Current Best Practices of Wallet / Key Recovery

(Was Subject: Question From HPEC re SSI Wallets by Leah Houston, MD <> )

On Tue, Sep 22, 2020 at 12:45 PM Leah Houston, MD <> wrote:

> What are the current best practices and tools for wallet/key recovery?

At Blockchain Commons we believe the best initial answers for wallet & key
recovery come from the Bitcoin community where battle-hardened code is
being tested to protect billions of dollars of value in Bitcoin.

Our open source GordianWallet
I believe exemplifies the current best practices of multi-profile recovery
(multiple root seeds rather than one root seed per device like
Ledger/Trezor) as well as multiple account & account recovery, multisig
account recovery (as this is harder in a multisig world), and metadata
recovery (eventually including VCs).

Right now our reference open-source code behind this wallet is focused on
self-sovereign recovery scenarios that depend on no others, for instance as
in the cold storage scenario I described last year in my free book
PDF book on “the care, maintenance, control, and protection of digital
assets" iavailable from @BlockchainComns at

This week we have added reference code for social seed recovery using
Shamir secret sharing (aka sskr), and we have implemented some initial
implementation of various mulitsig transactional recovery practices, for
instance for use with your spouse or business partner, which will be
implemented in GordianSigner for iOS and Android.

We released today a command-line #cli tool that exercises our shared
reference C & C++ libraries to create seeds, creates mnemonics (BIP39),
shards them (sskr), shares them via QRs & more: and the other
open-source libraries in the same community.

This seedtoool tool uses libraries to implement standards for seeds, BIP39,
sskr (Shamir Secret Key Recovery), derived child keys, and more, as well
animated QR code standards ( for video demo) to
share this data is being implemented in multiple bitcoin wallets, including
our own GordianWallet, LetheKit, as well as many other emerging Bitcoin
wallets with airgapped and/or multisig features. Discussions on these
emerging standards are in

However, as we move forward into a multiseed & multisig world, neither cold
storage nor social seed recovery is safe enough. We need to move forward on
a variety of topics like self-sovereign but collaborative recovery, Verifiable
Secret Sharing (which Shamir can’t do) based recovery mechanisms so that
you can prove you that you HAVE backed up and CAN recover, transactional
recovery scenarios (including rotation, see,
directed-capability & time-lock based recovery scenarios, and
zk-collaborative key creation. All topics Blockchain Commons is making slow
but persistent progress on.

Please note that Blockchain Commons is a not-for-profit benefit corporation
and all of our output is open source, not products or services backed by
investment or VCs. So we depend on people & development companies like
yours to fund these projects and our ongoing research.

You can support Blockchain Commons monthly via GitHub Sponsors at — even only $100 a month is
helpful, but we'd appreciate a commitment to becoming a sustain sponsor at
$1000 a month. Or you can directly sponsor me and my advocacy & standards
work for even as little as $5 a month and have your sponsorship matched by
GitHub for 2x effectiveness at
Direct contributions can also be made via Bitcoin at

You can also support Blockchain Commons by dedicating some staff time on
our projects. For instance, one company is doing a paid "externship" this
quarter, where one of their engineers is working for us for 3 months under
my direction, with the goal of not only have Blockchain Comons benefiting
from his work, but also having him return to the company with more
understanding of secure open source development practices, our wallet
community, as well as my personal mentorship.

I'm hoping to get some funding this quarter to work on our next two big
projects, which are libraries for a keytool that do various forms of
hierarchical key creation from master seeds (BIP32 HD keys in the Bitcoin
world, but less clear standards in 25519 world), and a  libraries signtool
and verify tool, which will work both for JSON LD 1.1 and aggregated
multisig Schnorr on both secp256k1 and 25519 curves.

With these tools I'm hoping to offer some interesting multisig options for
DIDs and VC, as well as beging research on new cryptographic-based directed
capabilities and #SmartSignatures in 2021.

I don't currently have funding for more than minimal (but persistent)
movement forward on keytool/signtool/verifytool libraries and projects in
Q4, but if you'd like to see these projects accelerated let me know.

— Christopher Allen


Received on Tuesday, 22 September 2020 21:54:00 UTC