Wallet Management Decentralized Application with Social Recovery

State: Open


Managing a private-public key pair in blockchain technology is highly sensitive. Either loosing the private key or involuntarily leaking it to be accessible by the public can lead to the loss of all assets. In case of leaking it and with the luck of noticing quickly, all assets could be sent to a newly set up key pair to preserve the assets and circumvent theft. This however can be cumbersome and might require many transactions if a lot of different assets are held in that address. If the private key is lost, the assets are lost forever and cannot be accessed any longer by anyone.

A social wallet recovery feature can allow users to recover their access by using a combination of their own personal information and the assistance of trusted contacts. These trusted contacts, also known as recovery agents, are pre-selected by the user and can be called upon to provide specific information or confirm the user's identity in order to regain access to the lost wallet. This feature adds an additional layer of security to the traditional process of recovering a lost or forgotten private key, as it requires multiple parties to confirm the identity of the user.

Since transactions are final once transmitted, even small byte changes in a transaction script can lead to unintentional outcomes. Having additional entities that verify actions before they are executed can add an additional layer of security for users. This layer could include mechanics that allows specifying trusted controller accounts that have to co-sign specific actions by the owner, e.g., transferring assets. This allows the owner to always have a trusted entity to verify that a transfer is correct. These co-sign agents only have the right to witness actions but not to execute themselves. The owner should be able to add and remove them and manage their permissions. Further, regardless of the state of the controller accounts, the owner should be able to force a transaction that does not require any co-signature, so that co-sign agents can be bypassed at all time.


Few blockchains have integrated functionalities that solve these issues (e.g., Near). On the Neo blockchain, this is not the case. However, it can be delivered within a Smart Contract. The student should design and implement a Smart Contract as a vault in a way that allows it to change its owner and thus change the private key that is required to access the assets held on the Smart Contract. Further, the Smart Contract should contain sophisticated mechanics to manage co-signing and recovery agents.



If you're interested, send an email to: rodrigues@ifi.uzh.ch or machado@ifi.uzh.ch
40% Design, 50% Implementation, 10% Documentation

Supervisors: Dr. Guilherme Sperb Machado, Dr. Bruno Rodrigues, Burkhard Stiller, CSG@IfI

back to the main page