On Wed, Jan 10, 2018 at 8:28 PM, Pavol Rusnak <st...@satoshilabs.com> wrote: > On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote: >> On 09/01/18 00:47, Gregory Maxwell wrote: >>> Have you considered using blind host-delegated KDFs, where the KDF >>> runs on the user's computer instead of the hardware wallet, but the >>> computer doesn't learn anything about they keys? >> >> Any examples of these?
Yes, this scheme. https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217 > Actually, scratch that. HW wallet would not know whether the host > computer is lying or not. The computer would not learn about the keys, > but still could be malicious and provide invalid result. Is that correct? I believe that can be avoided by having the computer do somewhat more work and checking the consistency after the fact. (or for decode time, having a check value under the encryption...) _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev