Capsule uses a recovery mechanism to ensure that wallet access is resilient to events like user device loss. This page explains the recovery mechanisms employed in Capsule's infrastructure.
How Capsule Enables Recovery
Capsule provides a robust recovery mechanism that ensures users maintain access to their funds even in the event of losing access to their device. This is facilitated through a combination of recovery secrets, backup devices, and multi-factor authentication. The recovery flow is managed through Capsule's web application, the Capsule Portal, alleviating the need for individual app developers to implement their own recovery mechanisms. Below are the steps to backup and recover wallet access:
Step 1: Generating Recovery Secrets
When setting up a Capsule wallet, a unique recovery secret is generated. This is shared with the user client-side, with the application given the option to store this secret. This secret is not related to the 2-of-2 MPC scheme and is only used to restore wallet access in the case of device loss or theft. Capsule does not have access to this secret.
Additionally, a copy of the cloud key (k2), is shared with the user in the Capsule Backup Kit. The cloud key is part of the two-key scheme Capsule employs, offering strong censorship resistance and downtime protection.
Step 2: Device Loss or Theft
In case of a lost or stolen device, recovery is possible in many cases. If the user has enabled keychain backup, the key (k1) from the old device can be recovered on a new device. Using this key and the recovery secret, the user can add a new enclave key (r1) to Capsule’s allow list. Otherwise, if the user has their recovery secret, a recovery attempt can be initiated via the Capsule Portal
Step 3: Key Rotation
Upon successful addition of the new enclave key, Capsule prompts the user to perform a key rotation. This process generates an entirely new set of keys, further enhancing the security of the user's account and protecting against any potential unauthorized access to the old keys.
Step 4: Backup Devices
Users have the option of adding backup devices (such as a laptop or smartwatch) during the wallet setup process. If a device is lost, the user can log in from one of these backup devices. From there, they can add new devices and remove the lost ones, ensuring uninterrupted access to their wallet.
Step 5: Recovery with Recovery Key
If the user cannot recover their device key from their KeyChain backup or a secondary device, they can initiate a key rotation using the recovery key. This process is supplemented by performing two-factor authentication (2FA) with their phone number or another multi-factor authentication (MFA) method, ensuring the integrity of the recovery process.
In the future, Capsule may incorporate on-chain attestations of ownership (such as social accounts or phone numbers) to enhance the recovery process. By confirming the user's identity through these attestations, recovery secrets could be provided on-demand, adding another layer of accessibility and security to the user's wallet recovery.
Through these provisions, Capsule's recovery mechanism ensures the safekeeping of the user's assets, providing both recovery and strong protection mechanisms in the event of device loss or theft.