AA Social Recovery / AA 社交恢复集成方案
This document defines the recommended integration between
and Morpheus .本文定义
与 Morpheus 的标准集成方案。Goal / 目标
Recover control of an Abstract Account with privacy-preserving social factors such as Twitter, GitHub, Google, Email, Binance, or OKX, without exposing raw Web2 identity data on-chain.
在不把 Web2 明文身份暴露到链上的前提下,允许用户通过 Twitter、GitHub、Google、Email、Binance、OKX 等社交或平台身份恢复 Abstract Account 控制权。
Recommended Model / 推荐模型
Use a dedicated AA custom verifier, for example
, instead of modifying the AA core contract.推荐新增一个独立的 AA 自定义验证器,例如
,而不是直接改 AA 核心合约。Why:
- already supports per-account custom verifiers through .
- Recovery logic remains isolated from the main wallet execution engine.
- NeoDID master nullifiers and action nullifiers map naturally to recovery factors and one-time recovery approvals.
- Oracle, NeoDID, and AA can all share one callback-oriented request model.
- AA integrations may publicly namespace a recovery identity as while still requiring a private NeoDID recovery ticket for actual authorization.
Component Roles / 组件职责
1. Morpheus Oracle
- Receives on-chain requests through
- Emits
- Relayer forwards the payload to the Phala worker
- Always fulfills the request with success or failure callback
2. NeoDID Worker
- Verifies confidential provider data inside the TEE
- For , verifies the JWT signature against Web3Auth JWKS inside the TEE and derives the stable DID root from token claims
- Derives:
- Signs a recovery ticket bound to a specific AA recovery round
3. MorpheusSocialRecoveryVerifier
- Stores allowed recovery factors as
- Stores used approvals as
- Verifies the Morpheus / NeoDID signature
- Applies threshold and timelock
- Switches recovery ownership to
4. Abstract Account
- Keeps using its existing interface:
- Delegates recovery authorization to the recovery verifier
Canonical Request Types / 标准请求类型
These request types can now be routed through the Morpheus oracle request pipeline:
This means AA recovery no longer needs a side-channel worker call. The preferred production path is:
这意味着 AA 恢复不需要旁路调用 worker。生产环境推荐路径是:
- User contract or recovery coordinator calls .
- Morpheus relayer routes the request to .
- TEE signs the recovery ticket.
- Callback stores or forwards the ticket to the AA recovery verifier flow.
Recovery Ticket Schema / 恢复票据结构
returns a signed result shaped like:What The Verifier Must Check / 验证器必须检查的内容
The AA recovery verifier should verify:
- is valid for
- signer public key matches the configured NeoDID/Morpheus verifier key
- has not passed
- matches the configured AA master contract
- matches the account being recovered
- matches the pending recovery target
- matches the current recovery round
- belongs to an allowed recovery factor
- has not already been used
AA 恢复验证器应验证:
- 对 有效
- 签名公钥等于预配置的 NeoDID/Morpheus verifier key
- 未过期
- 与当前 AA 主合约一致
- 与被恢复账户一致
- 与本次待恢复的新地址一致
- 与当前恢复轮次一致
- 属于允许的恢复因子集合
- 未被使用
Confidential Input Model / 隐私输入模型
Sensitive fields should be encrypted with the Morpheus Oracle public key and passed as
. If the ciphertext is too large for the chain request payload, store it first and pass instead.敏感字段应使用 Morpheus Oracle 公钥加密,并通过
传入。Example confidential patch:
Example on-chain request payload:
Large-JWT alternative:
Web3Auth As The DID Root / 用 Web3Auth 作为 DID 根身份
Recommended production model:
- users authenticate with Web3Auth
- multiple linked social providers still map to one stable Web3Auth user id
- NeoDID uses:
- the TEE verifies the JWT and derives the stable provider root internally
- , if sent at all, is only treated as an optional consistency check
- AA recovery verifiers only care about NeoDID tickets derived from that stable identifier
推荐生产模式:
- 用户先通过 Web3Auth 登录
- 多个社交账号在 Web3Auth 内部聚合成同一个稳定用户 id
- NeoDID 统一使用:
- TEE 在内部验证 JWT,并派生稳定的 provider 根标识
- 如果额外传入 ,它只作为可选一致性检查使用
- AA 恢复验证器只消费由这个稳定标识导出的 NeoDID 票据,不关心底层具体用了 Google、Email 还是 SMS
Recommended Recovery Lifecycle / 推荐恢复流程
Setup Phase / 初始化阶段
- User binds Web2 / exchange identities into NeoDID.
- User registers selected values into .
- User sets:
- threshold, for example
- timelock, for example
- recovery nonce start value
Recovery Phase / 恢复阶段
- User loses access to the original owner wallet.
- User chooses a new owner address .
- User requests one or more approvals through Morpheus Oracle.
- Each successful factor submits one ticket to the verifier.
- The verifier marks each as used and counts unique approved factors.
- Once threshold is reached, the verifier opens a pending recovery timelock.
- When timelock expires, the verifier finalizes the recovery and switches the verifier-side owner to .
- The recovered owner rotates AA admins/managers immediately.
Why This Is Better Than Dome-Only Recovery / 为什么优于仅 Dome 恢复
AA already has a dome + oracle inactivity path, but that path is best for inactivity unlocking, not for multi-factor identity recovery.
AA 现在已有 dome + oracle 的不活跃恢复通道,但那条路径更适合“不活跃后解锁”,不适合表达多因子身份恢复。
This NeoDID-based model adds:
- privacy-preserving factor commitments
- one-time recovery approvals via
- factor reuse prevention
- multi-provider thresholds
- recovery-round binding through
- portable TEE attestation and signature evidence
Security Rules / 安全规则
Do not ship this flow without:
- at least threshold for valuable accounts
- timelock
- post-recovery admin rotation
高价值账户不应使用单因子恢复。至少要有:
- 阈值
- timelock
- 恢复完成后的管理员轮换
Recommended AA-Side Contract Interface / 推荐的 AA 侧接口
Suggested verifier-side interface:
Integration Status In This Repo / 当前仓库里的实现状态
Implemented here:
- worker route:
- web proxy route:
- relayer routing support for
- on-chain callback envelope preservation for recovery ticket fields
Still belongs to the AA repository:
- concrete contract
- verifier deployment and live AA integration tests
- frontend recovery wizard inside