Add Keystone 3 Pro to wallet list

[solariyoung]

This PR adds Keystone 3 Pro to the wallet list.

Hardware features: open source firmware, air-gapped signing via QR codes, and a touchscreen interface.

The BTC-only firmware is intended for minimized-trust Bitcoin workflows. Supports PSBT-based transaction workflows and can be used with compatible Bitcoin wallets such as Sparrow Wallet

Independent security audit reports are publicly available from SlowMist and KeyLabs:

• https://github.com/slowmist/Knowledge-Base/blob/master/open-report-V2/blockchain-application/SlowMist%20Audit%20Report%20-%20Keystone3_en-us.pdf
• https://github.com/keylabsio/audits/blob/main/2023-11-keystone3.pdf

WalletScrutiny:

• https://walletscrutiny.com/hardware/keystone3/

[devdavidejesus]

Hi @solariyoung! The Travis CI build failed because the wallet description is too long. The current limit for en.yml is 320 characters.

docs/managing-wallets.md

[solariyoung]

@devdavidejesus I shortened the wallet description and reran the validation check. Everything looks good now.

[crwatkins]

@solariyoung Thanks for the submission!

My understanding is that the QR code module runs on the main MCU and is not open source. Is that correct? It is required that all MCU firmware be open source for listing.

[devdavidejesus]

@solariyoung ?

[solariyoung]

MH1903_QRDecodeLib.a is shipped as a precompiled binary due to intellectual property restrictions from the MCU vendor. As noted in the firmware README, the MH1903 library cannot be distributed in source form.

A few points on the scope of this binary:

• Single purpose. Only this one library from the MH1903 SDK is used. Its sole function is QR image decoding: it takes camera frames as input and outputs raw bytes. This library provides the hardware-accelerated decoding that makes scanning continuous frames rapid and reliable. No business logic, key material, or signing operations pass through it.

• All downstream logic is open source. Once the raw bytes leave the decoder, every subsequent step (PSBT parsing, transaction construction, signing) is handled entirely by open-source code.

• Communication is independently verifiable. QR-based communication follows the open Blockchain Commons UR specification (BCR-2020-005), an open standard built on CBOR widely adopted across the Bitcoin wallet ecosystem. Because the data format is fully specified and open, any standard UR-capable tool can decode and inspect what is being transmitted.

Happy to provide further clarification if needed. @crwatkins @devdavidejesus

[crwatkins]

The requirement for listing is full public source, so I personally won’t be able to perform a further review. Since the Keystone 3 Pro website claims “100% Open Source” I had hoped that criteria could be met. There are some closed source deviations allowed for closed source secure elements that have a defined trust boundary. Code that runs on the MCU in the same address space does not have such a trust boundary. Everyone is always welcome to propose changes to the listing criteria in the form of PRs, but be aware in the past the community has been fairly adamant about the public source requirements.