emino on Nostr: sequenceDiagram actor User as User / Wallet UI participant SECURITYKEY as Biometric ...
sequenceDiagram
actor User as User / Wallet UI
participant SECURITYKEY as Biometric Hardware<br/>(FIDO2 authenticator)
participant ENCLAVE as Secure Enclave<br/>Share A
note right of ENCLAVE: Signing happens securely here,<br/>ensuring no RAM leak.
participant HSM as Cloud HSM<br/>Share B
participant BTC as Bitcoin Network
%% ─── Spend flow ───
User->>SECURITYKEY: 1️⃣ WebAuthn “get assertion” (physical touch)
SECURITYKEY-->>User: hmac-secret + signature
User->>ENCLAVE: 2️⃣ Unlock Share A (using hmac-secret)
ENCLAVE-->>User: Partial Signature A
User->>HSM: 3️⃣ Sign request + Security Key assertion proof
HSM-->>User: Partial Signature B
User->>User: 4️⃣ Combine Sig A + Sig B (FROST threshold)
User->>BTC: 5️⃣ Broadcast Taproot tx
BTC-->>User: Tx confirmed
Note over User,BTC: Full private key is **never reconstructed** Security Key touch and Biometrics is always required.
Published at
2025-05-19 07:50:39 UTCEvent JSON
{
"id": "bad92365b0d1ded08d4ee4ac25287eafd0e3dfd63c22f6a19a34b60110eea032",
"pubkey": "db98e5d20b41aec15fe1ee318870111a1b8669b3a5ce31fd0ee64f8ff3ec6750",
"created_at": 1747641039,
"kind": 1,
"tags": [
[
"r",
"wss://relay.primal.net/"
],
[
"r",
"wss://nos.lol/"
],
[
"r",
"wss://nostr.mom/"
],
[
"r",
"wss://nostr.bitcoiner.social/"
]
],
"content": "sequenceDiagram\n actor User as User / Wallet UI\n participant SECURITYKEY as Biometric Hardware\u003cbr/\u003e(FIDO2 authenticator)\n participant ENCLAVE as Secure Enclave\u003cbr/\u003eShare A\n note right of ENCLAVE: Signing happens securely here,\u003cbr/\u003eensuring no RAM leak.\n participant HSM as Cloud HSM\u003cbr/\u003eShare B\n participant BTC as Bitcoin Network\n\n %% ─── Spend flow ───\n User-\u003e\u003eSECURITYKEY: 1️⃣ WebAuthn “get assertion” (physical touch)\n SECURITYKEY--\u003e\u003eUser: hmac-secret + signature\n\n User-\u003e\u003eENCLAVE: 2️⃣ Unlock Share A (using hmac-secret)\n ENCLAVE--\u003e\u003eUser: Partial Signature A\n\n User-\u003e\u003eHSM: 3️⃣ Sign request + Security Key assertion proof\n HSM--\u003e\u003eUser: Partial Signature B\n\n User-\u003e\u003eUser: 4️⃣ Combine Sig A + Sig B (FROST threshold)\n\n User-\u003e\u003eBTC: 5️⃣ Broadcast Taproot tx\n BTC--\u003e\u003eUser: Tx confirmed\n\n Note over User,BTC: Full private key is **never reconstructed** Security Key touch and Biometrics is always required.",
"sig": "a36414cf2aeeebf439d4f4aeb9f097479c4a720c4fe8547d268831a2430ddbf81a7140f85deaa348578a2c753ffb141415ea02bae55ee11c15cbbfe3c863ea80"
}