To scan for cash acquired to Bobs silent fee tackle, he wants to make use of his b_scan non-public key for the reason that shared secret is calculated by the sender utilizing a*B_scan.

This query just isn’t about whether or not host wallets / companion apps for {hardware} wallets will make the most of scanning servers or another solution to implement scanning however somewhat how they are going to take care of the non-public key b_scan being required to be “on-line”.

• {hardware} wallets usually don’t help exporting non-public keys (and shouldn’t imo.)
• BIP-352 says that wallets MAY use BIP32 derivation paths however this would possibly not be doable for {hardware} wallets that do not export non-public keys.

How might doable implementations appear like? The host pockets / scanning server might simply compute all A (sender’s public key a1 + a2 + ... + an for n inputs) after which {hardware} wallets might have an API to calculate the shared secret given the A?

Recovering the pockets steadiness from a sure block top (the block top that the {hardware} pockets rolled out silent fee obtain for instance) could be lots of work, and for all subsequent receives the {hardware} pockets additionally must be linked.

Does anybody have an thought how {hardware} wallets might presumably take care of this with out destroying UX / including complexity to the {hardware} pockets firmware?