We have a proprietary JSON based encoding system which we are looking to move towards PSBT, but PSBT is missing this key functionality.

BIP32_DERIVATION does allow us to verify the address is from a certain XPUB, but, for example, it can not allow us to verify a signature of that xpub.

I have made a rough draft of the proposed key value specification.
https://github.com/junderw/bips/blob/addXpubSig/bip-0174.mediawiki#specification

The signing key path used in the spec is just randomly chosen 31 x 4 bits shown as numbers with hardened paths.

Since this issue seems similar to the change address issue, I started from that as a base. With the HW wallet case, I can verify the xpub by just deriving it locally and comparing equality, however, in our case, we need to verify an xpub that we do not have access to via derivation from our cold key(s) (since we don't want to import our warm private key into our cold signer)

So the flow would be:

1. Securely verify the xpub of the warm / hot wallet.

2. Using the airgap signing tool, sign the xpub with all cold keys.

3. Upload the signature/xpub pairs to the online unsigned transaction generator.
4. Include one keyval pair per coldkey/xpub pairing.
5. When offline signing, if the wallet detects there is a global keyval XPUB_SIGNATURE with its pubkey in the key, it must verify that all outputs have BIP32_DERIVATION and that it can verify the outputs through the derivation, to the xpub, and to the signature.

In my attempt to fitting this into PSBT, I am slightly altering our current system, so don't take this as an indication 100% of how we work in the backend.

However, I would like to hear any feedback on this proposal.

Thanks,

Jonathan