moskalyk
commented
6 years ago Password recoverability 'typically' takes the form of using a group of 'trustees' with the use of a Shemir Secret (common amongst those implementations like uPort, NuCpyher, etc.)
Shamir’s secret sharing is an algorithm that divides a secret into shares. A secret can be recovered by combining certain numbers of shares.
In the mimo scenario, the private key would be the secret.
In traditional real identity based systems, this would represent a group of acquaintances or friends. In Mimo, given the decentralized / pseudo-anonymous nature, there might be a need for a staking mechanism (either economic or reputation based) to explore.
Considerations:
- Trustee: Possible need for a participant within the mimo ecosystem called a "Trustee"
- Trustees as Followers or other Pseudo-Anon Profiles: This may present the need within mimo to be able to choose a select few 'trusted' followers that opt into the ability to have a share of the secret provided.
- Staking model: Additionally, a token staking model (if not Ether) as a economic reward based system. If not economic stake, then possible reputation based system attached to identities to prevent: collusion and password recover quick acting. Reputation based system: To create more 'at stake' in recovery / preventing collusion, a reputation within a community should be established.
Example: Reputation Mo loses his password. Mo has preset trustees he's chosen based on the trustees willingness stake their reputation at stake that they will act honestly, and incentived (amongst a group) to act quickly for a reward. This relationship to the account looking for password recovery help might be best anonymous, as a trustee would act differently in knowing who they are providing help to E.g: 1) profile with many followers might signal status (which is typically how the populist thinks) vs. 2) a new account with low followers. (which can be even more favourable to help those learning). Trustees are rewarded badges which have more reputation in password recovery / more likely to be chosen as a future trustee for others.
Considerations: The quantity of password recoveries might happen more often for newer accounts because of inexperienced holders. However, for the Mimo profile, there is less at stake given reputation (unless attached to a valuable ENS name) which may be less of an issue. Vs. matured profiles have more to lose, and if put in the wrong hands can act malicously and create a bad overall reputation of mimo profiles.. Need to unpack this and get back to you.
Rewards Alternatively, this might better help the matured ecosystem, as those profiles with high followers / reputation would be willing to stake more to keep account, and choose highly 'reputable trustees' to protect account. This stake / claim would be to recover a password in the future. e.g. 10 MIMO tokens, and Trustees / Holders of the share are rewarded a staked sum to help in a backup. In the request for a back up, there is an incentive to provide the recovery quickly.
Consideration: Some notifications / client / UI is a top need.
Attacks While I'm not up to date on the complete picture of the mechanism design here, there is possible for collusion for trustees to find other trustees and collude to steal an account. Therefore, some counter stake, or governance around this might be needed for 'tattling' if a trustee finds out that another is sniffing for shares. From a reputation perspective, there is high incentive for profile owners to know they have a 'tattler' in their trustee group.
Other Considerations:
- Privacy features may be of use to prevent trustees from knowing other addresses of trustees, or, even knowing.
- Might need to look into address / reveal scheme. Where a trustee does not know the address their hold a share of to prevent acting different given identity until after a password recovery notificaiton has been created.
ghiliweld
Profile should be recoverable in the event of losing your private key or getting your wallet hacked.