Social Recovery
Never lose access, and make sure the right people can. Keeplas splits your master key into encrypted shards across trusted contacts — a quorum can restore your vault, but no single person ever can.
The cryptographic guarantees
- Shamir Secret Sharing. Your master key is split into 4 shares: one stays on your own device as a personal safety net, and three are sealed to trusted contacts. A threshold you choose (2 by default, raisable to 3) rebuilds it from your contacts' shares.
- Post-quantum wrapping. Each contact's shard is wrapped with ML-KEM-768 + AES-256-GCM (NIST FIPS 203), so it stays sealed even against future quantum attacks.
- Reconstructed on-device. Recovery happens on a contact's device. Keeplas never sees a raw shard or the reconstructed key — and never holds a shard of its own.
- No collusion risk. Below the threshold, the shards reveal nothing. Not even Keeplas plus a single contact can open your vault.
How recovery works
- Invite trusted contacts. Add people you trust by email or phone. You need at least 2 trusted contacts to distribute — a lone guardian can never reach a quorum. They confirm and receive an encrypted shard tied to their device.
- Choose your threshold. Pick how many contacts must cooperate — 2 by default, or 3. Lower is easier; higher resists collusion. (A threshold of 3 only works once all three contact shards are held.)
- Shards are distributed. Keeplas runs Shamir locally on your device, wraps each contact's shard with ML-KEM-768, and sends one per contact. Plaintext shards never exist outside memory.
- When recovery is needed, contacts authorize the request from their devices. The threshold's worth of unwrapped shards reconstruct the master key — on a contact's device, never on the server.
Picking a threshold
| Threshold | Recovery friction | Collusion resistance |
|---|---|---|
| 2 (default) | Lower | Lower |
| 3 | Higher | Strongest |
Keeplas always creates 4 shares (one device share plus three contact shares), and you choose how many contacts must cooperate: 2 or 3.
Threshold 2 is the default because it makes recovery actually feasible during a stressful moment, and stays recoverable even if one contact becomes unreachable. Move to threshold 3 if your three contacts could be connected through the same household, employer, or jurisdiction — but note it leaves no margin: all three must remain reachable for recovery to succeed.
Picking contacts
Good contacts share three traits:
- Reachable — they will pick up the phone or check email within a few days.
- Trustworthy in your specific risk model — not just generally trustworthy, but trustworthy under the failure modes you actually worry about.
- Geographically or socially diverse — three contacts on the same hard drive defeats the purpose.
You can rotate contacts at any time. Removing a contact clears their stored shard immediately. To rebalance the remaining contacts, re-run Distribute now from Security Center — each distribution re-splits your master key from scratch, so every previously handed-out shard is cryptographically invalidated and replaced in one step.
What contacts can and cannot do
They can: participate in a recovery flow you (or Life Check) initiated; their device unwraps their shard and contributes to reconstruction.
They cannot: read your vault, see other contacts' shards, see the contents of any item, or initiate a recovery on their own. Below the threshold, their shard is mathematically useless.