Russian doll time delay encryption
There is probably an easier way, or somebody else has already come up with this:
I was thinking about a reliable, low trust way of delaying the decryption of a message until a specific time in the future. I call following Matrioshka time delay encryption, or the Russian doll time capsule. There are elaborations, of course, but this is the "simple" form.
Preparation
A trillion public key encryption pairs are generated. Each of the trillion private keys are encrypted with the prior public key, and divided into multiple stores, which are then physically distributed to many different organizations, circumferentially by timezone, around the world. The generation storage is vaporized, the stateless hardware is preserved for forensics.
Deployment
Each private key is decrypted when the prior private key is revealed, and propagates at lightspeed from the prior store in the chain, perhaps 10 milliseconds away. 100 private keys are revealed every second (perhaps 4 circumferential trips around the earth), at a rate limited by physics. If hardware improves, routes straighten, or lower index fiber is used, add some counter delay, but given speed of light limits, delay will not get a lot shorter. If a prior store reveals a millisecond early, add more counter delay at the next store. The system will not be millisecond-accurate, but one second accuracy is likely.
The key hardware is simple, very specific and limited function. It cannot be caused to emit more information than it is physically wired to emit. Someone could physically compromise the enclosed memory, but not access the secrets inside electronically. They could destroy the device but not change it without opening the box. Which should require lots of physical keys.
Lots of elaboration and gingerbread and limited-function application-specific digital hardware to separate control of the keys, maintain physical security and redundancy, etc. No programmable hardware or general purpose CPUs - physical logic encoded in open source silicon, full engineering plans and samples available for teardown and reverse engineering.
300+ years of keys is probably very overoptimistic - all crypto has an expiration date. A really secure message should be encrypted with many different methods. 300 years is also a long time for accident and bitrot - there should be multiple chains extending around the world, crosslinked and webbed together with just enough leakage between them to preserve continuity but not compromise overall security.
Smaller circumference loops with quicker cadences are possible, but there is nothing like physics, international distrust, and a liquid iron planetary core to discourage crosslinks and collusion.
Use
If Jane Q. Public wants a secret revealed in 30 years, she encrypts it with public key number 94,672,800,000 + (current reveal number). Unless all the participants cheat and bring copies of their physical nodes close together, Jane can rely on 30 lightyears of delay (about 3.8 billion trips around the earth) before the appearance of the associated private key.
And why do I want this?
Among other things (many are commercially valuable):
Guatemala has suffered greatly from genocide and internal conflict. Tensions are still subsiding. I would like a trustworthy system for elders to record their memories of La Violencia for posterity, without risking their children should the troubles return. These memories, especially the memories of the perpetrators/participants, should not go the grave unrecorded.
IRA partisans attempted to leave similar records, stored at Boston University with promises of secrecy for life, but UK and US governmental pressure opened the archives and put the partisans in prison. Perhaps they deserved prison, but without their frank testimony, we will not understand their justifications, and we will not learn how to short circuit similar justifications in the future.
I'm sure there are flaws, and over years many opportunities for patient subversion. Real crypto thinkers can pick holes in my untutored approach, and patch them. The core of the idea is using the speed of light around the planet as a clock.