The regular recovery procedure will be carried out using “recovery contacts”. In this setup, when a user initiates a recovery procedure, the recovery contacts will need to collaborate (asynchronously) to reach the required threshold to rebuild the private key passphrase (passphrase that is needed to decrypt the user secret key backup).
In practice the user key passphrase would be split into multiple secrets using a shamir secret sharing scheme, and these secrets will be encrypted using the multiple recovery contacts public keys.
Can you explain more the process of Shamir validation? Specifically, how is the passphrase being derived - is it based on the polynomial?
Also, if it’s an asynchronous process, how are the passphrase “pieces” being stored (in decrypted form?) while awaiting for any remaining pieces to be decrypted by the appointed recovery contacts? And are the recovery contacts provided truly only a piece of the passphrase or also additional data for curve validation?
Nice writeup! Exciting to see some activity on this.