Use case: A watch-only reason to carry krux w/o having any secret bip39 seed material
User would have a single-sig xpub, single-sig wallet-descriptor, or multisig wallet-descriptor on them -- so that they could verify coordinator addresses before giving them to others for an on-chain payment. They'd boot krux, enter Tools / "Verify Address", then scan wallet-descriptor and address.
Preferably, in order to mitigate an attack (or at least leave the user the choice to cooperate or not) meant to learn how much bitcoin someone owns, this could be an encrypted descriptor on sdcard, or flash, or in qrcode form.
Since the user would be verifying that their coordinator is not compromised, the attacker could still attack the coordinator... but this is not within krux's control. Hopefully coordinators will employ pin-codes to help secure the user as well.
Important: The user should be warned, whenever verifying addresses in this particular watch-only mode, that it's useless to verify an address from a coordinator if the wallet-descriptor was just scanned from the same coordinator (it wouldn't be verifying anything in that case). This would only make sense for users who have a trusted copy of the original wallet descriptor.
I will edit here if/when I can think of a concise wording for this warning.
Note: I do not see the need to remember this wallet descriptor in RAM once a bip39 seed has been loaded because it would be dangerous to skip the verification steps that occur when loading a descriptor afterwards. That is, especially for single-sig wallets, it would be preferable to derive and verify addresses directly from the seed and it would be dangerous to do so from a remembered wallet descriptor that never got checked because it was loaded without a seed. Similarly with multisig, while not all seeds should ever come together and be available, we still wouldn't want to be verifying addresses for a remembered wallet descriptor that never got checked to verify that the loaded seed is part of the group.
jdlcdl
commented
2 months ago
"Verify Address" tool, w/o loading a seed
Use case: A watch-only reason to carry krux w/o having any secret bip39 seed material
User would have a single-sig xpub, single-sig wallet-descriptor, or multisig wallet-descriptor on them -- so that they could verify coordinator addresses before giving them to others for an on-chain payment. They'd boot krux, enter Tools / "Verify Address", then scan wallet-descriptor and address.
Preferably, in order to mitigate an attack (or at least leave the user the choice to cooperate or not) meant to learn how much bitcoin someone owns, this could be an encrypted descriptor on sdcard, or flash, or in qrcode form.
Since the user would be verifying that their coordinator is not compromised, the attacker could still attack the coordinator... but this is not within krux's control. Hopefully coordinators will employ pin-codes to help secure the user as well.
Important: The user should be warned, whenever verifying addresses in this particular watch-only mode, that it's useless to verify an address from a coordinator if the wallet-descriptor was just scanned from the same coordinator (it wouldn't be verifying anything in that case). This would only make sense for users who have a trusted copy of the original wallet descriptor. I will edit here if/when I can think of a concise wording for this warning.
Note: I do not see the need to remember this wallet descriptor in RAM once a bip39 seed has been loaded because it would be dangerous to skip the verification steps that occur when loading a descriptor afterwards. That is, especially for single-sig wallets, it would be preferable to derive and verify addresses directly from the seed and it would be dangerous to do so from a remembered wallet descriptor that never got checked because it was loaded without a seed. Similarly with multisig, while not all seeds should ever come together and be available, we still wouldn't want to be verifying addresses for a remembered wallet descriptor that never got checked to verify that the loaded seed is part of the group.