Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

VA-DAR: A PQC-Ready, Vendor-Agnostic Deterministic Artifact Resolution for Serverless, Enumeration-Resistant Wallet Recovery

Jian Sheng Wang

TL;DR

VA-DAR is presented, a keyed-discovery protocol for ACE-GF-based wallets that use device-bound passkeys for day-to-day local unlock while supporting cross-device recovery using only a user-provided identifier and a single recovery passphrase, and formalize security goals via cryptographic games and proves that VA-DAR meets these goals while remaining vendor-agnostic and chain-agnostic.

Abstract

Serverless wallet recovery must balance portability, usability, and privacy. Public registries enable decentralized lookup but naive identifier hashing leaks membership through enumeration. We present VA-DAR, a keyed-discovery protocol for ACE-GF-based wallets that use device-bound passkeys for day-to-day local unlock while supporting cross-device recovery using only a user-provided identifier (e.g., email) and a single recovery passphrase. As a discovery-and-recovery layer over ACE-GF, VA-DAR inherits ACE-GF's context-isolated, algorithm-agile derivation substrate, enabling non-disruptive migration to post-quantum algorithms at the identity layer. The design introduces a decentralized discovery-and-recovery layer that maps a privacy-preserving discovery identifier to an immutable content identifier of a backup sealed artifact stored on a decentralized storage network. Concretely, a user derives passphrase-rooted key material with a memory-hard KDF, domain-separates keys for artifact sealing and discovery indexing, and publishes a registry record keyed by a passphrase-derived discovery identifier. VA-DAR provides: (i) practical cross-device recovery using only identifier and passphrase, (ii) computational resistance to public-directory enumeration, (iii) integrity of discovery mappings via owner authorization, and (iv) rollback/tamper detection via monotonic versioning and artifact commitments. We define three sealed artifact roles, two update-authorization options, and three protocol flows (registration, recovery, update). We formalize security goals via cryptographic games and prove, under standard assumptions, that VA-DAR meets these goals while remaining vendor-agnostic and chain-agnostic. End-to-end post-quantum deployment additionally requires a PQ-secure instantiation of registry authorization.

VA-DAR: A PQC-Ready, Vendor-Agnostic Deterministic Artifact Resolution for Serverless, Enumeration-Resistant Wallet Recovery

TL;DR

VA-DAR is presented, a keyed-discovery protocol for ACE-GF-based wallets that use device-bound passkeys for day-to-day local unlock while supporting cross-device recovery using only a user-provided identifier and a single recovery passphrase, and formalize security goals via cryptographic games and proves that VA-DAR meets these goals while remaining vendor-agnostic and chain-agnostic.

Abstract

Serverless wallet recovery must balance portability, usability, and privacy. Public registries enable decentralized lookup but naive identifier hashing leaks membership through enumeration. We present VA-DAR, a keyed-discovery protocol for ACE-GF-based wallets that use device-bound passkeys for day-to-day local unlock while supporting cross-device recovery using only a user-provided identifier (e.g., email) and a single recovery passphrase. As a discovery-and-recovery layer over ACE-GF, VA-DAR inherits ACE-GF's context-isolated, algorithm-agile derivation substrate, enabling non-disruptive migration to post-quantum algorithms at the identity layer. The design introduces a decentralized discovery-and-recovery layer that maps a privacy-preserving discovery identifier to an immutable content identifier of a backup sealed artifact stored on a decentralized storage network. Concretely, a user derives passphrase-rooted key material with a memory-hard KDF, domain-separates keys for artifact sealing and discovery indexing, and publishes a registry record keyed by a passphrase-derived discovery identifier. VA-DAR provides: (i) practical cross-device recovery using only identifier and passphrase, (ii) computational resistance to public-directory enumeration, (iii) integrity of discovery mappings via owner authorization, and (iv) rollback/tamper detection via monotonic versioning and artifact commitments. We define three sealed artifact roles, two update-authorization options, and three protocol flows (registration, recovery, update). We formalize security goals via cryptographic games and prove, under standard assumptions, that VA-DAR meets these goals while remaining vendor-agnostic and chain-agnostic. End-to-end post-quantum deployment additionally requires a PQ-secure instantiation of registry authorization.
Paper Structure (57 sections, 4 theorems, 12 equations, 3 tables)

This paper contains 57 sections, 4 theorems, 12 equations, 3 tables.

Table of Contents

  1. Introduction
  2. Non-goals.
  3. System Model and Preliminaries
  4. Entities
  5. Secrets and Artifacts
  6. Cryptographic Primitives
  7. Notation
  8. Threat Model and Security Goals
  9. Adversary Capabilities
  10. Security Goals
  11. Design Overview: Three Sealed Artifacts
  12. Key Derivation with Strict Domain Separation
  13. Two-Stage Passphrase Derivation
  14. Stage A (lookup/auth root; computable from $(I,P)$ only).
  15. Stage B (artifact decryption root; bound to artifact-local salt).
  16. ...and 42 more sections

Key Result

Theorem 1

Assume $\mathsf{Argon2id}$ is one-way at configured cost $(\mathsf{params}_{\mathrm{lookup}})$ and $\mathsf{HMAC}(K_{\mathrm{idx}}, \cdot)$ is a PRF when keyed by $K_{\mathrm{idx}}$ derived from $K_{\mathrm{lookup}}$ via $\mathsf{HKDF}$. Then for any PPT adversary $\mathcal{A}$ playing $\mathbf{G}_{ That is, identifier-only enumeration reduces to passphrase guessing with per-guess memory-hard cost

Theorems & Definitions (13)

  • Remark 1
  • Remark 2
  • Definition 1: Enumeration-Resistance Game $\mathbf{G}_{\mathrm{enum}}$
  • Definition 2: Mapping-Integrity Game $\mathbf{G}_{\mathrm{map}}$
  • Definition 3: Rollback-Safety Game $\mathbf{G}_{\mathrm{roll}}$
  • Theorem 1: Enumeration Resistance
  • proof : Proof sketch
  • Theorem 2: Mapping Integrity (Primary Instantiation: Option B)
  • proof : Proof sketch
  • Remark 3: Extended Instantiation: Option A
  • ...and 3 more