Overview

Invented by Dr. Leemon Baird, Decentralized Recovery (DeRec) is a novel method that safeguards a user’s secrets in a way that they can be recovered in case the user loses the original copy of the secrets. A DeRec application on a user’s device creates an encrypted vault of their secrets, creates cryptographic fragments of the encryption keys, and distributes those fragments to their helpers. Helpers are trusted individuals or organizations who store these fragments on their devices securely. The DeRec app contacts all the helpers periodically (typically, once a day) to make sure that the helpers still have the fragments safely stored. If the user loses their secrets, say because they lost the device on which their secrets were stored, they only need to contact half of their original helpers and retrieve the previously stored fragments from them. Upon receiving these fragments, they are cryptographically combined to reconstruct the original encryption keys to the user’s vault, thereby restoring all secrets that were lost. To ensure the safety of a user’s fragments with their helpers, the DeRec app periodically contacts the helpers to verify their continued storage. The DeRec protocol and application are designed such that a layperson can use this application safely without being crypto-savvy or a technical expert. 

 

Details

Imagine Alex, a layperson interested in securing their private keys for various ledgers like Hedera, Bitcoin, or Ethereum. Or, they could have a set of passwords for various websites that they want to store privately on their phone. Let’s call this set of secrets a “vault”. Alex could store that vault on their device today. However, the concern arises: What if Alex loses their phone? How will they get those secrets back?

 

To ensure that they can have access to the secrets if they lose their device, Alex will need to make backup copies of their vault and store them somewhere else. But securing multiple copies of the vault is hard as well. What if somebody else gets access to a backup copy? Further, keeping backup copies up-to-date whenever they change the contents of the vault is difficult.

 

Decentralized recovery addresses this problem by encrypting the vault on Alex’s phone and then creating cryptographic shares of the encryption keys. Alex selects a few of their friends or other trusted parties as their helpers. These cryptographic shares, along with the encrypted vault, are automatically sent by the DeRec app to Alex’s helpers. The security lies in the fact that the helpers cannot decrypt Alex’s vault. If less than half of Alex’s helpers were to collude, the helpers would still be unable to access the vault. After the distribution of cryptographic shares, the DeRec app establishes a protocol with the helpers to ensure the proper storage of the shares. 

 

If Alex were to lose their device, they can simply get a new device and install the DeRec application on it. They can then contact half of their original helpers to retrieve the previously stored cryptographic shares and encrypted vault from them. The DeRec app automatically reconstructs the encryption key using these fragments, granting Alex access to their original vault contents.

 

Other Approaches

Alternative approaches to address this problem exist, such as social recovery, primarily used for securing Ethereum wallets. In social recovery, multiple “guardians” secure a signing key for transaction approval. If the user loses their key, they can seek assistance from their guardians to change it. To achieve this, each guardian must log on to some webpage and sign the user’s recovery request to approve it. However, this approach has certain limitations and potential security risks. 

 

Decentralized recovery presents a more secure and versatile alternative to social recovery. 

 

Security Comparisons 

Using social recovery, when a user needs to recover their signing key, the guardians must sign a special transaction to approve recovery. Once this is executed, the majority of the user’s guardians’ information is revealed to the world. Anyone who views the transaction on the blockchain will be able to see that a user with address x was using social recovery, and just recovered their signing key with help from guardians whose addresses are also revealed. This information leakage can paint a target on both the user’s and the guardian’s backs and make them vulnerable to social engineering attacks. 

 

Technical Comparisons

Social recovery is limited to securing keys on the Ethereum network. Decentralized recovery can be used as a wallet to protect keys on any network, and can also be used to protect more than just keys (e.g. passwords, mnemonic phrases, photos, notes). This versatility enables a wide range of use cases and ensures comprehensive asset protection. 

 

Further, social recovery requires that a user and their guardians should have an ENS name or an ETH address. In addition, social recovery recommends that the users and guardians are technically competent. This requirement poses challenges for everyday users unfamiliar with cryptocurrencies or blockchain technology. Decentralized recovery can be used by anybody who can operate a phone, without advanced blockchain knowledge. Users must only know what they want to protect and who they trust to help them recover should they lose their device. Decentralized recovery was designed to allow someone with minimal knowledge about blockchain or cryptography to protect their secrets, whether the secrets are passwords they tend to forget or photos that they want to keep safe. All they need to remember to recover their secrets are half of their helpers.