- This was a hack for ETHBerlinZwei.
- Details can be found in this overview presentation.
- Details on devpost
- Screencast on YouTube
- Private keys are too cryptic too remember
- Mnemonics are too hard to remember
- Social recovery is not really a solution
- Either you are not sure about who to trust
- Do you really want to put the burden on friends/family?
- Time lock is cool but not a recovery solution by itself
- If just a single character is wrong, the private key is wrong and recovery is not possible.
- Current key recovery solutions are either way less secure or less convenient
- FOAM
- “Memory Palace”
- https://www.studygs.net/memory/memloci.htm
- https://en.wikipedia.org/wiki/Method_of_loci
- Take a mental walk to memorize up to 20 objects
- Locations are easy to remember
Prerequisite: You need a smart contract wallet (Gnosis Safe)
- Select 5 locations of your choice.
- Geo-data is hashed to derive the private key to recovery account
- FOAM is used as decentralized geo-data provider
- Smart contract module is attached to your Gnosis Safe
- You can recover by entering the 5 Locations to get the private key for recovery account
- Sign recovery and new Safe owners using recovery account
- We wrote a module for the Gnosis Safe smart contract in Solidity.
- There are 2 use cases: (1) Set up mapcovery and (2) perform mapcovery to recover your wallet.
- We wrote a webapp and an Android app to allow users to set up mapcovery and also to perform the actual recovery.
- Where would we get reliable geo-location data from?
- What is a good number of locations to reach sufficient security?
- How can we prevent front running?
- How can we make sure to not leak the 5 locations when performing recovery?
- Finding another possible recovery method for smart contract wallets.
- Finding a method that is relatively easy to remember but still provides enough security.
- Solving for front-running through elegant smart-contract design.
- How FOAM really works incl. their APIs and why it is needed.
- What ways of storing location data exist out there incl. their advantages and disadvantages.
- How modules work with the Gnosis Safe
- How to design and build prototypes with Adobe XD.
- How hacking is enhanced when techno music is blasting through Factory the entire day.
- Allow users to configure more parameters:
- Number of locations
- Time-lock period
- Add bonds required to trigger mapcovery
- Allow recovery cancellations.
- Allow Gnosis Safe users on iOS and Android to set up mapcovery, if they would like to do so.
- Security audit of the contract code.
- Add more locations to FOAM in order to increase security and make brute-force attacks harder.
- Wait for FOAM's "Presence Claims" and integrate them. They are a ways to check that someone is actually present at a location. If enabled for Mapcovery, this would increase security even more by requiring physical presence at the recovery locations. This would decrease convenience but attacks get harder by multiple orders of magnitude.
- Broaden use cases for Mapcovery (Other smart contract wallets, potentially even traditional EOA wallets, etc.)
- Lukas Schor (lukasschor)
- German Martinez (germartinez)
- Richard Meissner (rmeissner)
- Tobias Schubotz (tschubotz)