Recovery

Goal:

Restore access to an identity when control keys are lost or compromised.

Inputs:

• identity_id
• recovery proof:
  • signature from recovery_key
  • or guardian signatures (2-of-3, etc.)
  • or institutional/issued recovery procedure
• new control key
• Recovery Key material (or equivalent recovery mechanism)
• Access to Vault backup (encrypted)

Steps:

1. Validate recovery proof
   • Check against recovery policy:
     • guardian_signatures >= threshold
     • or recovery_key signature
     • or other approved mechanism.
2. Update keys
   • Mark old control key as revoked.
   • Add new control key as active.
3. Rebuild keys_root` and recompute commitment (same as rotation).
4. Emit StateTransition with diff = "recovery".
5. Trees are recomputed; new identity_commitment is derived.
6. Recovery event is logged in identity_history and internal audit trail.

Outputs:

• New Control Keys
• Updated identity_commitment
• Preserved attributes and policies