Capsule employs a robust recovery mechanism to ensure that wallet access remains resilient to events such as device loss or phishing attempts. This document outlines the recovery process implemented in Capsule’s infrastructure.

How Capsule Enables Recovery

Capsule’s recovery mechanism is designed to maintain user access to funds even if they lose access to their primary device. This is achieved through a combination of recovery secrets, backup devices, and multi-factor authentication. The recovery flow is managed through Capsule’s web application, the Capsule Portal, eliminating the need for individual app developers to implement their own recovery mechanisms.

1

Generating Recovery Secrets

When setting up a Capsule wallet, two key elements are generated:

  1. A unique recovery secret: This is shared with the user client-side. The application has the option to store this secret. It’s important to note that this secret is not related to the 2-of-2 MPC scheme and is solely used for restoring wallet access in case of device loss or theft. Capsule does not have access to this secret.

  2. A copy of the Cloud Key: This is shared with the user in the Capsule Backup Kit. The Cloud Key is part of Capsule’s two-key scheme, providing strong censorship resistance and protection against downtime.

2

Device Loss or Theft

In the event of a lost or stolen device, recovery is possible through two main methods: 1. Keychain backup: If enabled, the key (k1) from the old device can be recovered on a new device. Using this key and the recovery secret, the user can add a new Passkey (r1) to Capsule’s allow list. 2. Recovery secret: If the user has their recovery secret, they can initiate a recovery attempt via the Capsule Portal.

3

Key Rotation

After successfully adding a new Passkey, Capsule prompts the user to perform a key rotation. This process generates an entirely new set of keys, enhancing the security of the user’s account and protecting against potential unauthorized access to the old keys.

4

Backup Devices

Users have the option to add backup devices (such as a laptop or smartwatch) during the wallet setup process. If a primary device is lost, the user can log in from one of these backup devices. From there, they can add new devices and remove lost ones, ensuring uninterrupted access to their wallet.

5

Recovery with Recovery Key

If the user cannot recover their User Share from their KeyChain backup or a secondary device, they can initiate a key rotation using the recovery key. This process includes:

  1. Two-factor authentication (2FA) with their phone number or another multi-factor authentication (MFA) method.
  2. This additional step ensures the integrity of the recovery process and protects against impersonation attempts.

Security Measures

Best Practices for Users

Secure Storage

Store the recovery secret in a secure, offline location. Never share this secret with anyone, including Capsule.

Enable 2FA

Activate two-factor authentication for an additional layer of security during the recovery process.

Multiple Backup Devices

Add multiple backup devices when possible to increase recovery options.

Regular Verification

Periodically verify the ability to access the account from backup devices to ensure they remain functional.

By implementing this comprehensive recovery process, Capsule ensures that users have a secure and reliable method to regain access to their wallets, balancing strong security measures with user-friendly processes.