Time locked cryptography using Bitcoin difficulty param and/or smart contract?

Question

Outcome: Create a message with a count down timer. Once a top level password is entered, a countdown timer starts. Once timer expires, the message is decrypted.

Known methods: Proof of work. User has to use computing power to decrypt the message.

Problem: The computer power will change in the future. I want relatively accurate time lock, now & years from now.

Are these possible solutions…?

Proof of work time lock tied to Bitcoin difficulty: Bitcoin has a reactive difficulty parameter that will reflect current state of processing technology.

Is there anyway to use the Bitcoin difficulty parameter as to make a time locking message with a relatively accurate time lock time, now & in the future?

Smart contract based: A smart contract, that once a first layer password is input, a count down timer starts, based on a time now oracle of some kind. Once expired, the second layer message is decrypted.

A) Are any of these possible?

B) Are there any other existing solutions that would get the desired outcome currently?

**Removing serial hashing burden, but still getting the same benefit: ** When top level password is entered, BTC current block is noted. When BTC block reaches current block + X, 2nd layer message is decrypted.

Possible?

Answer 1

Those are indeed the main known solutions. Note that your solution A has been explored in the cryptographic community, this paper is an example of a theoretical work on the subject, but I think there are others, more practical proposals for using the blockchain as a timer (it was discussed at length in a slightly different context in this recent paper).

Note 1: as far as I know, no such method has yet been evaluated and experimented in practice, yet alone deployed.

Note 2: a small correction to your first item, "proof of work": actually, a proof of work does not suffice here. This is because if the work involved is parallelizable, meaning the work can be divided across many CPUs, then there is no guarantee about the time it takes to complete the task - did the opponent use 1 CPU and time T, or T CPUs and time 1?

The right solution is to use proofs of sequential work, which demonstrate that the prover has executed T steps of a problem which is conjectured to be impossible to parallelize. Many examples exist, based mainly on the conjectured hardness to parallelize modular squaring (given a random $r$ and a modulus $n$, compute $r^{2^T} \bmod n$, where $n$ is an hard-to-factor RSA modulus). Many recent papers have worked on related constructions, e.g. look up "proof of sequential work" or "verifiable delay function".

A byproduct of using proofs of sequential work is that the work cannot be sped up with more CPUs, so the right user will just use a single CPU dedicated to solving it, which makes the work required somewhat less cumbersome (no need to have thousands of computers "farming" the proof).