Create a specification for a revocation system

[schancel]

Story:
As a user, when, and if, my computer gets a trojan horse which compromises my hot-wallet's private key, I want to be able to revoke it and indicate to start using a new key to my friends.

Exit Criteria:
There is a cryptographically secure, trustless way, to designate that a new key should be used.

Impact:
Cryptocurrencies would finally have a reliable way to trustlessly rotate keys out.

Thoughts:
This could involve a 3rd party service, or the metadata could indicate a revocation key. However, there needs to be a way to reasonably prevent the revocation key from not being advertised anymore for future users, by someone who now controls the original key.

Probably worthwhile to investigate existing PKI infrastructure for revocation keys. My understanding is that you should generate them at key creation time, and hide them. This user experience may be to crappy to be used. It might be better to delegate revocation via zero-knowledge to revocation service provider(s) (e.g. Construct an ephemeral key out of their pubkey, and if they sign it with their private key then anyone can verify that by revealing your private key and the signature they've revoked your key. This way the service does not know you've delegated to them until after they've signed your old pubkey).