User Self-Custody & Wallet Recovery

A core principle of Refract Network is true self-custody. Unlike custodial services that hold private keys on behalf of users, our zkMPC architecture ensures that the user is the only one who can authorize transactions. Refract alone can never access or move a user’s funds.

This principle extends to wallet recovery. Our system is designed to be fully recoverable by the user, even if Refract Network’s services were to become unavailable.

The Definition of Self-Custody in our MPC Scheme

  • No Single Point of Failure: The user’s private key is never stored in one place. It is generated via a distributed process and exists only as three separate mathematical shares (xC, xS, xR).
  • User-Held Authority: The Client Shard (xC) resides on the user’s device. Without it, no transaction can be initiated. This shard represents the user’s explicit intent and authorization.
  • Offline Recoverability: The user holds the two shards necessary for full wallet recovery (xC and xR), allowing them to regain control of their assets independently of our servers.

Recovery Scenarios

Scenario 1: Recovering Your Wallet Without Refract

This is the primary recovery method, designed to give users ultimate control and peace of mind. To perform this, you need the two key shards that are exclusively under your control.

  1. The Client Shard (xC): This is stored on your device within the Refract Passport. If you still have your device, you have this shard.
  2. The Recovery Shard (xR): This is the encrypted backup you were prompted to save during wallet creation.

Process:

  1. The user would use a provided open-source recovery tool. ::TODO: Link to recovery tool repo::
  2. The tool would prompt for the Client Shard (retrieved from the local device) and the encrypted Recovery Shard.
  3. The user enters their 8-digit passcode to decrypt the Recovery Shard (xR) locally.
  4. The recovery tool uses the now-decrypted xR and the xC to perform a 2-of-2 signing ceremony via the CGGMP-24 protocol. This gives the user full control of their wallet to move assets to a new one.

Scenario 2: Recovering Your Wallet If You Lose Your Device

If a user loses their primary device (and thus their Client Shard xC), they can still recover their wallet using their backup and Refract’s server shard.

  1. The Recovery Shard (xR): The user must have their encrypted backup file.
  2. The Enclave Shard (xS): This is the shard securely held within Refract’s AWS Nitro TEE.

Process:

  1. The user installs Refract Passport on a new device.
  2. They authenticate using their original social account (e.g., log in with the same TikTok account). This proves their identity to Refract’s backend.
  3. The user provides their encrypted Recovery Shard (xR) and the 8-digit passcode to decrypt it locally on their new device.
  4. The new Passport client, now holding the decrypted xR, initiates a recovery signing ceremony with the Refract Enclave, which holds xS.
  5. This 2-of-2 signature authorizes the creation of a new Client Shard on the new device, restoring full access to the wallet.

Exporting Your Private Key (BIP-39 Mnemonic)

While our MPC system is designed to avoid materializing the private key, we provide an option for users who wish to export their wallet to a standard 24-word mnemonic phrase for use in other wallets like MetaMask or Phantom.

Security Warning: Exporting your private key creates a single point of failure. If this 24-word phrase is compromised, your funds can be stolen. We recommend keeping your wallet within the MPC system for maximum security.

Process:

  1. Inside Refract Passport, the user navigates to the security settings and chooses to export their key.
  2. After passing security checks (e.g., passcode, biometrics), the Passport initiates a 2-of-3 signing process using any two available shards.
  3. This process executes a special function in the CGGMP-24 to secp256k1 pipeline that securely derives the BIP-39 mnemonic phrase.
  4. The 24 words are displayed only on the user’s device for them to copy. Refract’s backend never sees or stores this mnemonic.