English

Kintsugi: Decentralized E2EE Key Recovery

Cryptography and Security 2025-07-30 v1

Abstract

Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted data after they have lost their device, but still have their (potentially low-entropy) password. Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust by relying on servers administered by a single provider. Kintsugi is decentralized, distributing trust over multiple recovery nodes, which could be servers run by independent parties, or end user devices in a peer-to-peer setting. To recover a user's keys, a threshold t+1t+1 of recovery nodes must assist the user in decrypting a shared backup. Kintsugi is password-authenticated and protects against offline brute-force password guessing without requiring any specialized secure hardware. Kintsugi can tolerate up to tt honest-but-curious colluding recovery nodes, as well as nt1n - t - 1 offline nodes, and operates safely in an asynchronous network model where messages can be arbitrarily delayed.

Keywords

Cite

@article{arxiv.2507.21122,
  title  = {Kintsugi: Decentralized E2EE Key Recovery},
  author = {Emilie Ma and Martin Kleppmann},
  journal= {arXiv preprint arXiv:2507.21122},
  year   = {2025}
}

Comments

15 pages with 4 additional pages of workshop discussion transcript. To be published in the proceedings of the Twenty-ninth International Workshop on Security Protocols

R2 v1 2026-07-01T04:22:39.545Z