Social Recovery Wallets

Here is a link to an old blog post by Vitalik Buterin concerning social recovery wallets: https://vitalik.ca/general/2021/01/11/recovery.html

Basically, users hold their own keys which are used to sign transactions and interact with the network normally, but they also have delegated guardians (at least 3), who all hold a piece of a key. When all of the guardians' keys are combined, they can change the keys necessary to sign a transaction. Some examples of situations in which this is useful include:

  • There is no single point of failure, lost keys can be replaced
  • Stolen keys can be changed before any funds are stolen
  • When users pass away, the guardians can reveal themselves to recover

I'm sure I don't understand every implication of this technology, but it seems to have no downsides other than code complexity; the way users interact with the network is unchanged, as long as their keys are safe.

Those who are concerned about the obvious security concern of guardians will be concerned by two things. First, every guardian needs to agree in order to change the keys, and any number can be delegated, so the possibility of guardians collaborating against their clients or all of them being taken over at once is unlikely. Second, users can name themselves as a guardian using an address just for this purpose on a paper wallet, so security is at worst just like it is now.

I am bringing this up because I think this would:

  • Increase how welcoming the crypto world is to newcomers, since key security is much simpler and everyone knows how to use forgot password
  • More urgently, discourage spam

I don't know the exact number, but something like 92% of nano accounts have an irrelevantly small balance. Forcing users to name at least a few guardians when opening an account would make the transactions take longer to produce. There's a few things that probably make this futile. Firstly, dust accounts can just name each other as guardians. There is a requirement to generate a seed to be used to change the signing key which would then be placed on the guardians, but in a basic implementation there's no enforcement of this. Second, creating a transaction to name guardians probably doesn't take more work than a change transaction, but that depends on the block structure, the work would have to come from another mechanism, like the guardians accepting the delegation before they can make another transaction.

I'm mostly spitballing with the spam discouragement part (raising PoW for new accounts is much simpler IMO), but regardless of that I think this is worth considering as the network advances. I can see it integrating well with the existing representative system. Please tell me what I'm overlooking.

I should also add that guardians are open to denial-of-service attacks if someone creates a bunch of accounts and name that node as a guardian, and request a key change from every account at once, which would mean that other people dependent on that guardian cannot request key changes for that period.

However, I view this as not a problem because key changes will likely not be handled in a standard way by every node, and they can privately prioritize legitimate accounts in their own way. Since the procedure for requesting a key change does not happen on the blockchain, guardians can just make it so that key change requests are hard to automate with code, ex. captcha