Safe social recovery eases private key management
Wallet infrastructure provider Safe has collaborated with digital asset bank Sygnum and cryptocurrency recovery group CoinCover, to introduce Safe{RecoveryHub} — a handful of social recovery options for crypto wallets.
Lost or forgotten private keys has left an estimated $1.92 billion worth of ether in the lurch. When a user first signs up for a crypto wallet, they generate a public key — a string of random letters and numbers — with which they can receive crypto, and a private key, used to send or otherwise prove ownership of the tokens by cryptographically signing transactions.
Key management systems in Web3 have very few recovery solutions, meaning that if a user loses their private key, they will no longer be able to access their assets.
“Social recovery” has been the exception. The point is to provide a means to recover a missing private key through “recoverers” such as families, friends and collaborators.
Safe{RecoveryHub} users can provide recoverers access to their accounts only in the event that a recovery is taking place. They will also be able to set up more than one recoverer for added security, similar to how a crypto wallet operate as a 2/3 multisig, for example.
Lukas Schor, the co-founder of Safe told Blockworks that Safe{RecoveryHub} consists of two main components. The first is a Safe module that enables the execution of recovery transactions for the popular multisig solution.
The social recovery process, in this instance, is initiated when a user loses access to their Safe and depends on their previously selected recovery setup option.
“When the user utilizes their own, fully self-custodial setup, they can go through every step of the process through our interface or alternatively fully on-chain today and create the recovery transaction, replacing lost access keys with new keys that the user controls,” Schor said. “When the user chooses a third-party option, then there likely will be some authentication or identification process before the third party will initiate the recovery on behalf of the user.”
Once the recovery transaction is created, the user will have an option to veto the transaction. If they do not do so, then the recovery transaction will be executed and they will be able to generate new owner keys, which will allow them to access their smart accounts again.
Schor notes that the timelock module used for social recovery has been built by the Gnosis Guild, and has been used and in production for multiple years now.
“Only the user, individual or organization, can activate [or] deactivate the module and set the parameters. Only the Safe account can cancel any recovery attempt. Only the set recoverer can initiate a recovery transaction,” Schor said.
Martin Koeppelmann, co-founder of Gnosis, told Blockworks that technology must account for human error, as simple mistakes can have catastrophic consequences.
Safe’s “framework for recovery options is an important step towards further adoption,” Koeppelmann said. “What is equally important is that it’s done in a way so that users don’t have to make compromises about still being in full control of their funds.”
Previous attempts at social recovery
Safe’s is not the first company that has attempted social recovery. Hardware wallet firm Ledger similarly attempted to introduce social recovery earlier this year.
Ledger users had the option to provide KYC information to custodians, and their private keys would be split into three different parts, stored separately on what they said are “cryptographically secure” Hardware Security Modules.
In the case of Safe, a user could choose to trust a custodian or a third party to store their keys, but they also offer the users the choice to store their keys with family members or friends.
Source: Safe
Schor notes that there is no single way to solve the issue of recovery in the Web3 space, and the Safe{RecoveryHub} is just one viable solution.
He adds that there are larger issues around of recovery schemes, such as limitations around privacy, accessibility and availability — particularly for new users.
“From highly heterogeneous use cases like investing, social networking, and gaming to a highly diverse set of users ranging from everyday individuals and professionals to organizations, recovery needs to be able to cater all these different needs,” he said.
This sentiment is shared by Hannes Graah, the founder and builder of the Zeal wallet, who notes that self-custodial arrangements should be easier to use than a normal bank in order to achieve mainstream adoption of cryptocurrencies.
“It’s promising to see Safe’s social recovery initiative consider a wide range of trust models from trusted parties like family and friends to backup devices and not simply assume that everyone has a close circle they can rely on,” Graah said.
Advances around account abstraction
Social recovery is focused on key management and it should not be confused with the wider work that is being done around ERC-4337, or account abstraction.
The purpose of ERC-4337 is to enable a more secure and user-friendly method for managing Ethereum accounts. The model allows users to execute transactions, including smart contract interactions, directly from their wallet. This enhances security and simplifies the process, making Ethereum more accessible and safer to use.
ERC-4337 is more of a stepping stone that can enable tools such as socially recoverable multisigs.
For example, if a wallet holder dies (and therefore their account has been inactive for a set period of time), account abstraction could enable funds to be transferred to a beneficiary automatically.