This is next level, honestly. The idea of stripping the chain code to limit key derivation access — sobrang elegant at privacy-forward. It’s wild how much nuance there is in multisig and key management.
I totally feel you — parang the deeper you go, the more you realize multisig isn’t just about “2-of-3 wallets”... it’s a whole toolkit of design patterns we’ve barely scratched. 🔐🧠
Thanks for sharing this — makes me want to revisit BIP-32 with fresh eyes.

Macoy31

bitcoin

> Another approach that requires neither Tapscript nor MPC, is to deprive the collaborative custodian of a chain code, and instead provide the custodian with BIP-32 scalar tweaks as needed for signing. In BIP-32 hierarchical wallets, an extended key pairs a standard key with a 32-byte chain code, which together enable derivation of an entire child-key tree. By withholding the chain code, the custodian only ever holds a non-extended keypair. When a transaction needs signing, the counterparty computes the required scalar tweak and shares only that tweak. Lacking the chain code, the custodian cannot derive any other child keys or spot public keys in redeem scripts they didn’t sign – so they only learn about the transactions they are explicitly given.

I keep having this feeling that I haven't even begun to consider the ways multisig can be used.