pull down to refresh

21 sats \ 1 reply \ @Signal312 10h \ parent \ on: Boomerang: Bitcoin Cold Storage With Built-in Coercion Resistance bitcoin

Honestly, I don't think this helps us work through the complexity. This might be great but it's still very hard to visualize and understand.

Maybe do some work simplifying it to get people interested.

write
preview
0 sats \ 0 replies \ @bitryonix OP 7h

My bad @Signal312. Let me put all technicalities aside.

  1. Imagine an enterprise holding significant Bitcoin reserves. Even with best-practice operational security, ultimate signing authority typically concentrates in a small group, for example, five senior managers controlling core keys.
  2. That concentration creates a high-value human attack surface. Those individuals become prime targets for coercion attacks such as kidnapping, extortion, or physical threats, so-called “wrench attacks.”
  3. A critical but often overlooked assumption behind coercion attacks is predictability. The attacker expects a clear, bounded path to success: force the key holders to sign a transaction and receive funds within a known timeframe. Traditional signing is deterministic; once coerced, the outcome is immediate.
  4. Boomerang breaks this predictability. Signing is intentionally non-deterministic. Each signing key is a MuSig2 aggregate of two components: a conventional key and a hardware-sealed key embedded in a secure device. The sealed key is non-extractable and will only participate in signing after a multi-party verification protocol of unpredictable duration completes.
  5. During this protocol, all key holders must repeatedly confirm transaction intent and indicate whether they are acting under duress. Independent external verifiers confirm system integrity and ensure duress signals are properly transmitted and acknowledged. If any required confirmation fails, signing halts.
  6. Neither the key holders nor an attacker can determine exactly how long the withdrawal process will take. The delay is bounded but intentionally uncertain. Crucially, duress signaling is indistinguishable from normal protocol traffic to an attacker, and withholding responses prevents completion.
  7. The practical effect is that a coerced withdrawal becomes unreliable, slow, and risky from the attacker’s perspective, potentially taking weeks or months, undermining the core incentive behind coercion.
  8. Boomerang is not intended for everyday liquidity operations. It is designed as a strategic cold-storage layer for extreme threat scenarios; a defensive fallback when compromise, intrusion, or coercion risk is suspected.
  9. It is particularly well suited for low-velocity reserves: funds that do not require rapid access but demand maximum protection against physical or social attacks.

Note: The full protocol includes additional safeguards and edge-case handling not covered in this high-level overview.

reply