Interesting. Definitely people have talked about this kind of approach before. A couple Qs: phase1 and phase 2 are disconnected at the network layer, right? so phase 2 A and B send a psbt with their inputs signed, is that right? Yes I think this all makes sense. At phase 3 (network disconnected again right) you're, by ring-signing, asserting you were one of the phase2 participants and that you authorize the use of one of the addresses (it says A' in phase 3 but address is A?) for output. Are you using linkable ring sigs? (to avoid ability to make 2 valid ring sigs on same pubkey). Hmm now I look more carefully I'm not sure I understood the A' vs A distinction, because is Phase 4 for normal operation or fallback? If it's normal operation, what does Phase 1 do?