An Owner-managed Indirect-Permission Social Authentication Method for Private Key Recovery

TL;DR

This paper introduces a novel owner-managed social authentication method for private key recovery that enhances security and reliability by separating permission from possession and using secret shares with trustees.

Contribution

It presents a new indirect-permission private key recovery approach that addresses circular protection issues and improves security over existing methods.

Findings

The method is six orders of magnitude more secure and reliable.

It effectively resolves circular protection issues in key recovery.

The approach leverages social authentication with trustee-based secret sharing.

Abstract

In this paper, we propose a very secure and reliable owner-self-managed private key recovery method. In recent years, Public Key Authentication (PKA) method has been identified as the most feasible online security solution. However, losing the private key also implies the risk of losing the ownership of the assets associated with the private key. For key protection, the commonly adopted something-you-x solutions require a new secret to protect the target secret and fall into a circular protection issue as the new secret has to be protected too. To resolve the circular protection issue and provide a truly secure and reliable solution, we propose separating the permission and possession of the private key. Then we create secret shares of the permission using the open public keys of selected trustees while having the owner possess the permission-encrypted private key. Then by applying the social authentication method, one may easily retrieve the permission to recover the private key. Our analysis shows that our proposed indirect-permission method is six orders of magnitude more secure and reliable than