Defeating Rubber-Hose Cryptanalysis

[jago25_98]

 I wonder if there should be a forum dedicated just to security...

I'm sure you're all familiar with


 How to deter?

Idea 1) Steganography

Idea 2) Additional factor: Share the private key between 4 execs. 2 of the group are required to decrypt the code. 4 not 2 in case one of the pair dies.

Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice?

Idea 4) p2p auth. Need a peer to peer network agree and get concensus to decrypt the key.

Idea 5) Deniable encryption. Like carrying 2 wallets, one low value. Can't see this workingm they might be able to tell you are lying.

Idea 6) Do something funny with public key encryption?

Idea 7) Just bury half of the key somewhere awkward to get to. In another country perhaps. If you had a yacht and got captured would this deter or would you really want access to that for a bribe?


Anything else? How to make these things more workable? Is there a way to give a 3rd party access to a wallet in such a way that they can only pay out to an address you hold? That way you could give grandma/wife half the savings and get an allowance so you can't go gambling.

[1713557914]

1713557914

[1713557914]

1713557914

[1713557914]

1713557914

[1713557914]

1713557914

[1713557914]

1713557914

[1713557914]

1713557914

[SuperP]

Idea 2) Additional factor: Share the private key between 4 execs. 2 of the group are required to decrypt the code. 4 not 2 in case one of the pair dies.

Shamir's Secret Sharing Scheme (http://point-at-infinity.org/ssss/) can do this.  You can split the private key into N encrypted secret strings and give them to different people.  The original private key can only be reconstructed if X secrets are combined.

Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice?

The closest thing I can think of to what you describe is having some third party only give you what you ask for at a certain time.

Another option that might be somewhat applicable is Encryption based on Time Reversal Transformations (http://comjnl.oxfordjournals.org/content/32/3/241.full.pdf (Skip to the Discussion section)).  It's where you have some data, apply some rule to it to change it, and do that over and over again for X steps.  There's no easy shortcut to skip steps.  To decrypt it you would have to apply the rules in reverse and go through each step backwards until you got to your original data.  This isn't measured in time exactly, because if you encrypt something on a slow computer, a fast computer would be able to reverse it quicker.

[FreeMoney]

Regulate rubber hoses?

[mb300sd]

Store the private key in a microcontroller that won't release it until a certain time using only the internal oscillator, enable code-protect so it can't be read or reprogrammed. Not 100% secure, but certainly significantly more difficult than any software-only solution to break.

[TangibleCryptography]

On #3 there are timelock encryption algorithms.  Methods that even given the "secret" it will take hours or even years to produce the key.  Most timelock encryption algorithms can be parallized in encrypting but not in decrypting.  So you could create a problem which takes 1 CPU year to complete and then rent 365 Amazon instances and produced the encrypted output for storage in just a day.  However decryption would require 1 CPU year to complete (well maybe single core get a little faster and overlocked so someone can "brute force" it in 6 months).

[nimda]

Cool, SSSS takes BTC donations at 1BWary.

[unicron]

Idea 5) Deniable encryption. Like carrying 2 wallets, one low value. Can't see this workingm they might be able to tell you are lying.

Truecrypt can do this. 

http://www.truecrypt.org/docs/?s=plausible-deniability

See also http://marutukku.org/

[garyrowe]

Some more discussion about this topic here: http://bitcoin.stackexchange.com/questions/517/how-can-a-single-person-operation-keep-a-collection-of-online-wallets-secure

And on the crypto site here: http://crypto.stackexchange.com/questions/746/how-should-one-implement-a-delegated-shared-trust-protocol

[Nefario]

I think SSS with the keys given to individuals spread over a large geographic location (multiple countries), their real identities need to be secret.

In some situations this might result in you getting killed, so you need to have deniable encyption as well.

[EhVedadoOAnonimato]

You forgot an important thing: privacy.

Many of the techniques you mention become useless if your attacker is really evil and knows for sure that you have or control at least X amount of money hidden somewhere. If he also happens to know the habits of your family members, things may get ugly.

[hazek]

A hardware problem can be solved with a hardware solution and I believe there's an invention that deals with the problem presented in the OP..

Just use one of these:


... and don't let them catch you. I believe it's also possible to hire people who will carry those for you and protect you if necessary.

[Elwar]

Safes have time controls where only certain times of day you can open it.

Same could be done for a wallet.

[MysteryMiner]

Safes have time controls where only certain times of day you can open it.

Same could be done for a wallet.

Have You ever tried to change time in BIOS?

Probably best hardware against rubber-hose cryptanalysis is a AK-74 and RGD grenade.

[ben-abuya]

Idea 3) Time based auth. Have a factor that only becomes clear when a certain time happens. Hard to implement in practice? Could it be something such as how light falls on the earth or something stranger? How could this work in practice?

nLockTime should handle this: https://en.bitcoin.it/wiki/Contracts

[Topazan]

What about writing down the secret (with archival quality materials) and storing it in a safe deposit box?

[jago25_98]

There a lot of good ideas here but they seem a bit hard work for the average person, especially if you're trying to avoid keyloggers. Truecrypt and deniability is a good step but you might cave under pressure.

I'd like to see the ability to use one time paper passwords and Google Authenticator as a second factor. You can already do this at blockchain mywallet.

SSSS sounds good. I guess that is 2x better than splitting the key in half between 2+ people?

I guess time delay could be done by block discovery.

Open-Transactions is intended exactly for this situation afaik.

Offline wallets sound great for this problem but they're stuck in set amounts. I guess you could always make a lot of small offline wallets... I wonder if subdivisions are possible mathematically via a third party in the calculation. That is, you could have another p2p system for subdivisions i.e. trading Bitcoin for 2 Litecoin keys in a p2p way...

nLockTime sounds interesting. Kinda treads on OpenTransaction's toes a bit but I really didn't know we had that - good news

"Imagine that you open an account on a website (eg, a forum or wiki) and wish to establish your trustworthiness with the operators, but you don't have any pre-existing reputation to leverage. One solution is to buy trust by paying the website some money. But if at some point you close your account, you'd probably like that money back"

^ why not have this on direct exchange networks? hmm... I guess it's a form of debt though which is exactly what Bitcoin is against... ?

[LightRider]

Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.

[LightRider]

Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.

If my basic needs are met, I'm not going to be meeting my highest potential, I'm going to be fulfilling my basest desires.

Are you being encouraged to meet your highest potential? If so, why would you engage in mind numbing and boring activities that do not provide any longterm fulfillment?

[cbeast]

I'm more concerned about Devil's Breath (scopolamine) that cause you to willingly give up your brain wallet. There must be a way to defeat the state of mind it puts you in with a brain wallet device you won't recall while drugged.

[elena.m]

Regulate rubber hoses?

This is one of my favorite trolls ever.