Since the user can't prove that they are using this technique, or petertodd's timelock encryption for that matter, an attacker has little incentive to stop physically attacking until they have a spendable UTXO.

I believe you can get the same effect with on-chain timelocks, or delete-the-bits plus a rangeproof and a zero-knowledge proof that the rangeproof corresponds to some secret that can be used to derive the expected public key. I think Jeremy Rubin had an idea for such a proof.

Also, adam3us has described a similar thought here:

https://bitcointalk.org/index.php?topic=311000.0

- Bryan

On Fri, Oct 4, 2019, 4:43 AM Saulo Fonseca via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

Hi everyone

If you are a hodler, I like to propose the creation of a key stretching as a new layer of protection over your current wallet.