From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 26 Mar 2026 11:07:48 -0700 Received: from mail-oa1-f58.google.com ([209.85.160.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1w5p7U-00083m-0N for bitcoindev@gnusha.org; Thu, 26 Mar 2026 11:07:48 -0700 Received: by mail-oa1-f58.google.com with SMTP id 586e51a60fabf-41c5c1675c9sf1785346fac.2 for ; Thu, 26 Mar 2026 11:07:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1774548462; x=1775153262; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:x-original-sender :mime-version:subject:references:in-reply-to:message-id:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=A0eON1v3ZRFmG2PWMgd27PEfRnaSbN7UV2OWdg6gYTg=; b=Zr+6IFdyqigkOGt1fuk7VZQaGNf+Jvo0avsjBLla3uZf6JEmgeR+n+12XIrtvHNfRC XzXeIo7vzMJ/lcEFTZRmS68f8KkJed0rlVtONaavcTfGbaRCiQ0nPgaEzA4LsuHifyh8 HefRhPKPo7t8oUvgtHz8Y3jzS06Bn4Ifym3oTmIWQT6I38qNZS8zi27qLhnk5t8xDQVT 2M/829FLwJS9m7R1FE/JyQLUO9S0tkEXp1Q4FdAdIwljBn0Am0ItyOUIEdZIChZ6jyh2 iuyXmALgNbjdrJhd4plwMxSj4hxDJrdHgJe1ie5t+s9z3vVXPZHNzx1nV8HBOaDp4/d8 aAMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774548462; x=1775153262; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:x-original-sender :mime-version:subject:references:in-reply-to:message-id:to:from:date :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=A0eON1v3ZRFmG2PWMgd27PEfRnaSbN7UV2OWdg6gYTg=; b=X6mm6+Dz6yAMuze7j/s3wdyqTK9dlfjtlDm+pBDLwN51/FYZi9XTtQjpV0lrnQDQY7 LMAk8ENqva8bw0LdIMkrVnCljE2jw9eroPuD1kmzfS3qC4EHBdwbYXOnZ4w7srMF7kT1 vj8RpemaVc0dB6caTAV8ZOUXIC0cDqf0uzqG/oUIkIp5YhwCpNfreVQ0Cco87yesymNJ OkeLAmaP/z3xYj8acbve6cWhIhooz6nqzvFNps3w1IUyj6dNPfxofbEEjrTY7dkWW/SX R7SbFGkGjq8Bl46zPmyiQ4k4/t0hHqooN1Tg+JokYO7cfOFoURZNqSpp3n4c6u3vaOoI j9xQ== X-Forwarded-Encrypted: i=1; AJvYcCX1PXzIWBDc/3CmpCJCZajROL71jEb419Njq1gPgcnLHH7+NvhToBQBC+tUzlTgjvkoOxSvvrhqM16w@gnusha.org X-Gm-Message-State: AOJu0YwIIDXbkZqkHvFvdgidNJvUDHxvvMr2+IxYz49zVnngqQoKrlf4 zUslrLuGb9bNLgUC5Prslsznk4RI+GFGBbmlZZDgzJEExFqU8ULHubUe X-Received: by 2002:a05:6820:190c:b0:67a:2305:5e4e with SMTP id 006d021491bc7-67dff402176mr4085856eaf.17.1774548461973; Thu, 26 Mar 2026 11:07:41 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AYAyTiI03DHUxB9+0aG5N0A5G+Aa2v0bN7PFGV+OeL4hkYpfJA==" Received: by 2002:a05:6870:3354:b0:416:1b5c:16df with SMTP id 586e51a60fabf-41cc9042194ls673215fac.2.-pod-prod-08-us; Thu, 26 Mar 2026 11:07:37 -0700 (PDT) X-Received: by 2002:a05:6808:2392:b0:467:58e:5d73 with SMTP id 5614622812f47-46a5c62526emr3773417b6e.19.1774548457159; Thu, 26 Mar 2026 11:07:37 -0700 (PDT) Received: by 2002:a05:690c:6283:b0:79a:37dc:255a with SMTP id 00721157ae682-79ad136a5cams7b3; Thu, 26 Mar 2026 09:02:50 -0700 (PDT) X-Received: by 2002:a05:690c:e3ed:b0:79a:3b28:a727 with SMTP id 00721157ae682-79acf3e39cbmr89314517b3.27.1774540969770; Thu, 26 Mar 2026 09:02:49 -0700 (PDT) Date: Thu, 26 Mar 2026 09:02:49 -0700 (PDT) From: "'Sean Carlin' via Bitcoin Development Mailing List" To: Bitcoin Development Mailing List Message-Id: In-Reply-To: References: <3f1a1491-06e1-4453-9538-fa66bc432a06n@googlegroups.com> Subject: [bitcoindev] Re: [BIP Draft] Blind Relay: Stateless Encrypted WebSocket Coordination for PSBTs MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_135552_931412688.1774540969336" X-Original-Sender: SeanCarlin90@googlemail.com X-Original-From: Sean Carlin Reply-To: Sean Carlin Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) ------=_Part_135552_931412688.1774540969336 Content-Type: multipart/alternative; boundary="----=_Part_135553_1766852661.1774540969336" ------=_Part_135553_1766852661.1774540969336 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Thomas,=20 I=E2=80=99ve been looking through your BTSL playground source code. To make= this=20 work seamlessly with the Blind Relay reference implementation (Signing=20 Room), it would be great if the BTSL parser and validator were available as= =20 a standalone, versioned NPM package. If we had an @btsl/validator package that was environment-agnostic (no=20 internal fetch calls to Blockstream, just pure PSBT/Schema validation and= =20 minimal dependencies), I could potentially integrate it directly into the= =20 Signing Room client. This would allow 'Signing Room' to automatically=20 detect an attached schema, run the ASSERT logic locally, and provide the=20 user with a 'Verified by BTSL' green-check before they sign. The STATE_SYNC payload could be modified to something like this to pass a= =20 schema and type: {=20 "type": "STATE_SYNC",=20 "encryptedPsbt": "base64_encrypted_psbt",=20 "encryptedValidationSchema": "base64_encrypted_btsl_string", //=20 Optional=20 "schemaType": "BTSL_V1", // Optional: Identifies the language Or=20 Version ...=20 } =20 Let me know your thoughts, All the best Sean Carlin On Thursday, 26 March 2026 at 14:21:41 UTC Thomas Suau wrote: > Hello,=20 > The transport layer problem is well addressed here. The complementary=20 > piece =E2=80=94 ensuring signers can independently validate transaction i= nvariants=20 > before signing, regardless of how the PSBT was relayed =E2=80=94 is what = I've been=20 > exploring with BTSL:=20 > https://delvingbitcoin.org/t/btsl-bitcoin-transaction-schema-language-a-d= eclarative-validation-schema-for-psbt-workflows/2338 > > Best regards,=20 > Thomas Suau > > Le mercredi 25 mars 2026 =C3=A0 13:21:39 UTC+1, Sean Carlin a =C3=A9crit = : > >> Hi everyone, >> >> I'd like to propose a new BIP for real-time, trust-minimized coordinatio= n=20 >> of multi-signature PSBTs. >> >> The Problem >> Coordinating N-of-M Bitcoin transactions currently forces users into a= =20 >> binary choice: >> - Manual out-of-band transfers (USB drives, secure messengers) that=20 >> preserve privacy but introduce high friction and error risk, or >> - Stateful coordination servers that offer good UX but act as privacy=20 >> honeypots, logging metadata, signer relationships, and often storing PSB= Ts=20 >> on disk. >> >> The Proposal: Blind Relay >> This BIP introduces a "Blind Relay" - an ephemeral, stateless,=20 >> zero-knowledge WebSocket relay. All payloads are encrypted client-side w= ith=20 >> AES-GCM-256, with decryption keys held exclusively in client-side URL=20 >> fragments (never sent to the server). The relay operates entirely in RAM= =20 >> with a strict 24-hour TTL and self-destructs upon completion, providing= =20 >> real-time coordination without persistent metadata or disk storage. >> >> A reference implementation has been running in production for three=20 >> months, successfully facilitating real multisig ceremonies. >> >> *Links* >> - BIP Draft:=20 >> https://github.com/scarlin90/bip-stateless-psbt-coordination/blob/main/b= ip-draft.md >> - Source Code: https://github.com/scarlin90/signingroom >> - Live Client: https://signingroom.io >> - Related Research Paper: https://arxiv.org/abs/2601.17875 >> >> I look forward to your technical feedback - especially on the=20 >> specification, security model, edge cases, and any suggested improvement= s. >> >> Best regards, >> Sean Carlin > > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= e501ab92-6911-4437-ac06-d7f547c2190dn%40googlegroups.com. ------=_Part_135553_1766852661.1774540969336 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Thomas,=C2=A0
I=E2=80=99ve been looking through your BTSL playground= source code. To make this work seamlessly with the Blind Relay reference i= mplementation (Signing Room), it would be great if the BTSL parser and vali= dator were available as a standalone, versioned NPM package.

If = we had an @btsl/validator package that was environment-agnostic (no interna= l fetch calls to Blockstream, just pure PSBT/Schema validation and minimal = dependencies), I could potentially integrate it directly into the Signing R= oom client. This would allow 'Signing Room' to automatically detect an atta= ched schema, run the ASSERT logic locally, and provide the user with a 'Ver= ified by BTSL' green-check before they sign.

The STATE_SYNC payl= oad could be modified to something like this to pass a schema and type:

=C2=A0 {=C2=A0
=C2=A0 =C2=A0 =C2=A0"type": "STATE_SYNC",= =C2=A0
=C2=A0 =C2=A0 =C2=A0"encryptedPsbt": "base64_encrypted_psb= t",=C2=A0
=C2=A0 =C2=A0 =C2=A0"encryptedValidationSchema": "base6= 4_encrypted_btsl_string",=C2=A0 // Optional=C2=A0
=C2=A0 =C2=A0 = =C2=A0"schemaType": "BTSL_V1", // Optional: Identifies the language Or Vers= ion ...=C2=A0
}=C2=A0=C2=A0

Let me kno= w your thoughts,

All the best
Sean Car= lin



On Thursday, 26 Ma= rch 2026 at 14:21:41 UTC Thomas Suau wrote:
Hello,=C2=A0
The transport layer problem= is well addressed here. The complementary piece =E2=80=94 ensuring signers= can independently validate transaction invariants before signing, regardle= ss of how the PSBT was relayed =E2=80=94 is what I've been exploring wi= th BTSL: https://delvingbitcoin.org/t/btsl-bitcoin-transaction-schema-= language-a-declarative-validation-schema-for-psbt-workflows/2338
Best regards,=C2=A0
Thomas Suau

Le mercredi 25 mars= 2026 =C3=A0 13:21:39 UTC+1, Sean Carlin a =C3=A9crit=C2=A0:
Hi everyone,

I'd like to = propose a new BIP for real-time, trust-minimized coordination of multi-sign= ature PSBTs.

The Problem
Coordinating N-of-M Bitcoin transactions= currently forces users into a binary choice:
- Manual out-of-band trans= fers (USB drives, secure messengers) that preserve privacy but introduce hi= gh friction and error risk, or
- Stateful coordination servers that offe= r good UX but act as privacy honeypots, logging metadata, signer relationsh= ips, and often storing PSBTs on disk.

The Proposal: Blind Relay
T= his BIP introduces a "Blind Relay" - an ephemeral, stateless, zer= o-knowledge WebSocket relay. All payloads are encrypted client-side with AE= S-GCM-256, with decryption keys held exclusively in client-side URL fragmen= ts (never sent to the server). The relay operates entirely in RAM with a st= rict 24-hour TTL and self-destructs upon completion, providing real-time co= ordination without persistent metadata or disk storage.

A reference = implementation has been running in production for three months, successfull= y facilitating real multisig ceremonies.

Links
- BIP Draft= : ht= tps://github.com/scarlin90/bip-stateless-psbt-coordination/blob/main/bip-dr= aft.md
- Source Code: https://github.com/scarlin90/signingroom
- Live Client= : https://signingroom.io
- Related Research = Paper: https://arxiv.org/abs/26= 01.17875

I look forward to your technical feedback - especially = on the specification, security model, edge cases, and any suggested improve= ments.

Best regards,
Sean Carlin
<= /div>

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/e501ab92-6911-4437-ac06-d7f547c2190dn%40googlegroups.com.
------=_Part_135553_1766852661.1774540969336-- ------=_Part_135552_931412688.1774540969336--