I posted about SigningRoom, a stateless signing coordinator in January and we got Sean Carlin in the comments clarifying a few details (#1415858).

Here is a much longer treatment of the project and how it works:

Each coordination session begins when the host generates a random 256-bit AES-GCM symmetric key locally in the browser using the standard window.crypto.subtle interface. The key is never transmitted to the server. It is appended to the room URL after a hash symbol, which the browser does not include in HTTP requests. The host shares the link through a separate channel; participants who receive it can decrypt the encrypted payloads that the server relays.

The server itself, implemented as a Cloudflare Durable Object, holds only opaque encrypted blobs in volatile memory. It assigns session identifiers but possesses no decryption capability. On disconnect or after a 24-hour hard timeout, the instance executes a deleteAll() command and is wiped from both RAM and disk. Server logs record bandwidth consumption but no content.

They see this as a fundamental expansion of the permissionless architecture of the internet:

The mechanism is not novel in isolation. URL-fragment key delivery, client-side AES-GCM, and ephemeral WebSocket relays are all established techniques. What is novel is the combination, the production deployment, and the explicit framing of memory itself as the vulnerability.

For Bitcoin specifically, the pattern completes a trinity the paper identifies. Communication was solved in 1989. Value was solved in 2008. Private coordination, on the evidence of the deployment data presented, is now solvable. None of the three requires a custodian. None requires a witness. The combination matters more than the components: it makes a fully non-custodial, fully permissionless, fully unwitnessed transactional infrastructure technically achievable for the first time since the internet opened to the public.