Introduction
In this video, we will explore the account recovery solution called “Sneak Peek” (also referred to as “Pair”). Sneak Peek is a simple and secure account recovery system that aims to prevent users from losing their valuable assets due to accidental loss of cryptographic keys. We will delve into the user experience, developer integration, and the technology behind Sneak Peek.
User Experience
The user experience with Sneak Peek is designed to be seamless and user-friendly. When a user needs to recover their account, they can follow these steps:
- Open the account recovery interface.
- Enter the account’s PIN.
- Optionally, on Android devices, confirm access to the associated Google account.
- Once the PIN is verified, the user gains access to their account.
The goal is to provide a hassle-free recovery experience for users who have lost their devices or access to their accounts.
Onboarding new users is also straightforward:
- Create a new account.
- Set a PIN for the account.
- Opt-in for cloud backup.
- The system sets up the backup in the background.
- The user is ready to go with enhanced account protection.
The Sneak Peek solution eliminates the need for users to write down and store complex account keys, offering a simpler and more secure alternative.
Developer Integration
Developers can integrate the Sneak Peek account recovery system into their applications using the available SDK. Here’s an overview of the integration process:
- Create backup objects using the SDK.
- Store the backup objects securely.
- When needed, retrieve the backup object by providing the PIN.
- Utilize the backup for further processes, such as integrating with cloud storage services like Apple iCloud or Google Drive.
Developers have the flexibility to choose their preferred cloud storage solution while benefiting from the secure account recovery mechanism provided by Sneak Peek.
Security Model
The security model of Sneak Peek revolves around two essential factors for accessing a backup:
- Access to the user’s cloud storage account (e.g., Google Drive or iCloud). This serves as one factor of authentication, leveraging the security measures implemented by storage providers.
- Unlocking the backup requires the user’s PIN or password. Without the PIN or password, it is virtually impossible to brute force or bypass the backup’s encryption.
By combining these two factors, Sneak Peek ensures a robust and secure account recovery process. The system mitigates the risk of brute force attacks by utilizing a rate-limited mechanism and preventing unauthorized access to backups.
Technology Overview: Pith (Partial Information-Theoretically Secure Hardening)
The core technology behind Sneak Peek is Pith, which extends the Otis phone privacy system. Pith is a building block for key hardening, enabling secure account recovery. Here’s an overview of how Pith works:
- User-selected PINs or passwords are hardened using a one-way function that incurs computational costs. This hardening process prevents brute force attacks.
- Pith employs a five-of-seven threshold mechanism, where a blinded form of the PIN or password is evaluated and returned to the user for unblinding. This ensures privacy and prevents the exposure of sensitive information.
- The hardened key derived from the evaluation can be used for encryption and unlocking the user’s account during recovery.
Pith’s rate-limited key hardening service provides users with a secure way to generate a hardened key without revealing their original PIN or password. This technology is designed with flexibility in mind and can be utilized for various applications beyond account recovery.
Future Applications
The Sneak Peek team envisions multiple potential applications for the key hardening service. Some of the ideas include:
- Account generation via passwords, allowing the use of passwords as an alternative to PINs for account access and recovery.
- Two-factor authentication (2FA) integration, where the hardened key derived from Pith can be used as a second factor alongside traditional authentication methods like passwords or biometrics.
- Secure key storage, enabling users to securely store cryptographic keys for various purposes such as encryption, digital signatures, or authentication.
- Password management solutions, providing a secure and privacy-preserving mechanism for password storage and retrieval.
- Secure messaging and communication applications, where Pith can be utilized to protect message encryption keys and ensure secure communication channels.
- Secure storage of personal data, such as health records or financial information, ensuring that only authorized individuals can access and decrypt the data.
These potential applications demonstrate the versatility and flexibility of the Pith technology. By leveraging Pith’s partial information-theoretically secure hardening, developers can enhance the security and privacy of their applications while providing a seamless account recovery experience for users.
The Sneak Peek team is actively exploring these future applications and welcomes collaboration with developers and organizations interested in implementing Pith for their specific use cases.
Conclusion
Sneak Peek’s account recovery solution, powered by the Pith technology, offers a user-friendly and secure method for recovering lost accounts. By combining cloud storage authentication with a hardened PIN or password, Sneak Peek ensures that users can regain access to their accounts without compromising security. The Pith technology also holds promise for various other applications beyond account recovery, providing developers with a versatile tool for enhancing security and privacy in their applications.
As the Sneak Peek project continues to evolve, more features and improvements may be introduced to further enhance the user experience and strengthen security measures. Stay tuned for updates and new developments from the Sneak Peek team.