Bitcoin

Signatures – Anti-exfiltration protocols cannot be verified on many hardware wallets.

Your analysis is correct in that “verified” deterministic signatures eliminate the need for protocols such as anti-exfiltration. However, the downside to exfiltration prevention is that you don’t have to sign with multiple devices before you know that your signature won’t leak your data.

Consider that without leak protection, all inputs would have to be signed and verified by multiple devices before exposing the tx to the network. Performing this verification after the fact is not sufficient. By the time it is determined that another signature has been created, enough bits of the private key have been leaked and can be stolen, either directly or by grinding the remaining bits.

Not using exfiltration protection means that to achieve the same level of leakage assurance, you need to sign every tx with multiple devices and verify the signature before sending. While it may be suitable for offline or cold storage, it is neither practical nor supported in warm/hot wallets for typical transfer flows.

Leak protection exists to provide assurance for the general case of single-signature devices. If you’re ready to sign up and compare multiple devices, you probably don’t need to use them. As with everything in encryption, there is a balance between convenience and security. It’s up to the individual to decide where they feel comfortable on that spectrum.

Related Articles

Back to top button