Boomerang: Bitcoin Cold Storage with Built-In Coercion Resistance

The Boomerang protocol introduces a sophisticated duress mechanism aimed at enhancing user security during potentially coercive situations, such as being forced to sign a transaction. This system allows users to discreetly signal distress without alerting the attacker, thereby integrating advanced security measures with user safety. Users create and memorize a "consent set" of five countries during the setup process, which plays a central role in the duress checks conducted at critical moments like withdrawals.

The duress system operates by leveraging encrypted communications and a strategic partnership with Search and Rescue (SAR) entities to ensure timely and effective response in case of an emergency. When a user signals duress by deviating from their consent set during a check, the system silently transmits a payload containing encrypted "doxing data" to SAR. This data includes both static information such as name and address, as well as dynamic data like real-time phone location, enabling SAR to locate and initiate rescue operations for the user efficiently.

The core concepts underlying this mechanism include the consent set of countries, country mapping based on a predefined list, and duress checks that involve the user selecting countries from randomly generated lists. These elements are designed to provide robust security features while maintaining plausible deniability for the user under coercion. The probability of an attacker correctly guessing the consent set is exceedingly low, making blind attacks virtually infeasible.

The setup process involves isolated devices and air-gapped communications to securely establish shared encryption keys and record the user's consent set. During runtime, duress checks are triggered by the "Boomlet" (a hardware wallet), which generates random country lists for the user to select from. If the selected countries match the consent set, it indicates no duress; otherwise, a duress signal is sent to SAR along with the doxing_key for decryption and action.

This mechanism is designed to be resistant to various forms of attack, including replay attacks and observation, by ensuring that each duress check uses fresh random lists and that input is hidden from observers. Despite the attacker's potential to capture or observe the user, they cannot break the underlying cryptographic or hardware security, nor can they verify the authenticity of the consent set without risking triggering a duress signal themselves. This ensures that even under duress, the user's actions remain indistinguishable to the attacker, while secretly initiating a rescue operation.