Social Recovery

Never lose access, and make sure the right people can. Keeplas splits your master key into encrypted shards across trusted contacts — a quorum can restore your vault, but no single person ever can.

The cryptographic guarantees

  • Shamir Secret Sharing. Your master key is split into 5 shards. A threshold you choose (2-of-5 by default) can rebuild it.
  • Post-quantum wrapping. Each shard is wrapped with ML-KEM-768 (NIST FIPS 203), so it stays sealed even against future quantum attacks.
  • Reconstructed on-device. Recovery happens on your contacts' devices. Keeplas never sees a raw shard or your reconstructed key.
  • No collusion risk. Below the threshold, the shards reveal nothing. Not even Keeplas plus a single contact can open your vault.

How recovery works

  1. Invite trusted contacts. Add people you trust by email or phone. They confirm and receive an encrypted shard tied to their device.
  2. Choose your threshold. Pick how many contacts must cooperate — 2-of-5 by default. Lower is easier; higher resists collusion.
  3. Shards are distributed. Keeplas runs Shamir locally on your device, wraps each shard with ML-KEM-768, and sends one per contact. Plaintext shards never exist outside memory.
  4. When recovery is needed, contacts authorize the request from their devices. The threshold's worth of unwrapped shards reconstruct the master key — on a device, not on the server.

Picking a threshold

ThresholdRecovery frictionCollusion resistance
2-of-5LowestLowest
3-of-5ModerateStronger
4-of-5HighStrongest

2-of-5 is the default because it makes recovery actually feasible during a stressful moment. If you can pick five people who would not collude against you, this is a sound starting point. Move to 3-of-5 if any of your five contacts are connected through the same household, employer, or jurisdiction.

Picking contacts

Good contacts share three traits:

  • Reachable — they will pick up the phone or check email within a few days.
  • Trustworthy in your specific risk model — not just generally trustworthy, but trustworthy under the failure modes you actually worry about.
  • Geographically or socially diverse — five contacts on the same hard drive defeats the purpose.

You can rotate contacts at any time. Removing a contact invalidates their shard immediately; their share of the key is regenerated and re-distributed.

What contacts can and cannot do

They can: participate in a recovery flow you (or Life Check) initiated; their device unwraps their shard and contributes to reconstruction.

They cannot: read your vault, see other contacts' shards, see the contents of any item, or initiate a recovery on their own. Below the threshold, their shard is mathematically useless.

editEdit this page on GitHub