[Rust] descriptor-encrypt: Encrypt any descriptor such that only authorized spenders can decrypt

This library allows for deterministic encryption of any wallet descriptor so that only a predefined set of keys, which are authorized to spend the funds, can decrypt it. The library supports all types of descriptors and miniscript, ensuring that no information about key inclusion is revealed unless enough keys are present for complete decryption. It employs a tag-based variable-length encoding scheme to optimize data storage efficiency. This project builds upon a prior proof-of-concept focusing on non-taproot multisigs, with a significant enhancement in supporting a broader range of wallet configurations.

The core functionality of this library mirrors the spending policy of the wallet descriptor it encrypts. For instance, if a wallet's spending protocol requires 2-of-3 keys, the decryption process will necessitate the same. The encryption process adapts to complex miniscript policies as well, ensuring that the encryption structure parallels the original spending requirements, including conditions like timelocks and hash-locks. Encryption is achieved through a master key, deterministically derived from the descriptor, which is then sharded using Shamir secret sharing into a tree-like structure matching the descriptor's layout. The default encryption mode uses Chacha20-Poly1305 for shares and ChaCha20 for the payload, balancing speed with privacy. However, a full-secrecy mode offers enhanced privacy by revealing no information about key inclusion unless full decryption occurs, albeit at the expense of slower decryption speeds for large descriptor setups.

Before encryption, descriptors undergo a tag-based encoding process to separate the structure (template) from the sensitive data (payload), allowing users to understand the necessary keys and recovery processes without exposing critical information. This method substantially reduces the data footprint of encrypted backups, making public storage on blockchains or social media more viable while enhancing privacy and security.

The utility of storing encrypted backups publicly is underscored by several benefits, such as simplifying inheritance procedures, improving privacy against potential attackers, and supporting decoy strategies to protect against targeted thefts. The compact nature of the encoded and encrypted descriptors also promises cost-effective storage on the Bitcoin blockchain, especially with potential future developments like the taproot annex.

Included within the communication is a link to a GitHub repository that hosts a command-line tool for local library execution, alongside a browser-compatible version utilizing Web Assembly available for demonstration at descriptorencrypt.org. The ongoing development and potential formal specification of this library aim to provide a robust foundation for secure descriptor encryption and storage, catering to the privacy and security needs of Bitcoin wallet users. Further documentation and insights into the library's capabilities and implementation details are accessible through its documentation.