Keeping custody of your own cryptocurrency is quite complex, especially for non-tech savvy users. Most wallets require the user to write down the private key before accessing the wallet. Storing the key can be done by simply writing it down on a piece of paper, a method that is prone to failure through the loss, theft or degradation of the paper.
When Peter Schiff claimed that his wallet lost his Bitcoin, many in the crypto community were skeptical. While some believe that Schiff simply lost his password, others, like Ethereum co-founder Vitalik Buterin, highlighted that losing private keys remains an important issue for cryptocurrency users.
Using hardware wallets or encrypted digital backups is an alternative, but requires a degree of preparation and technical knowledge that many casual users may find too much to grasp.
In response to Peter Schiff’s loss, Binance CEO Changpeng Zhao argued that storing coins on centralized custodians is safer for most users.
Nevertheless, this inherently goes against the principles of decentralization in the crypto community. Some members pointed to alternative methods developed on Ethereum as a potential solution.
As an alternative to complex storing solutions, the concept behind social recovery is to grant friends, family or even companies the right to restore access to a certain account.
The person losing access to his wallet would be able to call upon “guardians”, pre-selected entities that are authorized to re-assign control of the specific account.
Argent wallet is currently a live implementation of this idea. A user can set other Argent users or even other wallets owned by him as guardians. By default, however, the guardian is Argent itself, using the person’s email and phone as an identity guarantee. Without other guardians this recovery method cannot be removed.
A slightly different method is offered by Ethereum Improvement Proposal (EIP) 2429, developed by Ricardo Guilherme Schmidt and others.
Elaborating on the social recovery concept, it introduces “user secrets” – personal data such as biometrics from fingerprint scanners, a password, or personal information provided in a questionnaire.
This information must then be provided during the recovery process, ensuring that guardians cannot simply collude to steal the user’s wallet. Additionally, the list of guardians is never revealed until the actual recovery procedure is activated.
However, this is still a proposal under development subject to change.
Criticism of social recovery
A commonly cited drawback of social recovery is the reintroduction of trust – this time in friends rather than centralized entities.
Cointelegraph approached Schmidt for clarifications on the EIP. While agreeing that the system isn’t perfect, he maintained that the proposed system is far more trustless than simpler implementations:
“Social recovery is fundamental for adoption, it brings a web2 experience to self sovereign accounts.
The drawback is having to trust others, however EIP 2429 solves the problems of trusting guardians, so we are again in a trustless system, which is what we all love in Ethereum.”
Elaborating further, Schmidt criticized open multi-signature implementations such as Argent’s for their failure to mitigate collusion. He still believes that they have a place in a setting where extreme transparency is warranted, such as holding public funds.
Itamar Lesuisse, CEO of Argent, clarified to Cointelegraph that calling its system social recovery is misleading, as it “implies people always have to be involved.” He explained:
“So the method is secure, and literally anyone with a smartphone can use it. Another advantage of this approach is that you can use these trusted entities to protect your wallet beyond just recovery. With Argent you can use them to lock your wallet and approve a large transfer.”
Lesuisse also welcomed the development of EIP 2429, noting that “it improves privacy in the scenario where users choose friends and family as trusted entities.”
Nevertheless, Schmidt conceded that the EIP is not immune to guardians extorting the user to gain access to the wallet, called a “griefing attack” in technical terms. He envisioned this being used in a positive setting, with a guardian company identifying customers and restoring access for a fee.
Speaking with Cointelegraph, Blockstream CSO Samson Mow criticized Ethereum, noting that the EIP is “largely complexity for the sake of complexity.” He added that social recovery is entirely possible on Bitcoin with existing software, by simply creating a multisig wallet and distributing portions of it to friends.
Nevertheless, Mow is skeptical of the general concept of social password recovery:
“The drawbacks to any social recovery system is really that your social circles change over time, and we live in a universe that tends towards entropy. So, your friends today may no longer be your friends tomorrow, and even if your social circles don’t change, your designated guardian may lose their part of your recovery scheme.“
Mow still considers the ability to recover private keys as important, though he referred to hard metal backups – storage devices aimed to be indestructible. According to him, the burden of securing Bitcoin remains with the users:
“The challenge is getting people to understand that they should secure their seed and plan for recovery from day one – social recovery doesn’t help in negating the «Schiff Paradox» (people caring about securing their Bitcoin after it’s too late) any more than metal backups do.”
Since the early days of Bitcoin, Keybase has offered a private key generation service based on a user’s password and email.
Torus allows users to create Ethereum wallets by logging in with their Google or Facebook accounts. The private key becomes uniquely-associated with that account through some fairly complex assignment mechanisms.
As Schmidt explained, however, solutions based purely on personal secrets are extremely difficult to secure:
“In Web2 is safe to have a 8 password, because the authenticating server will block bruteforce attempts … None of this is possible in blockchain, and using an 8 digit password as seed phrase, is probably an instant loss of funds, because is very likely that low entropy addresses are being constantly monitored.”