To scan for cash obtained to Bobs silent fee deal with, he wants to make use of his b_scan non-public key because the shared secret is calculated by the sender utilizing a*B_scan.
This query is just not about whether or not host wallets / companion apps for {hardware} wallets will make the most of scanning servers or some other strategy to implement scanning however relatively how they are going to cope with the non-public key b_scan being required to be “on-line”.
- {hardware} wallets usually don’t assist exporting non-public keys (and mustn’t imo.)
- BIP-352 says that wallets MAY use BIP32 derivation paths however this would possibly not be doable for {hardware} wallets that do not export non-public keys.
How might doable implementations appear to be? The host pockets / scanning server might simply compute all A (sender’s public key a1 + a2 + ... + an for n inputs) after which {hardware} wallets might have an API to calculate the shared secret given the A?
Recovering the pockets stability from a sure block peak (the block peak that the {hardware} pockets rolled out silent fee obtain for instance) could be lots of work, and for all subsequent receives the {hardware} pockets additionally needs to be related.
Does anybody have an thought how {hardware} wallets might probably cope with this with out destroying UX / including complexity to the {hardware} pockets firmware?