Vauchi DocsContact Recovery Sequence
Interaction Type: π€ + βοΈ MIXED (In-Person Vouching + Remote Distribution)
When a user loses all devices, they can recover their contact relationships through social vouching. Existing contacts vouch for the user in-person, and the recovery proof is distributed remotely via relay.
Participants
- Alice - User who lost their device
- Alice's New Device - Fresh install, new identity
- Bob, Charlie, Betty - Alice's contacts who will vouch
- John, David - Alice's contacts who will receive recovery proof
- Relay - WebSocket relay server
Overview
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PHASE 1: Vouching (In-Person) β
β β
β β
β βββββββββββββββββββββββββββββββββββ βββββββββββ ββββββββββ β
β β β β β β β β
β β β β β β β β
β β Bob β β Charlie β β Betty β β
β β Vouch β β Vouch β β Vouch β β
β β β β β β β β
β ββββββββββββββββββ¬βββββββββββββββββ ββββββ¬βββββ ββββββ¬ββββ β
β β β β β
β β β β β
β βββββββββββββββββββββββββββββ΄ββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββ β
β β β β
β β β β
β β Alice (new) β β
β β Threshold: 3 vouchers β β
β β β β
β ββββββββββββββββββ¬βββββββββββββββββ β
β β β
ββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β
β
ββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β PHASE 2: Distribution (Remote) β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββ β
β β β β
β β β β
β β OHTTP Gateway β β
β β (strips client IP) β β
β β β β
β βββββββββββββββββββββββββββββββββββ β
β β β
β β β
β βββββββββββββββββββββββββββββ¬ββββββββββββββββ¬ββββββββββββββββββββββββ β
β β β β β β
β βΌ βΌ βΌ βΌ β
β βββββββββββββββββββββββββββββββββββ βββββββββββ ββββββββββ ββββββββββββββββββββββββββββ β
β β β β β β β β β β
β β β β β β β β β β
β β Relay β β John β β David β β Others β β
β β Stores proof under hash(pk_old) β β Accept β β Verify β β Discover via relay query β β
β β β β β β β β β β
β βββββββββββββββββββββββββββββββββββ βββββββββββ ββββββββββ ββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Note: All clientβrelay traffic in Phase 2 is routed through an OHTTP gateway per ADR-037. The detailed sequence diagrams below omit the gateway hop for clarity β they describe the protocol layer, not the transport. Operationally, the relay never sees client IP addresses; the gateway never sees request content.
Phase 1: In-Person Vouching
βββββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββ βββββββ
β Alice (Lost Device) β β Alice New Device β β Bob's Device β β Bob β
ββββββββββββ¬βββββββββββ βββββββββββ¬βββββββββ βββββββββ¬βββββββ ββββ¬βββ
β β β β
β Install Vauchi on new device β β β
βββββββββββββββββββββββββββββββββββΆ β β
β β β β
β βββββ β β
β β β Create new identity (pk_new) β
β βββββ β β
β β β β
β I had identity pk_old β β β
βββββββββββββββββββββββββββββββββββΆ β β
β β β β
β βββββ β β
β β β Store recovery claim: pk_old β pk_new β
β βββββ β β
β β β β
β Generate recovery QR β β β
βββββββββββββββββββββββββββββββββββΆ β β
β β β β
β βββββ β β
β β β Create recovery claim QR β
β βββββ β β
β β β β
β β ββββββββββββββββββββββββββ β
β β β QR contains: β β
β β β - type: recovery_claim β β
β β β - old_pk: pk_old β β
β β β - new_pk: pk_new β β
β β β - timestamp β β
β β ββββββββββββββββββββββββββ β
β β β β
β Display recovery QR β β β
βββββββββββββββββββββββββββββββββββ β β
β β β β
β β β Scan Alice's recovery QR β
β β βββββββββββββββββββββββββββββββββββββββ
β β β β
β β βββββ β
β β β β Decode recovery claim β
β β βββββ β
β β β β
β β βββββ β
β β β β Lookup pk_old in contacts β
β β βββββ β
β β β β
β β βββββ β
β β β β Found: "Alice" with pk_old β
β β βββββ β
β β β β
β β β Alice claims device loss β
β β βββββββββββββββββββββββββββββββββββββββΆ
β β β β
β β β Show Alice's stored name & photo β
β β βββββββββββββββββββββββββββββββββββββββΆ
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββ
β β β Bob verifies Alice is physically present β
β β ββββββββββββββββββββββββββββββββββββββββββββ
β β β β
β β β Yes, this is Alice, I confirm β
β β βββββββββββββββββββββββββββββββββββββββ
β β β β
β β βββββ β
β β β β Create voucher β
β β βββββ β
β β β β
β β β βββββββββββββββββββββββ β
β β β β Voucher: β β
β β β β - old_pk β β
β β β β - new_pk β β
β β β β - voucher_pk (Bob) β β
β β β β - timestamp β β
β β β β - Ed25519 signature β β
β β β βββββββββββββββββββββββ β
β β β β
β β Send voucher to Alice β β
β ββββββββββββββββββββββββββββ β
β β β β
β βββββ β β
β β β Store Bob's voucher (1 of 3) β
β βββββ β β
β β β β
β Bob vouched for you (1/3) β β β
βββββββββββββββββββββββββββββββββββ β β
β β β β
β βββββββββββββββββββββββββββββββββββββββββ β
β β Alice now has 1 voucher, needs 2 more β β
β βββββββββββββββββββββββββββββββββββββββββ β
β β β β
ββββββββββββ΄βββββββββββ βββββββββββ΄βββββββββ βββββββββ΄βββββββ ββββ΄βββ
β Alice (Lost Device) β β Alice New Device β β Bob's Device β β Bob β
βββββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββ βββββββ
Collecting Multiple Vouchers
ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββ
β Alice New Device β β Charlie's Device β β Betty's Device β
βββββββββββ¬βββββββββ βββββββββββ¬βββββββββ ββββββββββ¬ββββββββ
β β β
βrect [rgb(240, 248, 255)]βββββ β
β β β β β
β β Show recovery QR β β β
β βββββββββββββββββββββββΆ β β
β β β β β
β β βββββ β
β β β β Verify pk_old is contact "Alice"
β β βββββ β
β β β β β
β β Send voucher β β β
β βββββββββββββββββββββββ β β
β β β β β
β βββββ β β β
β β β Store Charlie's voucβer (2 of 3) β
β βββββ β β β
β β β β β
β β βββββββββββββββββββββ β
β β β Alice meets Betty β β
β β βββββββββββββββββββββ β
β β β β β
βββββββββββββββββββββββββββββββ β
β β β
βrect [rgb(240, 255, 240)]ββββββββββββββββββββββββββ
β β β β β
β β Show recovery QR β β
β ββββββββββββββββββββββββββββββββββββββββββββΆ β
β β β β β
β β β βββββ
β β β β β Verify pk_old is contact "Alice"
β β β βββββ
β β β β β
β β Send voucher β β
β ββββββββββββββββββββββββββββββββββββββββββββ β
β β β β β
β βββββ β β β
β β β Store Betty's voucher (3 of 3) β β
β βββββ β β β
β β β β β
βββββββββββββββββββββββββββββββββββββββ β β
β THRESHOLD MET: 3 vouchers collected β β β
βββββββββββββββββββββββββββββββββββββββ β β
β β β β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β β
βββββ β β
β β Create recovery proof β
βββββ β β
β β β
β βββββββββββββββββββββββββββββββββββββ β
β β Recovery Proof: β β β
β β - old_pk β β β
β β - new_pk β β β
β β - threshold: 3 β β β
β β - vouchers: [Bob, Charlie, Betty] β β
β βββββββββββββββββββββββββββββββββββββ β
β β β
βββββββββββ΄βββββββββ βββββββββββ΄βββββββββ ββββββββββ΄ββββββββ
β Alice New Device β β Charlie's Device β β Betty's Device β
ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββ
Phase 2: Remote Distribution
ββββββββββββββββββββ βββββββββ βββββββββββββββββ ββββββββββββββββββ
β Alice New Device β β Relay β β John's Device β β David's Device β
βββββββββββ¬βββββββββ βββββ¬ββββ βββββββββ¬ββββββββ ββββββββββ¬ββββββββ
β β β β
β Upload recovery proof β β β
ββββββββββββββββββββββββββββΆ β β
β β β β
β βββββ β β
β β β Store under key: hash(pk_old) β β
β βββββ β β
β β β β
β Stored β β β
ββββββββββββββββββββββββββββ β β
β β β β
β ββββββββββββββββββββββββββββ β β
β β Proof stored for 90 days β β β
β ββββββββββββββββββββββββββββ β β
β β β β
β β Batch query for contact recovery proofs β β
β ββββββββββββββββββββββββββββββββββββββββββββββ β
β β β β
β β β ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β β β Query: [hash(pk1), hash(pk2), hash(pk_old), ...] β
β β β ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β β β
β β Found proof for hash(pk_old) β β
β ββββββββββββββββββββββββββββββββββββββββββββββΆ β
β β β β
β β βββββ β
β β β β Decode recovery proof
β β βββββ β
β β β β
β β βββββ β
β β β β Verify: pk_old is contact "Alice"
β β βββββ β
β β β β
β β βββββ β
β β β β Check vouchers for mutual contacts
β β βββββ β
β β β β
β β βalt [Haβ β
β β β β β β
β β β βββββ β
β β β β β Bob is my contact
β β β βββββ β
β β β β β β
β β β βββββ β
β β β β β Charlie is my contact
β β β βββββ β
β β β β β β
β β β βββββ β
β β β β β 2 mutual vouchers β₯ threshold
β β β βββββ β
β β β β β β
β β β βββββ β
β β β β β High confidence recovery
β β β βββββ β
β β β β β β
β β β[No Mutβ€ β
β β β β β β
β β β βββββ β
β β β β β No vouchers are my contacts
β β β βββββ β
β β β β β β
β β β βββββ β
β β β β β Cannot verify - meet Alice in person
β β β βββββ β
β β β β β β
β β βββββββββ β
β β β β
β β Query for recovery proofsβ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β β β
β β Found proof for Alice β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΆ
β β β β
β β β βββββ
β β β β β Check vouchers: Bob, Charlie, Betty
β β β βββββ
β β β β
β β β βββββ
β β β β β None are David's contacts
β β β βββββ
β β β β
β β β βββββ
β β β β β Warning: Unknown vouchers
β β β βββββ
β β β β
β β β βββββ
β β β β β Options: Meet in person / Verify another way / Accept anyway
β β β βββββ
β β β β
βββββββββββ΄βββββββββ βββββ΄ββββ βββββββββ΄ββββββββ ββββββββββ΄ββββββββ
β Alice New Device β β Relay β β John's Device β β David's Device β
ββββββββββββββββββββ βββββββββ βββββββββββββββββ ββββββββββββββββββ
Data Structures
Recovery Claim QR
{
"type": "recovery_claim",
"old_pk": "Ed25519 public key (lost)",
"new_pk": "Ed25519 public key (new)",
"timestamp": "2026-01-21T10:00:00Z"
}
Voucher
{
"old_pk": "Alice's old public key",
"new_pk": "Alice's new public key",
"voucher_pk": "Bob's public key",
"timestamp": "2026-01-21T10:05:00Z",
"signature": "Ed25519 signature of above fields"
}
Recovery Proof
{
"old_pk": "Alice's old public key",
"new_pk": "Alice's new public key",
"threshold": 3,
"vouchers": [
{ /* Bob's voucher */ },
{ /* Charlie's voucher */ },
{ /* Betty's voucher */ }
],
"expires": "2026-04-21T10:00:00Z"
}
Security Properties
| Property | Mechanism |
|---|---|
| In-Person Vouching | Vouchers must physically verify the person |
| Threshold Security | Requires N vouchers (configurable, default 3) |
| Mutual Contact Verification | Recipients verify via contacts they trust |
| Relay Privacy | Relay stores proof under hash, learns nothing |
| Replay Prevention | Timestamps, signatures, 90-day expiry |
| Attack Detection | Conflicting claims trigger warnings |
Related Features
- Contact Exchange - Original key exchange
- Device Linking - Recovery not needed if devices linked
- Sync Updates - How reconnected contacts sync