This journey started ~18 months ago when I re-read the "Concurrently Secure Blind Schnorr Signatures" paper at https://eprint.iacr.org/2022/1676.pdf and the blinded 2-party MuSig2 thread at https://gnusha.org/pi/bitcoindev/CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com/ - trying to make sense of how we could leverage the techniques discussed to offer users better privacy than what's currently available with the blinded xpub ECDSA model we'd been beta testing. It took a *lot* of trial-and-error experimentation but I think we've cracked it: we represent signing policies in a boolean abstract syntax tree, merkle-ize the tree into individual clauses, and at signing time have user's generate ZKP's proving a PSBT matches a signing clause (along with a ton of other stuff - read the FAQ on our main page and our GitHub bug tracker for more details https://github.com/arbedout/sigbash_v2).

I'm excited for Bitcoiners to test this out and kick the tires on it. We need as much real world feedback and eyeballs as possible to make this as useful as it can be. If you have feature requests, or find any bugs, or just general feedback, feel free to reach out to me via DM, at support [at sigbash.com, or open an issue on the bug tracker.