Topic: Defeating Rubber-Hose Cryptanalysis (Read 3903 times)

An attacker willing to rubber-hose someone probably plans to kill them in the end one way or another.  So the choice comes down to:

  1) A shorter less painful death with the attacker getting the BTC (or whatever he/she's looking for.)

  2) A longer more painful death with the attacker coming away empty-handed.

A practical advantage of #2 is that there would be more opportunity to convince the attacker that they may be able to end up with something by keeping you alive longer.

The best solution in my mind is to arrange a credible deterrence solution.  Something akin Assange's 'insurance.aes256' file perhaps.  I think that Dr. Strangelove defined deterrence best to my way of thinking:

  "Deterrence is the art of producing in the mind of the enemy... the fear to attack" (55:09)

It goes without saying but it's good to say it.

I think it's less applicable for a company though, or shared assets.

Also, perhaps it's a deterrent. If they cut off one finger and you still can't give them what they want, are they going to cut the rest off? What if they know before all this that you don't have access?

I agree that it might not be a solution, but, like a burglar alarm, it can be a deterrent.

The problem I see with trying to defeat Rubber-Hose Cryptanalysis is that if the attacker is wiling to torture you to get access to your data (this is the premise of this thread), but you cannot give him access, then he might torture you anyway just in case. I would not rely on an attacker being reasonable.

So if you actually are at the mercy of the attacker in such a situation, then it seems you better be able to give the attacker access to your information. That is, unless you would actually prefer to suffer torture or die than give up your data.

You have that working already?

-MarkM-

Why not use a 2-of-3 multisig address?

Suppose you have 2 safety deposit boxes.  Each box has half your key.  That helps solve problem #1.

Suppose you have 3 safety deposit boxes.  Box A and B has half your key.  Box C contains the sum the keys stored in A and B (which are both numbers).  You can recover with any 2 out of 3, because if you lose either A or B, you can recover it by taking C minus whichever one you have.  That helps solve problem #2.

Perfection is impossible but to specifically beat the rubber hose, I like SSSS plus multiple safe deposit boxes. At somewhere between free and $40/yr you can get one at each of your banks.

Interesting thought here, with multisig, it may be secure enough to store your bitcoins on several VPSes. A 5-of-6 address would make it so that 5 different hosts would have to collude or be hacked in order to steal your coins, and gives some insurance against a server going down. Program these servers to send all coins to an address if you do not log in once every certain number of days.

That was the best solution I could come up with.  An attacker could not get they keys out of me because I simply don't know them.  They could escort me to the bank, but that's a risky proposition since I will likely be able to conjure up some help in addition to whatever key material happens to be at that particular locale.

Problems:

 - An attacker could still torture the shit out of me trying to get the keys which I cannot give him/her.

 - An authority could (potentially) raid my safe deposit box and deny me the information I might have stored there.

One way or another, an attacker should hope they get all of my BTC (which is somewhat unlikely) because whatever I have left would be dedicated to extracting revenge.  I cannot honestly say that I have in place a solution to effect this outcome in the event of my being no longer among the living, but it's something I've mused about.

What are your basest desires and are you doing them now? If not, why not?

This is one of my favorite trolls ever.

I'm more concerned about Devil's Breath (scopolamine) that cause you to willingly give up your brain wallet. There must be a way to defeat the state of mind it puts you in with a brain wallet device you won't recall while drugged.

Are you being encouraged to meet your highest potential? If so, why would you engage in mind numbing and boring activities that do not provide any longterm fulfillment?

Establish a resource based economy that provides all people with their basic needs, allows for a safe and high standard of living and encourages all people to meet their highest potential. No longer need to protect or hide irrelevant money.

There a lot of good ideas here but they seem a bit hard work for the average person, especially if you're trying to avoid keyloggers. Truecrypt and deniability is a good step but you might cave under pressure.

I'd like to see the ability to use one time paper passwords and Google Authenticator as a second factor. You can already do this at blockchain mywallet.

SSSS sounds good. I guess that is 2x better than splitting the key in half between 2+ people?

I guess time delay could be done by block discovery.

Open-Transactions is intended exactly for this situation afaik.

Offline wallets sound great for this problem but they're stuck in set amounts. I guess you could always make a lot of small offline wallets... I wonder if subdivisions are possible mathematically via a third party in the calculation. That is, you could have another p2p system for subdivisions i.e. trading Bitcoin for 2 Litecoin keys in a p2p way...

nLockTime sounds interesting. Kinda treads on OpenTransaction's toes a bit but I really didn't know we had that - good news

"Imagine that you open an account on a website (eg, a forum or wiki) and wish to establish your trustworthiness with the operators, but you don't have any pre-existing reputation to leverage. One solution is to buy trust by paying the website some money. But if at some point you close your account, you'd probably like that money back"

^ why not have this on direct exchange networks? hmm... I guess it's a form of debt though which is exactly what Bitcoin is against... ?

What about writing down the secret (with archival quality materials) and storing it in a safe deposit box?

nLockTime should handle this: https://en.bitcoin.it/wiki/Contracts

Have You ever tried to change time in BIOS?

Probably best hardware against rubber-hose cryptanalysis is a AK-74 and RGD grenade.

Safes have time controls where only certain times of day you can open it.

Same could be done for a wallet.

A hardware problem can be solved with a hardware solution and I believe there's an invention that deals with the problem presented in the OP..

Just use one of these:


... and don't let them catch you. I believe it's also possible to hire people who will carry those for you and protect you if necessary.