Kintsugi: Decentralized E2EE Key Recovery
Emilie Ma and Martin Kleppmann
29th International Workshop on Security Protocols,
Cambridge, UK,
March 2025.
This paper received a Best Presentation Award.
Abstract
Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted
data after they have lost their device, but still have their (potentially low-entropy) password.
Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust
by relying on servers administered by a single provider. Kintsugi is decentralized, distributing
trust over multiple recovery nodes, which could be servers run by independent parties, or end user
devices in a peer-to-peer setting. To recover a user’s keys, a threshold t + 1 of recovery nodes
must assist the user in decrypting a shared backup. Kintsugi is password-authenticated and protects
against offline brute-force password guessing without requiring any specialized secure hardware.