Boomerang: Bitcoin Cold Storage with Built-In Duress Protection

Boomerang introduces a novel Bitcoin cold storage protocol aimed at enhancing physical security and resistance to coercion for individuals holding significant Bitcoin assets. This protocol integrates protocol-level duress protection directly into the custody process, making withdrawals intentionally unpredictable. This is achieved without necessitating any modifications to the existing Bitcoin consensus mechanisms. Boomerang is noteworthy for its non-deterministic withdrawal ceremony that diminishes predictability and incorporates duress signaling that is plausibly deniable. This approach adds a layer of uncertainty for potential attackers, improving the chances of survival for holders under coercion attempts. Furthermore, the protocol supports full compatibility with Bitcoin consensus and offers a proof-of-concept implementation in Rust.

The core of Boomerang's design lies in its sophisticated mechanism for securing Bitcoin holdings against duress through a non-deterministic withdrawal process. This process is facilitated by secure hardware and involves an embedded duress signaling system alongside optional "search-and-rescue" escalation features. The protocol utilizes Taproot outputs with two distinct spending paths: a probabilistic path requiring 5-of-5 multisig for enhanced security, and a deterministic path with timelocks as a fallback option. The setup process for Boomerang involves several critical steps, including SAR registration, key generation, parameter agreement, mystery generation, and a detailed backup and synchronization procedure. These steps are designed to ensure a high level of security and operational integrity across all stages of the protocol's use.

Withdrawal under the Boomerang protocol is a complex, multi-phase ceremony that emphasizes unpredictability to thwart coercive efforts effectively. The process begins with initiation and includes a duress check, a "digging game" to reach secret thresholds, and ends with the signing and aggregation of MuSig2 partial signatures. This meticulous procedure aims to prevent any single entity from predicting or manipulating the withdrawal process, thus maintaining the integrity and security of the funds. In scenarios where normal operation is compromised, such as lost hardware, the protocol allows funds to unlock deterministically after certain timelocks, ensuring access to the funds.

For those interested in exploring the technical details or contributing to the development of the Boomerang protocol, resources and documentation are available on GitHub. The design specifications can be found at https://github.com/bitryonix/boomerang_design, while the proof-of-concept implementation in Rust is hosted at https://github.com/bitryonix/boomerang. The creator of Boomerang invites critical reviews, feedback, and collaboration from the community to refine the protocol further, focusing on security analysis, usability enhancements, and guidance for real-world deployment.