[Rust] descriptor-encrypt: Encrypt any descriptor such that only authorized spenders can decrypt

The descriptor-encrypt library represents an innovative approach to enhancing the privacy and security of Bitcoin wallet descriptors through deterministic encryption. This technology ensures that a descriptor can only be decrypted by a specific set of keys authorized to spend the associated funds, supporting all types of descriptors including those that leverage miniscript. The encryption mirrors the wallet's spending policy, meaning that the same conditions required to spend the funds are needed to decrypt the descriptor. For instance, a 2-of-3 key policy for spending will necessitate exactly two of the three keys for decryption. This feature extends to complex miniscript policies, effectively aligning decryption requirements with spending policies.

Encryption is achieved through a dual-layer process wherein a master encryption key, derived from the wallet descriptor, undergoes sharding via recursive Shamir secret sharing into a structure that reflects the descriptor's own. Each shard is then encrypted according to its corresponding key in the structure. The implementation offers two modes: a default mode where shares are encrypted with Chacha20-Poly1305 and the payload with ChaCha20, and a full-secrecy mode for enhanced privacy, which reverses this encryption approach but at the cost of slower decryption times due to the necessity of trying all possible share and key combinations.

Prior to encryption, descriptors undergo a tag-based variable-length encoding scheme to efficiently manage data storage needs. This process results in splitting the descriptor into a plaintext "template" detailing the structure and a "payload" containing sensitive information, with only the latter being encrypted. Such a method not only facilitates minimal data storage but also supports public backup strategies without disclosing key or balance information, offering benefits like simplified inheritance processes, improved privacy against potential hacks, and support for decoys in security-sensitive scenarios.

Despite its complexities and the computational demand for large descriptors, the library's design as a Rust project makes it adaptable for integration across different platforms and languages. It remains neutral on the storage location of encrypted descriptors, suggesting that public blockchains could serve as viable storage solutions with appropriate indexing mechanisms for recovery purposes. The project has been demonstrated through a command-line tool available in its GitHub repository, alongside a Web Assembly port for browser usage showcased at descriptorencrypt.org.

In aiming for maximum privacy and security, the descriptor-encrypt library offers a comprehensive solution for Bitcoin wallet backups, significantly advancing the conversation around cryptographic privacy in the context of public and potentially insecure storage spaces. Further development and community engagement may lead to formal specifications and broader adoption within cryptocurrency wallets and systems.