To scan for coins received to Bobs silent payment address, he needs to use his b_scan private key since the shared secret is calculated by the sender using a*B_scan.
This question is not about whether host wallets / companion apps for hardware wallets will utilize scanning servers or any other way to implement scanning but rather how they will deal with the private key b_scan being required to be “online”.
- hardware wallets generally do not support exporting private keys (and should not imo.)
- BIP-352 says that wallets MAY use BIP32 derivation paths but this won’t be possible for hardware wallets that don’t export private keys.
How could possible implementations look like? The host wallet / scanning server could just compute all A (sender’s public key a1 + a2 + ... + an for n inputs) and then hardware wallets could have an API to calculate the shared secret given the A?
Recovering the wallet balance from a certain block height (the block height that the hardware wallet rolled out silent payment receive for example) would be a lot of work, and for all subsequent receives the hardware wallet also has to be connected.
Does anyone have an idea how hardware wallets could possibly deal with this without destroying UX / adding complexity to the hardware wallet firmware?
