Social Recovery

Never lose access, and make sure the right people can. Keeplas splits your master key into encrypted shards across trusted contacts — a quorum can restore your vault, but no single person ever can.

The cryptographic guarantees

  • Shamir Secret Sharing. Your master key is split into 4 shares: one stays on your own device as a personal safety net, and three are sealed to trusted contacts. A threshold you choose (2 by default, raisable to 3) rebuilds it from your contacts' shares.
  • Post-quantum wrapping. Each contact's shard is wrapped with ML-KEM-768 + AES-256-GCM (NIST FIPS 203), so it stays sealed even against future quantum attacks.
  • Reconstructed on-device. Recovery happens on a contact's device. Keeplas never sees a raw shard or the reconstructed key — and never holds a shard of its own.
  • No collusion risk. Below the threshold, the shards reveal nothing. Not even Keeplas plus a single contact can open your vault.

How recovery works

  1. Invite trusted contacts. Add people you trust by email or phone. You need at least 2 trusted contacts to distribute — a lone guardian can never reach a quorum. They confirm and receive an encrypted shard tied to their device.
  2. Choose your threshold. Pick how many contacts must cooperate — 2 by default, or 3. Lower is easier; higher resists collusion. (A threshold of 3 only works once all three contact shards are held.)
  3. Shards are distributed. Keeplas runs Shamir locally on your device, wraps each contact's shard with ML-KEM-768, and sends one per contact. Plaintext shards never exist outside memory.
  4. When recovery is needed, contacts authorize the request from their devices. The threshold's worth of unwrapped shards reconstruct the master key — on a contact's device, never on the server.

Picking a threshold

ThresholdRecovery frictionCollusion resistance
2 (default)LowerLower
3HigherStrongest

Keeplas always creates 4 shares (one device share plus three contact shares), and you choose how many contacts must cooperate: 2 or 3.

Threshold 2 is the default because it makes recovery actually feasible during a stressful moment, and stays recoverable even if one contact becomes unreachable. Move to threshold 3 if your three contacts could be connected through the same household, employer, or jurisdiction — but note it leaves no margin: all three must remain reachable for recovery to succeed.

Picking contacts

Good contacts share three traits:

  • Reachable — they will pick up the phone or check email within a few days.
  • Trustworthy in your specific risk model — not just generally trustworthy, but trustworthy under the failure modes you actually worry about.
  • Geographically or socially diverse — three contacts on the same hard drive defeats the purpose.

You can rotate contacts at any time. Removing a contact clears their stored shard immediately. To rebalance the remaining contacts, re-run Distribute now from Security Center — each distribution re-splits your master key from scratch, so every previously handed-out shard is cryptographically invalidated and replaced in one step.

What contacts can and cannot do

They can: participate in a recovery flow you (or Life Check) initiated; their device unwraps their shard and contributes to reconstruction.

They cannot: read your vault, see other contacts' shards, see the contents of any item, or initiate a recovery on their own. Below the threshold, their shard is mathematically useless.