The proposed scheme is fundamentally incompatible with watch-only wallets as the "Receiver" can restore from seed but to calculate c he needs access to his private keys. However, David A. Harding suggested that it is okay to consider requiring interaction with the cold wallet and proposed a recovery procedure from the SNICKER documentation. The set of candidate transactions produced in step #2 can be bundled up and copied to the corresponding cold wallet using the same means used for PSBTs (e.g. USB drive, QR codes, etc). The cold wallet could then perform step #3 using its private keys and return a file/QRcode/whatever to the hot wallet telling it any shared secrets it found. This process may need to be repeated several times if an output created by one SNICKER round is spent in a subsequent SNICKER round.