Decentralized Private Key Backup and Recovery System

  1. User private key is encrypted with a user password provided;
  2. Resulted encrypted string is split into two halves;
  3. Each half is double encrypted by separate shared secret key for recipient guardian;
  4. Shared secret is created by combining user FIO private key with guardian FIO public key;
  5. The resulted encrypted content is sent in FIO request to the guardian address;
  6. User submits his email as off-chain communication channel for key recovery protocol;
  7. Guardian is only able to decrypt his half by using shared secret key of combination of his FIO private key with sender FIO public key;
  8. Guardian never has access to user’s entire private key (even in encrypted form).

Recovery mechanism:

  1. User contacts each guardian by email or other channels with request to initiate key recovery;
  2. Depending on each guardian recovery policy he may request registered email confirmation and transaction from associated blockchain account, which may serve as recovery fee;
  3. In cases when user selects guardians from his social circles — verification step can be simplified and recovery fees waived;
  4. After confirmation each guardian provides to user decrypted content of FIO Request;
  5. User will need to combine two halves provided by each guardian into one string and decrypt it using password only user knows;
  6. At the end user receives plain text private key he can re-import and use in any wallet.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eugene Luzgin

Eugene Luzgin

Software technology leader and problem solver with diverse track record in software industry roles ranging from individual contributor to a startup founder.