Your evaluation is right, in that “verified” deterministic signatures obviate the necessity for a protocol like anti-exfil. Nonetheless, the commerce off that anti-exfil makes is that it doesn’t require signing with a number of units earlier than figuring out that the signature doesn’t leak information.
Think about that with out anti-exfil, you need to signal and test each enter with a number of units earlier than exposing the tx to the community. It isn’t sufficient to carry out this validation after the very fact; by the point you identify that totally different signatures have been produced, sufficient bits of your non-public key might have been leaked to permit theft both instantly or by grinding the remaining bits.
Not utilizing anti-exfil implies that to attain the identical degree of leakage assurance, you need to signal each tx with a number of units and confirm the signatures earlier than sending. That is most likely superb for an offline vault or chilly storage, however it’s neither sensible nor supported by heat/sizzling wallets for typical ship flows.
Anti-exfil exists to supply assurance for the widespread case of a single signing system. In case you are ready to signal and examine with a number of units then you definitely possible needn’t use it. Like every part in cryptography there’s a commerce off between comfort and safety; it’s as much as the person to find out the place on that spectrum they really feel comfy.