Capsule uses a recovery mechanism to ensure that wallet access is resilient to events like user device loss or even phishing attempts. This page explains the recovery mechanisms employed in Capsule's infrastructure.

How Capsule Enables Recovery

Capsule provides a robust recovery mechanism that ensures users maintain access to their funds even in the event of losing access to their device. This is facilitated through a combination of recovery secrets, backup devices, and multi-factor authentication. The recovery flow is managed through Capsule's web application, the Capsule Portal, alleviating the need for individual app developers to implement their own recovery mechanisms. Below are the steps to backup and recover wallet access:

Step 1: Generating Recovery Secrets

When setting up a Capsule wallet, a unique recovery secret is generated. This is shared with the user client-side, with the application given the option to store this secret. This secret is not related to the 2-of-2 MPC scheme and is only used to restore wallet access in the case of device loss or theft. Capsule does not have access to this secret.

Additionally, a copy of the Cloud Key, is shared with the user in the Capsule Backup Kit. The cloud key is part of the two-key scheme Capsule employs, offering strong censorship resistance and downtime protection.

Step 2: Device Loss or Theft

In case of a lost or stolen device, recovery is possible in most cases. If the user has enabled keychain backup, the key (k1) from the old device can be recovered on a new device. Using this key and the recovery secret, the user can add a new enclave key (r1) to Capsule’s allow list. Otherwise, if the user has their recovery secret, a recovery attempt can be initiated via the Capsule Portal

Step 3: Key Rotation

Upon successful addition of the new enclave key, Capsule prompts the user to perform a key rotation. This process generates an entirely new set of keys, further enhancing the security of the user's account and protecting against any potential unauthorized access to the old keys.

Step 4: Backup Devices

Users have the option of adding backup devices (such as a laptop or smartwatch) during the wallet setup process. If a device is lost, the user can log in from one of these backup devices. From there, they can add new devices and remove the lost ones, ensuring uninterrupted access to their wallet.

Step 5: Recovery with Recovery Key

If the user cannot recover their device key from their KeyChain backup or a secondary device, they can initiate a key rotation using the recovery key. This process is supplemented by performing two-factor authentication (2FA) with their phone number or another multi-factor authentication (MFA) method, ensuring the integrity of the recovery process and protecting agains impersonation attempts.