- From: Amir Hameed <amsaalegal@gmail.com>
- Date: Mon, 23 Feb 2026 08:52:44 -0800
- To: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CANGYBsyCrskU7RCeoa0p28hE2PWBxjqtTeg-Dqcvkbj=0ziZew@mail.gmail.com>
Dear CCG Community, Within the UDNA CG w3c-cg/udna: This repository holds the work of the W3C Universal DID-Native Addressing (UDNA) Community Group. We are developing a standard for addressing Decentralized Identifiers (DIDs) on the web. <https://github.com/w3c-cg/udna>, we have been exploring a critical gap in the DID ecosystem: standardized key recovery. We believe the path toward global adoption requires a robust approach to recovery that avoids both permanent identity loss and vendor lock-in. After extensive research and prototyping, we have identified three distinct approaches that appear viable across different operational and trust models. We are seeking community feedback on these mechanisms to advance this work toward a formal specification. The Three Proposed Models1. Social ZKP Recovery (Threshold-Social) Analogy: Like giving pieces of a treasure map to five trusted friends, where any three can come together to find the treasure—but they never actually see the map. The Technical Model: Threshold trust with zero-knowledge proofs (ZKP). How it works: Uses Feldman Verifiable Secret Sharing (VSS). Recovery keys are split into t-of-n shares. Guardians hold shares but never reveal them to the user or each other. Recovery uses Schnorr ZKPs to verify share possession. The Magic: No single guardian can reconstruct the key, and even t-1 colluding guardians learn nothing. Your friends prove they could help without ever seeing your key. Use Case: Individual sovereignty, family protection, and communities with existing trust networks. 2. Deterministic Temporal Recovery (Time-Lock) Analogy: Like a safety deposit box that automatically opens after one year, but only for your chosen beneficiary—and the lock itself is mathematical, not dependent on a bank employee. The Technical Model: Time-locked recovery via Verifiable Delay Functions (VDFs). How it works: A master seed is encrypted with a VDF-derived key. A beneficiary must compute the VDF for a specified duration (acting as a dead man's switch). The Magic: No one can cheat the clock. The computer must perform sequential calculations that cannot be parallelized. It is a mathematical guarantee of time, like a digital hourglass. Use Case: Inheritance planning, long-term asset custody, and cross-generational identity transfer. 3. MPC-Mediated Recovery (Distributed-Provider) Analogy: Like a bank vault requiring three officers to open simultaneously. Every month, the locks are changed, so a stolen key from last month is useless. The Technical Model: Threshold signatures with proactive refresh. How it works: Uses fROST (Flexible Round-Optimized Schnorr Threshold signatures). Key shares are distributed across independent providers. Proactive Secret Sharing (PSS) refreshes shares periodically (epoch-based synchronization). The Magic: The key never exists in one place. Even if an attacker compromises a provider, the stolen share becomes useless after the next automatic refresh cycle. Use Case: Enterprise identity management, institutional custody, and high-assurance environments. Why These Three These three models emerged from analyzing real-world recovery scenarios. For users who trust their friends and family but not completely, social ZKP recovery fits. For those who want their children to inherit their digital identity, temporal recovery applies. For organizations requiring bank-grade security with multiple independent authorities, MPC-mediated recovery is appropriate. Together, they form a comprehensive toolkit that can be mixed and matched based on user needs and risk profiles. Repository: github.com/sirraya-labs/did-kr Questions for the Community Do these three models cover the majority of use cases the community is currently seeing? Should these be specified as separate extensions or unified under a single recovery verification relationship? Are there existing CCG work items we should align with or build upon? Are there DID Method implementers interested in testing these recovery hooks or reviewing a draft? We are seeking initial feedback over the next two weeks to determine interest in a unified specification. Pending community interest, we intend to submit this as a formal CCG Work Item and move toward registering these as a DID Extension. We are looking for implementers interested in building wallet support, use case contributors with additional scenarios, and co-editors , co-sponsors to help shape the specification. Looking forward to your thoughts and feedback. Best regards, Amir Hameed Mir Founder, Sirraya Labs On behalf of the UDNA CG amir@sirraya.org Universal DID-Native Addressing (UDNA) | Community Groups | Discover W3C groups | W3C <https://www.w3.org/groups/cg/did-native-addr/>
Received on Monday, 23 February 2026 14:51:24 UTC