DeRec protects
your
keys passwords notes photos secrets

Secure your secrets with Decentralized Recovery

DeRec-Icon-1

What is Decentralized Recovery (DeRec)?

In order for the blockchain/DLT industry to go mainstream, it needs a safety net for users. It must be easy for a layperson to make sure they will never lose their keys, wallets, identities, or passwords.

What makes DeRec different?

It doesn't need multisig

It can even protect an account with a single key.

It ensures privacy

Hides how many helpers you have, and who they are, and what their keys are.

It can be used to protect anything digital

Keys, passwords, combinations, identities, wallets… anything digital.

It checks helpers daily

Every day, your device automatically and invisibly contacts each helper’s device, and checks whether they still have their share of your secret. This ensures you can always recover a lost secret by having half the helpers cooperate.

It automatically rebalances

If you have 10 helpers and add a new one, then all the helpers automatically replace their one-tenth share of the secret with a one-eleventh share. And if a helper doesn’t respond for too many days in a row, and the user doesn’t respond to notification, then the other helpers automatically replace their one-tenth share with a one-ninth share.

It is cross-platform, cross-ledger, cross-blockchain, cross-app

The proposed draft RFC internet standard lets you have helpers from any community, using any app that supports it, not limited to any single program or blockchain or use case.
DeRec-Icon-2

Embrace the future with DeRec

Where peace of mind and effortless recovery go hand in hand.

Blogs

Cardano Developer Input | Output and Hedera Join the DeRec Alliance as Final Founding Members, Alongside Algorand Foundation, Hashgraph, Ripple, and XRPL Labs

Research and engineering company & Cardano developer Input | Output, and Hedera, the open source, leaderless proof-of-stake network, have joined Algorand Foundation, Hashgraph (formerly Swirlds Labs), Ripple, and XRPL Labs, as the final Founding Members of the Decentralized Recovery (DeRec) Alliance, with two-year seats on the Technical Oversight Committee (TOC). DLT Science Foundation, Hashpack, Oasis Protocol Foundation, and Palisade…

Read More »

Hedera and Algorand Ecosystems Join Forces to Form DeRec Alliance, Enabling Mass Market Decentralized Recovery

Entities from across the Hedera and Algorand ecosystems, including the HBAR Foundation, Algorand Foundation, the Hashgraph Association, Swirlds Labs, the DLT Science Foundation, and industry partners The Building Blocks and BankSocial, are partnering to develop a new interoperability recovery standard which will dramatically simplify the recovery and adoption…

Read More »

What is Decentralized Recovery?

Invented by Dr. Leemon Baird, Decentralized Recovery (DeRec) is a novel method that safeguards a user’s secrets in a way that they can be recovered in case the user loses the original copy of the secrets. A DeRec application on a user’s device creates an encrypted vault of their secrets, creates cryptographic fragments of the encryption keys, and distributes those…

Read More »

Featured Content

GitHub Repository

We have open sourced the protocol, protobufs, cryptography, and Java API for the community to build upon.

Frequently Asked Questions

The DeRec library is designed to be versatile, allowing it to protect various types of information such as cryptographic keys, photos, notes, identity credentials, and passwords. The DeRec API contains a concept called a lockbox, which represents the generic container in which secrets are stored. To enable their users to safeguard password data using decentralized recovery protocols, password managers need to integrate the DeRec API into their applications.

By incorporating DeRec, password managers can eliminate the vulnerability caused by having a centralized database of users’ passwords, which serves as a single point of failure. This integration allows encrypted fragments of their users’ passwords to be securely stored among their trusted set of helpers, thereby eliminating a single target that attackers can exploit.

Decentralized recovery aims to be a more secure and versatile alternative to social recovery. In social recovery, a smart contract is created which reveals to the world that social recovery is being used, reveals how many helpers exist to help recover, and reveals the public key of each helper. This could aid attackers in targeting the helpers. However, with DeRec, it is impossible for others to determine if someone is using it or discover their set of helpers. Also, social recovery does not check whether helpers have lost their keys. It is possible for the helpers to slowly lose their keys over time, until not enough keys remain to allow recovery. But that won’t be discovered until it’s too late, and the recovery is needed. Decentralized recovery automatically checks with each helper once a day, to ensure that they still have their share of the secret. If they fail to answer for too many days in a row, it first alerts the user, and if that doesn’t help, then it automatically redistributes the secret among the remaining helpers. Furthermore, social recovery is restricted to only protecting signing keys on the Ethereum network, and requires users to possess a certain level of a priori cryptography and blockchain knowledge. In contrast, decentralized recovery provides solutions for protecting various types of data, including keys for any blockchain or ledger, passwords, photos, notes, identity credentials, and cryptographic keys, without requiring an extensive understanding of cryptography or blockchain. This makes decentralized recovery more user-friendly and adaptable to diverse use cases. In-depth knowledge can be found here.
The DeRec protocol allows users to freely choose their set of helpers, without any requirement for DeRec Alliance Members to be involved. In the future, institutions and organizations may offer Helper-as-a-Service, providing a trustworthy helper solution. If DeRec Alliance Members offer such a service, they would hold a share of a user’s encrypted data only if the user opts to use their service. Ultimately, it is up to each individual user to decide who assists them, whether it be friends, family, organizations, or a combination thereof.

ERC-4337 doesn’t specifically mention social recovery, although the community understands social recovery to be one of its features, albeit only for on-chain assets – DeRec is a mechanism to recover secrets of any type, such as passwords or documents. In more detail, ERC-4337 avoids introducing new protocol-level changes to the Ethereum blockchain. Instead, it defines a new higher-level pseudo-transaction called User Operation. End users send these User Operations to a higher-level alt mempool called “User Operations Mempool”. A new class of operators called Bundlers pick up these user operations and submit these to a special contract account through a singleton entry point contract. Lastly, EIP 4337 introduces the concept of Paymasters which can sponsor transactions on a user’s behalf. None of these concepts are directly related to social recovery or decentralized recovery.

Please refer to the FAQ question “How does this compare to social recovery on Ethereum?“ to understand the differences between social recovery and decentralized recovery.

Founding Members

Alliance Members

Join the DeRec Alliance