer would not learn about the keys, but still could be malicious and provide invalid result. Is that correct? -- Best Regards / S pozdravom, Pavol "stick" Rusnak CTO, SatoshiLabs