MIME-Version: 1.0
References: <4E84E4B0-7354-4681-985F-3DBFAA4E856F@astrotown.de>
In-Reply-To: <4E84E4B0-7354-4681-985F-3DBFAA4E856F@astrotown.de>
From: Bryan Bishop <kanzure@gmail.com>
Date: Fri, 4 Oct 2019 05:02:59 -0500
Message-ID: <CABaSBayF+nq+MdK3TY4_0Wkgn4qNMAWJub+q8e9amuig6gRE0Q@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
	Bryan Bishop <kanzure@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000004c0557059412cff4"
Subject: Re: [bitcoin-dev] ChainWallet - A way to prevent loss of funds by
 physical violence
Precedence: list

--0000000000004c0557059412cff4
Content-Type: text/plain; charset="UTF-8"

Since the user can't prove that they are using this technique, or
petertodd's timelock encryption for that matter, an attacker has little
incentive to stop physically attacking until they have a spendable UTXO.

I believe you can get the same effect with on-chain timelocks, or
delete-the-bits plus a rangeproof and a zero-knowledge proof that the
rangeproof corresponds to some secret that can be used to derive the
expected public key. I think Jeremy Rubin had an idea for such a proof.

Also, adam3us has described a similar thought here:
https://bitcointalk.org/index.php?topic=311000.0

- Bryan

On Fri, Oct 4, 2019, 4:43 AM Saulo Fonseca via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi everyone
>
> If you are a hodler, I like to propose the creation of a key stretching as
> a new layer of protection over your current wallet.
>

--0000000000004c0557059412cff4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div>Since the user can&#39;t prove that they are using t=
his technique, or petertodd&#39;s timelock encryption for that matter, an a=
ttacker has little incentive to stop physically attacking until they have a=
 spendable UTXO.</div><div dir=3D"auto"><br></div><div dir=3D"auto">I belie=
ve you can get the same effect with on-chain timelocks, or delete-the-bits =
plus a rangeproof and a zero-knowledge proof that the rangeproof correspond=
s to some secret that can be used to derive the expected public key. I thin=
k Jeremy Rubin had an idea for such a proof.</div><div dir=3D"auto"><br></d=
iv><div dir=3D"auto">Also, adam3us has described a similar thought here:</d=
iv><div dir=3D"auto"><a href=3D"https://bitcointalk.org/index.php?topic=3D3=
11000.0" target=3D"_blank" rel=3D"noreferrer">https://bitcointalk.org/index=
.php?topic=3D311000.0</a><br></div><div dir=3D"auto"><br></div><div dir=3D"=
auto">- Bryan<br><br><div class=3D"gmail_quote" dir=3D"auto"><div dir=3D"lt=
r" class=3D"gmail_attr">On Fri, Oct 4, 2019, 4:43 AM Saulo Fonseca via bitc=
oin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" rel=3D=
"noreferrer noreferrer" target=3D"_blank">bitcoin-dev@lists.linuxfoundation=
.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D"w=
ord-wrap:break-word;line-break:after-white-space"><div><div>Hi everyone</di=
v><div><br></div><div>If you are a hodler,=C2=A0I like to propose the creat=
ion of a key stretching as a new layer of protection over your current wall=
et.</div></div></div>
</blockquote></div></div></div>

--0000000000004c0557059412cff4--