I have a question (to devs or anyone else):
I read trezor uses
RFC6979 deterministic ecdsa signatures to prevent leaking of seed or any other private data through the "random" number used in non-deterministic signatures. I read that
hereIs there an easy way to check wether this is true by looking at a transaction signed by trezor?
The answer to your question is NO. There is no simple way to chech this. There is a difficult way to test that in your particular test scenario RFC6979 is used. There is virtually no way to actually check/prove that this happens in all cases. You can prove that the code that is in trezor git repository uses this RFC, but you have to trust devs that the device is running unmodified code.
Any wallet, hardware or software, can be malitious and can have backdoors. In the end you have to trust someone and Trezor devs can be trusted in my opinion more than some random guys that appear out of nowhere with their ultra cool android wallets.
The way you can test this RFC is used:
1. Reconstruct private keys from the trezor seed (using wallet32 or some other software).
2. Sign any transaction using Trezor.
3. Do a lot of math or coding to check that the signature was made using deterministic k.
Or just trust what the readme says...