{"id":42215563,"url":"https://github.com/kewbish/kintsugi","last_synced_at":"2026-01-27T01:13:45.341Z","repository":{"id":263839651,"uuid":"865897628","full_name":"kewbish/kintsugi","owner":"kewbish","description":"A decentralized E2EE key recovery protocol.","archived":false,"fork":false,"pushed_at":"2025-07-30T04:20:30.000Z","size":479,"stargazers_count":30,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-11T00:36:30.046Z","etag":null,"topics":["e2ee","key-recovery","opaque","oprf"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kewbish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-01T10:12:00.000Z","updated_at":"2025-10-06T09:30:29.000Z","dependencies_parsed_at":"2024-11-20T15:48:33.141Z","dependency_job_id":null,"html_url":"https://github.com/kewbish/kintsugi","commit_stats":null,"previous_names":["kewbish/kintsugi"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kewbish/kintsugi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kewbish%2Fkintsugi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kewbish%2Fkintsugi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kewbish%2Fkintsugi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kewbish%2Fkintsugi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kewbish","download_url":"https://codeload.github.com/kewbish/kintsugi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kewbish%2Fkintsugi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28795047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T01:07:07.743Z","status":"ssl_error","status_checked_at":"2026-01-27T01:07:06.974Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["e2ee","key-recovery","opaque","oprf"],"created_at":"2026-01-27T01:13:44.823Z","updated_at":"2026-01-27T01:13:45.321Z","avatar_url":"https://github.com/kewbish.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kintsugi\n\nA decentralized, P2P implementation of the Kintsugi key recovery protocol.  \nBuilt in Rust, with Tauri, React, and libp2p.  \nReleased under the [MIT License](./LICENSE).  \nWritten by [Emilie Ma](https://kewbi.sh).\n\nFull paper available [on arXiv](https://arxiv.org/abs/2507.21122).\n\n---\n\nKey recovery is the process of regaining access to an account or end-to-end encrypted data in the case of device loss but not password loss. Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust by relying on servers administered by a single provider. This can be problematic for applications requiring metadata privacy or wanting to avoid a single party controlling user identities, for example. We propose Kintsugi, a decentralized recovery protocol that distributes trust over multiple recovery nodes, which could be servers run by independent parties, or end users in a peer-to-peer setting. To recover a user's keys, a threshold $t$ of recovery nodes must assist the user in decrypting a shared backup. Kintsugi is password-authenticated and protects against offline brute-force password guessing without requiring any specialized secure hardware. Kintsugi can tolerate the failure of up to a threshold $t$ of honest-but-curious colluding recovery nodes, as well as $n - t - 1$ offline nodes, and operates safely in an asynchronous network model where messages can be arbitrarily delayed.\n\n## Demo\n\nThis Kintsugi implementation is accompanied by a demo Tauri app using React as a frontend and libp2p in the backend. This demo app is intended as a research preview and is not production-ready.\n\nhttps://github.com/user-attachments/assets/32c89eb8-3aac-4015-aa36-e7ec3641cd30\n\n- See [`web/`](./web) for the React frontend.\n- See [`src/`](./src) for the Rust backend.\n  - See [`src/main.rs`](./src/main.rs) for the libp2p network communication and Tauri app. The other modules in [`src/`](./src/) contain the various types and handlers required.\n  - See [`src/kintsugi_lib/`](./src/kintsugi_lib/) for the library implementation. In particular, see [`opaque.rs`](./src/kintsugi_lib/opaque.rs) for the OPRF exchange and [`dpss.rs`](./src/kintsugi_lib/dpss.rs) for the dynamic proactive refresh.\n  - Each module's associated tests can be found in the [`src/kintsugi_lib/`](./src/kintsugi_lib/) directory and can be run via `cargo test`.\n\nTo run the app:\n\n- Clone this repository and run `cargo install`.\n- Start the React Vite server with `cd web/ \u0026\u0026 npm install \u0026\u0026 npm run dev`.\n- From the root of this repository, run `cargo run BOOTSTRAP 0`, `cargo run BOOTSTRAP 1`, etc. until `cargo run BOOTSTRAP 4`, which will start the default bootstrap nodes.\n- Then, run `cargo run`, which will open the main Tauri app window.\n\n## Caveats\n\nSome non-essential aspects of the protocol have not been fully implemented in this prototype. These include:\n\n- ZKP for the Paillier-encrypted values used in [Yurek et al., 2022](https://eprint.iacr.org/2022/971.pdf) — we use [ChaCha20Poly1305](https://docs.rs/chacha20poly1305/latest/chacha20poly1305/index.html) for this implementation instead.\n- Degree-checking of the ACSS polynomial.\n- Reliable broadcast — we use libp2p's [request-response](https://docs.rs/libp2p-request-response/latest/libp2p_request_response/) behaviour instead.\n- Multi-valued Validated Byzantine Agreement to agree on DPSS refresh subsets.\n- Recovering persisted (bootstrap) node state after closing a node.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkewbish%2Fkintsugi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkewbish%2Fkintsugi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkewbish%2Fkintsugi/lists"}