On Sunday, 15 June 2025 at 10:10:59 UTC-6 Jameson Lopp wrote:
It's the same problem as securely generating and storing keys. In order for presigned transaction vaults to actually be trustworthy then ephemeral key usage needs to occur on a hardened offline device that is highly unlikely to be compromised. I'm not aware of any of the hardware manufacturers offering functionality for generating and signing with ephemeral keys.

I'm talking my employer's book, but you can approximate this function for sure on Foundation Passport by generating a child seed then loading it as a temporary signing key (forgotten on power off). I'm sure Coldcard offers something similar and perhaps others. Of course, you'd have to remember to delete the seed before putting the device away, and it's derived, not generated from scratch, so undermining some of the security. But it's close, and the desired functionality could be added if there was demand, all the pieces are there.

The upcoming Passport Prime device would be perfectly placed to serve a workflow in a secure environment that generates an ephemeral key, signs, discards, and passes the PSBTs back to the online device. This is niche enough that we're unlikely to write the applet ourselves, but that's why it's an open source platform - hopefully some vault project will come along and assemble the building blocks in the right way; it shouldn't be hard.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e65b99a8-5234-451d-b62e-9484c2d59c76n%40googlegroups.com.