Your evaluation is right, in that “verified” deterministic signatures obviate the necessity for a protocol like anti-exfil. Nevertheless, the commerce off that anti-exfil makes is that it doesn’t require signing with a number of units earlier than figuring out that the signature doesn’t leak knowledge.
Contemplate that with out anti-exfil, it’s essential to signal and test each enter with a number of units earlier than exposing the tx to the community. It’s not sufficient to carry out this validation after the very fact; by the point you establish that completely different signatures have been produced, sufficient bits of your non-public key could have been leaked to permit theft both immediately or by grinding the remaining bits.
Not utilizing anti-exfil implies that to realize the identical stage of leakage assurance, it’s essential to signal each tx with a number of units and confirm the signatures earlier than sending. That is most likely wonderful for an offline vault or chilly storage, however it’s neither sensible nor supported by heat/scorching wallets for typical ship flows.
Anti-exfil exists to supply assurance for the frequent case of a single signing gadget. In case you are ready to signal and examine with a number of units then you definitely probably need not use it. Like the whole lot in cryptography there’s a commerce off between comfort and safety; it’s as much as the person to find out the place on that spectrum they really feel comfy.
