Paper 2022/1729

Acsesor: A New Framework for Auditable Custodial Secret Storage and Recovery

Abstract

Custodial secret management services provide a convenient centralized user experience, portability, and emergency recovery for users who cannot reliably remember or store their own credentials and cryptographic keys. Unfortunately, these benefits are only available when users compromise the security of their secrets and entrust them to a third party. This makes custodial secret management service providers ripe targets for exploitation, and exposes valuable and sensitive data to data leaks, insider attacks, and password cracking, etc. In non-custodial solutions (utilized by some password managers and cryptocurrency wallets), the users are in charge of a high-entropy secret, such as a cryptographic secret key or a long passphrase, that controls access to their data. While these solutions have a stronger security model, the obvious downside here is the usability: it is very difficult for people to store cryptographic secrets reliably. We present Acsesor: a new framework for auditable custodial secret management with decentralized trust. Our framework offers a middle-ground between a fully custodial and fully non-custodial recovery system: it enhances custodial recovery systems with cryptographically assured access monitoring and a distributed trust assumption. In particular, the Acsesor framework distributes the recovery process across a set of (user-chosen) guardians. However, the user is never required to interact directly with the guardians during recovery, which allows us to retain the high usability of centralized custodial solutions. By allowing the guardians to implement flexible user-chosen response policies, Acsesor can address a broad range of problem scenarios in classical secret management solutions. Finally, we also instantiate the Acsesor framework with a base protocol built of standard primitives: standard encryption schemes, commitment schemes, and privacy-preserving transparency ledgers.