The Recovery Pallet shipped with official Substrate Frame provides a nice M-of-N social recovery mechanism. However, it exposed the friends' accounts in plaintext and may introduces several attack vectors, such as collusions or targetet attacks
Through this pallet, we only store the merkle root of friends' accounts, and commit the merkle proofs to blockchain during the recovery period. It's both space effecient and privacy-preserving.
The idea of secret social recovery is inspired by both Shawn Tabrizi's youtube talks and EIP2494: Secret Multisig Recovery。
There can be multiple ways to implement a membership proof while maintain privacy, including both ZK and NonZK approachs. Here I take the simple path of taking advantage of merkle inclusion proof , although is not zero knowledge. More complex solutions might be implemented in the future.
The implementation is base on Official Recovery Pallet, but there are some major changes:
- Store
friends_merkle_rooton chain, instead of plainfriendslist; - Not include the economic measures like
recovery depostandslashso far for simplicity; - The
friendsshould be invited one-by-one privately during the recovery process, they approve the recovery by signing therescuer account, and the merkle_proof ought to be generated by the orignal account owner.
Currently the pallet serves as a PoC for secret social recovery. It's already proven the idea but not yet production-ready. More development would be put in the future.