What Is Ledger Recover?

The crypto space can be daunting, especially when it comes to securing your assets. One of the biggest hurdles blockchain technology faces is its accessibility. For many, onboarding into the web3 space is no easy feat. Firstly, blockchain addresses are hexadecimal addresses, i.e long and complicated. This is just one barrier to understanding such technology. However, one of the most confusing aspects for any newcomer is the concept of private keys and Secret Recovery Phrases — and how they can keep that information safe.

Not all crypto users have the luxury of having a safe place to store their Secret Recovery Phrase, and some others might not be willing to accept the burden of protecting their secret recovery phrase alone. And unfortunately, there are many horror stories of people losing their recovery seed and therefore access to their wallet.To help these users, Ledger developed Ledger Recover: a way to create an encrypted backup for your Secret Recovery Phrase that only you can access, anytime, anywhere to keep your keys offline, and still recover them later.

What Is Ledger Recover?

Self-custody is the golden standard of crypto security and Ledger’s goal is to bring ease-of-use to it. In short, this service is all about making self-custody more convenient and less frightening.

Put simply, it is a back-up for the scenario when you don’t have access to your Secret Recovery Phrase but might need it. Hopefully, you won’t need to use it, but Ledger Recover brings you peace of mind should you ever find yourself in an unfortunate situation.

Ledger Recover allows you to enjoy all the benefits of self-custody when it comes to interacting with web3, allowing complete control over your assets on the go. But it also gives you the freedom to retrieve the access to your crypto wallet with your ID, just in case your Ledger device is lost or stolen and you no longer have your Secret Recovery Phrase.

But before we get into the specifics, let’s explore who Ledger Recover is for.

Who Is Ledger Recover For?

Put simply, Ledger Recover is for those who want to have a backup for their secret Recovery phrase. But why would you want a back-up?

To understand the thought behind it, you must first understand who it was made for. Ledger Recover was developed for users who want to securely restore their private keys regardless of wherever they are in the world or whatever they’re doing. It’s a completely paid optional service, designed to help users take custody of their assets, no matter their situation.

Previously, onboarding non-crypto native people into web3 was difficult. Protecting 12-24 special words is not a familiar way of protecting everyday assets. To combat this confusing layer of blockchain technology, Ledger Recover allows you to retrieve your funds using a familiar method: Identification.

But it’s not just for new users. Ledger Recover can also help those without a safe place to store their secret recovery phrase. Do you have housemates who you can’t trust around your valuables? Or do you live in a place prone to natural disasters? In these situations, looking after your recovery phrase may be more of a burden than not.

So now you know who it’s for, what about who it’s not for?

Well, if you believe third parties can not be trusted, Ledger Recover is probably not for you. If you fall into that category — don’t worry. You don’t need to opt in and you don’t need to subscribe–you can continue managing your Secret Recovery Phrase yourself. No changes were made to the security of Ledger products.

But for those who do want a back up of their Secret Recovery Phrase, Ledger Recover is the perfect solution.

How Does Ledger Recover Work?

For security, the fragmentation, encryption and decryption of your Secret Recovery Phrase happens on your Ledger device. Specifically, these functions occur within the Secure Element chip. To explain, inside each Ledger device, is a “small computer” chip called the Secure Element. This is one of the most secure computer chips in existence, also used in official passports and bank cards. So how does this process work? 

There are three integral steps in the Ledger Recover process: Encryption, Identity Verification and Decryption.

Encryption

When you subscribe to Ledger Recover, the secure element duplicates, encrypts and splits an encrypted version of the Secret Recovery Phrase, the entropy, into three fragments. You will need to physically consent through your device before it does that. These encrypted fragments will be sent through 3 independent secure channels to these fragments’ backup provider. The secure channel allows mutual authentication and avoids man in the middle attack. During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments. Each fragment is then secured by a separate and independent company in different countries: Coincover, Ledger and Escrowtech.

No single company has access to the entire backup, and each single fragment is completely useless by itself. This ensures the highest level of security and removes a single point of failure. Additionally, each fragment backup provider uses a hardened, tamper-resistant server called a Hardware Security Module (HSM) to securely store these encrypted fragments.

Identity Verification

Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your Secret Recovery phrase. The identity providers store this ID data in an encrypted form. This way, the service can verify who you are in the event of a Recovery request, but your private information stays private. This ensures you alone can Recover your private keys.

But why is Ledger using Identity verification? Isn’t that a KYC?To explain the ethos behind it, Ledger Recover uses ID verification because of our belief in self- custody and individual autonomy. To illustrate, your identity is under your control, as opposed to social Recovery which relies on another party. Then, a government ID is also accessible — most people in the world have one. Finally, ID verifications are less cumbersome than a full KYC process, and allow customers to only reveal the necessary personal information — and no more than that.

Decryption

The next step in the process is decryption. So you may be wondering “Do I have to enter my Secret Recovery Phrase into a new device?”

The answer is no! Your device will take care of that for you following the verified identification.When you want to restore your wallet, you initiate the Recovery from Ledger Live. You’ll have to login to your account and then go through 2 independent Identity verification processes. At this point, two of the three parties will send back their fragments to your Ledger device using the same Secure Channel mechanism. Once contained in the secure element, they are decrypted and reconstitute your Secret Recovery Phrase. This allows you to access your funds. If you sign up to Ledger Recover, it is possible to restore your account on any new Ledger device too. This means you stay protected, even if your device and the Secret Recovery Phrase go up in flames.

How Does Ledger Recover Stay Secure?

Ledger Recover is completely secure as you are the only person who owns your Secret Recovery Phrase, and the only person who has your complete Secret Recovery Phrase. Plus, Ledger Recover’s whole user flow is designed to prevent fraud. 

So how does it ensure users’ security?

Are These “Trusted Parties” Trustworthy?

There are several measures in place to assure the trustworthiness of Ledger Recover’s trusted parties. You’ll need to identify yourself twice to both Coincover and Ledger’s identity verification providers before you’ll be able to use the service. Furthermore, Recovery requests will systematically go through multiple manual identity verifications by independent agents in addition to automatic AI-assisted recognition. All of these aspects are designed to keep users safe from Recover’s trusted parties becoming compromised.

And How Do These Parties Store My Information: Is That Secure?

“Ledger is uncompromising on security, and that will never change” – Charles Guillemet Ledger CTO

Security is paramount to both Coincover and Ledger. As a result, all of Ledger Recover’s identity verification providers use multiple-encryption layers, with each party storing the encrypted fragments of your private key on Hardware Security Modules (HSMs). In short, these Hardware Security Modules are basically the same technology as the one in Ledger devices,but they use servers installed into data centers with more computation power.

Finally, Ledger Recover has undergone independent security audits to check and test its processes. That means you can rest assured that the encrypted fragments of your secret recovery phrase are in safe hands.

Can Ledger Recover Be Exploited To Steal My Secret Recovery Phrase?

Firstly, your Secret Recovery Phrase will never leave the Secure Element chip. Only encrypted fragments of it leave the device only if you choose to subscribe to Ledger Recover, and these fragments are useless alone. Even if a bad actor got hold of an encrypted fragment of your secret Recovery phrase, they wouldn’t be able to do anything with it. Even the most sophisticated hacker couldn’t reconstitute it!

Plus, your Ledger will only allow your Secret Recovery Phrase to leave the wallet as encrypted fragments when you give it permission. Setting up Ledger Recover requires you to enter a PIN and consent to starting the process on the device. Without your permission, the device will not (and cannot) fragment or send the encrypted fragments anywhere. That means if someone wants to exploit Ledger Recover to steal your secret recovery phrase, they would need to have your PIN in the first place, which would already give them access to your wallet.

However, should someone steal your funds using Ledger Recover, Coincover offers users $50,000 in compensation – That just goes to show the confidence in the product’s security.

How Can I Start Using Ledger Recover?

When it launches, you can start using Ledger recover via your Ledger Live app. From there, in the “My Ledger” section, you’ll need to create a Ledger Recover account, add a credit or debit card, verify your identity with our verification partner Onfido, and then proceed backing-up your Secret Recovery Phrase. Following that, you can rest assured that your Secret Recovery Phrase is safe to retrieve whenever you request it. 

It’s important to note that Ledger Recover is a paid optional service that protects your secret recovery phrase for $9.99 a month. However, you can also decide to unsubscribe  any time you like to and decide to manage your secret recovery phrase yourself.

For the time being, Ledger Recover is available to Ledger customers in EU countries, the UK, Canada, and the USA with a Ledger Nano X. However, it will become available to all Ledger customers in an increasing number of regions soon.

Does Ledger Recover Affect me?

Maybe you’re not sure about Ledger Recover, don’t want to subscribe, and are wondering how it affects you. If you already have a Ledger device with the new firmware update — fear not! Ledger Recover is a completely optional feature. If you already use a Ledger but would rather look after your Secret Recovery Phrase yourself — you can. Managing safely your own recovery phrase is still completely necessary  and recommended, by Ledger. For future Ledger Recover subscribers, if you ever want to unsubscribe, your Secret Recovery Phrase will become again your only way to access your wallet and your funds.  Although Ledger Recover is available on all existing Ledger Nano X devices, it must be activated via an explicit user consent on the hardware device. To learn more, make sure you check out the Ledger Recover FAQs. Only you have the choice as to how your keys are managed, and that is what true crypto self-custody is all about.