To help people take control of the keys to their bitcoin, we’re focused on making it easy to recover control when they lose parts of their wallet. We want to help everyone understand how Bitkey works, so today we’re publishing new, in-depth information about how customers will be able to recover their wallet when they lose their phone, hardware device, or both.
Bitkey’s approach to recovery includes four primary capabilities:
- Cloud Backup, for when you lose access to the key stored on your phone, for example if your phone is lost or stolen - or you just get an upgrade
- Delay and Notify, for when you lose your hardware, or when you lose both the key stored on your phone and your cloud backup
- Social Recovery, an optional feature for when you lose both your hardware and the key stored locally on your phone
- Break Glass, for if you no longer can or no longer want to use the current version of the Bitkey app to access your funds
We're publishing a paper on recovery today to provide more detail on how customers can use these features to recover and how these features work under the hood. And before we make Bitkey broadly available, we will also share our code to enable anyone to inspect how Bitkey is built.
We asked several industry experts with deep backgrounds in building both custodial and self-custody bitcoin products to review an earlier version of this paper. Together these reviewers have decades of experience building secure systems and have built some of the most successful products in the bitcoin space. The main themes we heard in their feedback include:
- Interest in extending the Social Recovery feature described in the paper to allow customers to optionally require multiple "Trusted Contacts" to approve recovery actions – for example, to require 2-of-3 contacts to approve an action, rather than any 1 of the enrolled contacts. This would allow customers to customize how much healthy friction they want versus optimizing for recovery availability
- Interest in features that help customers confirm that the Trusted Contacts they enroll through the Social Recovery feature maintain access over time to the portions of backup materials they hold on the customer's behalf – for example, a periodic alert to customers if any of their Trusted Contacts haven’t used the Bitkey app for a long period of time
- Emphasis on the importance of monitoring to detect attacks that try to abuse recovery features to allow attackers to gain access to a customer's bitcoin
- Emphasis on the importance of sharing our code (which we will do before we ship Bitkey to customers)
We’re considering these themes as we work towards the launch of Bitkey, and will continue to improve both the design and the documentation we’ve published today. And now that we’ve shared our recovery paper in this post, we’d love to hear thoughts from anyone out there following our work. What else should we be thinking about as we iterate? Tell us at bitkey@block.xyz.