Your evaluation is right, in that “verified” deterministic signatures obviate the necessity for a protocol like anti-exfil. Nevertheless, the commerce off that anti-exfil makes is that it doesn’t require signing with a number of units earlier than figuring out that the signature doesn’t leak knowledge.
Take into account that with out anti-exfil, you could signal and examine each enter with a number of units earlier than exposing the tx to the community. It isn’t sufficient to carry out this validation after the very fact; by the point you establish that totally different signatures have been produced, sufficient bits of your personal key might have been leaked to permit theft both immediately or by grinding the remaining bits.
Not utilizing anti-exfil signifies that to realize the identical degree of leakage assurance, you could signal each tx with a number of units and confirm the signatures earlier than sending. That is most likely fantastic for an offline vault or chilly storage, however it’s neither sensible nor supported by heat/sizzling wallets for typical ship flows.
Anti-exfil exists to supply assurance for the frequent case of a single signing machine. In case you are ready to signal and examine with a number of units you then seemingly needn’t use it. Like all the things in cryptography there’s a commerce off between comfort and safety; it’s as much as the person to find out the place on that spectrum they really feel snug.
