Skip to main content
Free for every Substrate 2 customer. Recovery Vault protects any key in your deployment — encryption keys and signing keys — at no additional charge. There is no separate licence to buy.
Recovery Vault protects keys; Records Vault preserves records. They share a word and nothing else — Recovery Vault is threshold key recovery (this page); Records Vault adds RFC-3161 timestamping, a read-access log, and legal holds for regulated health/legal records. Most teams run both.

What it is

Recovery Vault is threshold custody for the keys you can’t afford to lose — starting with the one whose loss is catastrophic: the master key that decrypts your Verifiable Archive. It splits a key into Shamir k-of-n shares — any k of them reconstruct it, while any k − 1 reveal nothing — so a single lost or destroyed share never locks you out, and no single holder can use your key. What it protects — and why it matters differs by key type:
  • Encryption keys (e.g. the Verifiable Archive ML-KEM master key) — loss means permanent data loss. Here recovery is essential.
  • Signing keys (e.g. your Substrate 2 receipt / agent-passport / federation keys) — loss would otherwise force you to rotate and re-establish trust. Recovery preserves identity continuity, so counterparties keep trusting your established public key.
By default it is pure self-custody: every share is yours and AlgoVoi holds nothing. Optionally, you can enable support-assisted recovery, in which AlgoVoi holds exactly one share — mathematically insufficient to decrypt anything on its own — so our support team can contribute that one share to a break-glass recovery if you lose your own, without ever being able to read your data alone.

Threshold custody

Shamir k-of-n: any k shares rebuild the key, fewer reveal nothing. Lose a share — or a whole custodian — and you still recover. No single point of loss, no single point of compromise.

Nobody decrypts with a fraction

Default: AlgoVoi holds nothing. Opt-in support recovery: AlgoVoi holds one share, which is below threshold — it is not your key and cannot recover or read your data on its own.

Post-quantum

Your data stays sealed with ML-KEM-1024 + AES-256-GCM, and the recovery envelope is Falcon-1024 signed — so its parameters and recipient set are tamper-evident into the post-quantum era.

Audited primitives

The split uses SLIP-39 — the audited SatoshiLabs Shamir secret-sharing reference implementation — over a 256-bit data key. No homegrown cryptography.

What you get

  • Survive a lost key. A destroyed laptop, a forgotten passphrase, a departed employee — none of these has to mean losing access to years of encrypted records. Recover from any k of n shares.
  • Resilience without escrow. Threshold custody means no single person or box — not even AlgoVoi — can decrypt your data. The opposite of handing a vendor a master key.
  • Optional break-glass help. Opt in and AlgoVoi support can contribute its single share if you’re ever stuck below threshold — assistance that still can’t read your data.
  • Post-quantum and offline. The same ML-KEM-1024 + AES-256-GCM that protects the archive; recovery needs only the shares and the (non-secret) envelope — no AlgoVoi service to call.
  • Free with Substrate 2. Included in the Verifiable Archive package at no extra charge.

How it works

StepWhat happens
SplitThe archive master key is sealed under a random 256-bit data key (AES-256-GCM); that data key is Shamir-split into n shares with a recovery threshold of k (SLIP-39).
DistributeYou hold the shares — across your own people, sites, or hardware. Optionally, one share is encrypted to AlgoVoi’s published recovery key and embedded in the envelope (support-assisted, opt-in).
RecoverGather any k shares → reconstruct the data key → unseal the master key. The recovered key is checked against a sealed sentinel before it is ever used.
The envelope (the wrapped key + parameters) is not secret — it cannot be opened without k shares — so you can store it alongside the archive. Break-glass: if you lose shares down to fewer than k, AlgoVoi can contribute its single share on a verified request — enough to reach the threshold only in combination with your remaining shares.

Recovery flow

There are two ways to get your key back — which one you use depends only on how many shares you can gather:
  • Self-recovery (no AlgoVoi involved). Gather any k of your own shares, hand them to a fresh vault, and the master key is reconstructed. If you keep k shares yourself, you never need anyone else — this is the normal path.
  • Assisted break-glass (opt-in). If you’ve lost shares down to fewer than k and you enabled support-assisted recovery, send AlgoVoi the non-secret envelope on a verified request. AlgoVoi unwraps its single share offline and returns it; combined with your remaining shares (k total) it reconstructs the key. AlgoVoi never sees your other shares and never sees your data — one share is below threshold and recovers nothing on its own.
Either way, recovery needs only the shares and the (non-secret) envelope — there is no AlgoVoi service to call — and the recovered key is always checked against a sealed sentinel before it is accepted. Run a periodic recovery drill so you know your shares actually reconstruct before you ever need them.

Custody model

  • Self-custody (default). All n shares are returned to you; AlgoVoi holds nothing.
  • Support-assisted (opt-in). AlgoVoi holds exactly one share. One share is below threshold: it decrypts nothing and cannot recover your data alone. AlgoVoi publishes only a recovery public key; its matching secret is itself Shamir-split across separate AlgoVoi officers, so no single person — at AlgoVoi or anywhere — can use it. Before opting in, verify AlgoVoi’s published recovery-key fingerprint: c8655d786306af53.
  • You choose k and n. A common shape is 2-of-3: keep two shares yourself (self-recover any time) and let AlgoVoi hold one (assists only if you lose one of yours).

Cryptography

  • Post-quantum at rest. Documents stay sealed with ML-KEM-1024 + AES-256-GCM — identical to the Verifiable Archive. Recovery never weakens that.
  • Signed envelope. The recovery envelope is Falcon-1024 signed (NIST Level 5), so its threshold parameters and the support-share fingerprint are tamper-evident.
  • Audited threshold split. The key is divided with SLIP-39 (Shamir secret sharing, the audited SatoshiLabs reference implementation) over a 256-bit data key — a standard, not a homegrown scheme.
  • Checked before use. A recovered key must match a sealed sentinel before it is accepted, so a wrong or tampered recovery fails closed.

Integrate it

Recovery Vault drops into an existing AlgoVoi setup with minimal change — it runs beside your services and holds the keys, so your application barely changes:
  1. Run the appliance. Deploy the sealed container on your own host, bound to loopback, with an unlock secret and API token supplied from your secret manager.
  2. Register your keys. Generate a fresh archive (encryption) or signing keypair in the vault, or import a key you already use. A 2-of-3 recovery is emitted automatically — distribute the shares to your own custodians.
  3. Use it in place. Your services request the key from the vault over loopback when they need it — to decrypt a Verifiable Archive or sign a receipt. If a key is ever lost, recover it from any two shares: self-service, or with AlgoVoi’s one inert share for break-glass.
Nothing else changes — not your receipt formats, your chains, or your existing keys. Recovery Vault wraps the keys you already use. The full API and deployment steps ship with the appliance.

Who it’s for

  • Anyone running Verifiable Archive who cannot afford to lose access to encrypted records.
  • Regulated teams that need a defensible key-recovery story without vendor escrow — a common hard requirement in security reviews.
  • Operators who want threshold custody of the master key across their own trustees, sites, or hardware.

Get Recovery Vault

Recovery Vault is a sealed, client-deployed appliance, free for every Substrate 2 customer — there is no separate licence. It ships with the Verifiable Archive and protects any key in your deployment: enable it when you set up your archive keys, or register any other Substrate 2 signing key for threshold recovery.

Set up Verifiable Archive

Recovery Vault is included — set up your archive, then split your key for threshold recovery.

Talk to us

Planning custody across trustees or an HSM? We’ll help you choose k and n and a recovery drill.