Social Recovery with DIDs on Chia: Securing Your Digital Identity

Key Takeaways

• Chia DIDs support built-in social recovery through guardian DIDs and a configurable verification threshold
• Recovery works through on-chain message verification — guardians create signed attestations that authorize a new key
• To create a DID via RPC with backup DIDs, you must already have access to at least one existing DID
• Guardian selection strategy determines both your security strength and your ability to recover access when you need it
• Testing the full recovery workflow before an emergency is the single most important step most people skip

Article Summary: Social recovery with DIDs on Chia lets you restore access to a lost blockchain identity without a seed phrase. You designate trusted guardian DIDs in advance, and when you need to recover, those guardians each create a signed attestation approving your new key — once you collect enough approvals to meet your threshold, you execute a recovery spend that transfers control to the new key while preserving your DID’s identity.

Losing access to your blockchain identity can mean losing everything — your assets, your credentials, your entire on-chain history. Traditional recovery depends on seed phrases that can be lost, stolen, or simply forgotten years later. Chia Network offers a smarter path through decentralized identifiers (DIDs) with social recovery built directly into the protocol.^1,2,3

Unlike Ethereum’s social recovery wallets that require a separate smart contract deployment and ongoing gas fees,^5,6 Chia’s DID social recovery operates at the protocol level through Chialisp smart coins. The recovery mechanism lives inside your identity’s puzzle structure from the moment you create it,^2,4 so there’s no extra infrastructure to manage and no third party to trust.

What Is Chia DID Social Recovery?

Social recovery replaces the single point of failure in a traditional seed-phrase system with a distributed trust network.^6,7 Instead of one secret that anyone who finds it can use, you designate a group of trusted guardians. Those guardians must work together — meeting a minimum threshold you define — before any recovery can happen.^1,2

Ethereum’s Vitalik Buterin, who helped popularize the concept, put it this way: “The basic idea is to have a multisig smart contract where some set of keys can together authorize transactions.” Chia takes the same core idea and builds it directly into the DID standard, removing the smart contract overhead entirely.^5,6

Understanding Decentralized Identifiers (DIDs) on Chia

A Chia DID is a singleton smart coin that represents your on-chain identity.^2,4 Following the CHIP-0004 standard,⁴ DIDs give you a verifiable digital identity that you own and control without relying on any centralized authority. Each DID functions as a programmable identity container holding your ownership information, recovery parameters, and optional metadata — all of it enforceable on-chain.

The DID inner puzzle (did_innerpuz.clvm) contains several key components: your public key for signing transactions, a RECOVERY_DID_LIST_HASH that stores only the hash of your guardian list (not the full list, preserving your privacy), the number of verifications required for recovery, and a metadata field for optional identity attributes.^2,4 This structure lets your DID evolve over time — through key rotations, guardian updates, and metadata changes — while maintaining a provable ownership history through the singleton lineage.

How Social Recovery Works on Chia

Chia’s social recovery mechanism works through on-chain message verification baked into the DID coin structure.^2,4 The outermost singleton layer ensures your DID is unique and can never be duplicated. The middle layer holds the DID inner puzzle containing your recovery logic. The innermost layer is your ownership puzzle controlled by your private key.

When you create a DID with social recovery, you specify backup DIDs and the minimum number of verifications required.^1,3 These parameters get hashed into your DID’s puzzle hash, making them cryptographically bound to your identity. Guardian DIDs can belong to trusted friends, family members, colleagues, hardware wallets in separate locations, or any combination you choose.

Recovery works through on-chain attestations. If you lose your primary key, guardians each create a signed attestation message approving a new key for your DID.^1,3 These attestations use ASSERT_COIN_ANNOUNCEMENT conditions in Chialisp to verify on-chain that each guardian DID has approved the recovery. Once you collect enough valid attestations to meet your threshold, you execute a recovery spend that reassigns control to your new key while preserving your DID’s singleton identity and entire history.

Setting Up Social Recovery for Your Chia DID

Good social recovery starts during DID creation, not after something goes wrong.^1,3 The guardian configuration you set becomes cryptographically locked into your identity. Getting this right from the start protects you; setting it up carelessly can leave you with a false sense of security.

Choosing Guardian DIDs

Your guardian selection determines both how hard it is for an attacker to take over your DID and how easy it is for you to recover it if something goes wrong.^6,7 Every guardian must have their own established DID that they fully control.^2,3 That could be a friend’s wallet DID, a hardware wallet DID in a secure location, or a trusted family member’s identity — but it must be a real, on-chain DID, not a placeholder.

The strongest guardian setups mix different relationship types so that no two guardians know each other well enough to collude.^6,7 Think immediate family, long-term friends, professional contacts, and your own backup devices. This diversity makes coordinated attacks extremely unlikely while giving you multiple paths to recovery if any single guardian becomes unavailable.

The threshold number you set defines how many guardians must cooperate for recovery.^1,3 A 3-of-5 setup is a solid starting point for most people — losing two guardians doesn’t block recovery, but three of your five guardians would still have to collude to take over your DID against your will. Higher thresholds are harder to attack but harder to execute if guardians become unreachable. Lower thresholds are easier to execute but more vulnerable to small-scale collusion.

Important Prerequisite: You Need an Existing DID First

There is one important thing to know before you run the RPC command to create a new DID with guardian DIDs: the create_new_wallet RPC requires that backup_dids already exist on the blockchain. If you don’t yet have any DIDs, you must first create one using the CLI command (chia wallet did create), which does not require pre-existing backup DIDs. Once that first DID exists, you can use it as a guardian when creating additional DIDs via the RPC.¹

Code Example: Creating a DID with Social Recovery

# First-time users: create your first DID via CLI (no backup_dids required)
chia wallet did create -n My_First_DID

# Once you have existing DIDs, create a new DID with social recovery via RPC
chia rpc wallet create_new_wallet '{
  "wallet_type": "did_wallet",
  "did_type": "new",
  "amount": 1,
  "backup_dids": [
    "did:chia:1abc...guardian1",
    "did:chia:1def...guardian2",
    "did:chia:1ghi...guardian3",
    "did:chia:1jkl...guardian4",
    "did:chia:1mno...guardian5"
  ],
  "num_of_backup_ids_needed": 3,
  "fee": 10000000
}'

# Response includes your new DID
{
  "my_did": "did:chia:1xyz...yourDID",
  "success": true,
  "type": 8,
  "wallet_id": 2
}

# Verify DID creation and guardian configuration
chia wallet did get_details -id did:chia:1xyz...yourDID

# Output shows recovery configuration
# DID:                    did:chia:1xyz...yourDID
# Recovery List Hash:     4bf5122f...recovery_hash
# Recovery Required Verifications: 3

The amount parameter sets 1 mojo (the minimum) to fund your DID coin.^1,3 The optional fee covers blockchain confirmation priority. Once confirmed, your DID exists as a singleton that maintains its identity through every future spend, including recovery operations. Note that guardian DIDs must already be confirmed on the blockchain — you cannot use DID addresses that don’t yet exist.^2,4

Chia DID Social Recovery Configuration Guide

The Recovery Process: Step by Step

When you lose access to your primary DID key, recovery requires coordinating with your guardian DIDs to collect enough attestations and then execute a recovery spend on-chain.^1,3 The process has three phases: re-linking your DID wallet, collecting guardian attestations, and completing the recovery spend.

Step 1: Re-link Your Lost DID Wallet

The first thing to do after losing access is re-link the DID to your current wallet. You need the DID’s ID, launcher ID, or latest coin ID — this information is public blockchain data, so it can be retrieved separately from your private key. Use the find_lost CLI command or the did_find_lost_did RPC to reconnect the DID to your wallet:^1,3

# Re-link the lost DID to your current wallet using the DID ID
chia wallet did find_lost -id did:chia:1xyz...yourDID

# Response confirms the latest coin ID was found
# Successfully found lost DID did:chia:1xyz...yourDID, latest coin ID: 618a2eee...

# Alternatively, use the RPC:
chia rpc wallet did_find_lost_did '{"coin_id": "did:chia:1xyz...yourDID"}'

# Response:
# {
#   "latest_coin_id": "618a2eee48b111517cbd4f8d11889dc78396c9bcbad11c135dcbedb12f60b58b",
#   "success": true
# }

Step 2: Gather the Information Guardians Need

After re-linking your DID wallet, you need to collect the current coin information your guardians will use to create their attestations. Get the coin ID and inner puzzle hash from your wallet, then pass this information to each guardian through a secure out-of-band channel.^1,3 Never share recovery data through public channels or easily intercepted messaging.

# Get the current coin ID for your DID
chia rpc wallet did_get_did '{"wallet_id": 2}'
# Response includes "coin_id" — this is the coin_name guardians need

# Get the inner puzzle hash (did_innerpuz)
chia rpc wallet did_get_current_coin_info '{"wallet_id": 2}'
# Response includes "did_innerpuz" — this is the puzhash guardians need

# Get your new public key (for the key you want to recover TO)
chia keys show
# Copy the Master public key value

Guardian Attestation

Each guardian uses their own DID wallet to create an attestation that cryptographically approves transferring your DID to a new public key.^1,3 They run this on their own machine using the values you sent them securely:

# Guardian creates attestation (run on guardian's machine, using their wallet)
chia rpc wallet did_create_attest '{
  "wallet_id": 3,
  "coin_name": "0x44a3e90a...your_coin_id",
  "pubkey": "af8024892a...your_new_master_pubkey",
  "puzhash": "0xb83b62a2...your_did_innerpuz"
}'

# Response contains the attest_data string
# {
#   "attest_data": "6a8d474f...full_attest_string",
#   "success": true
# }

# Guardian saves the attest_data string to a file and sends it back to you
echo "6a8d474f...full_attest_string" > guardian1_attest.txt

The attestation data contains an on-chain proof that cannot be forged — it mathematically verifies that a specific guardian DID has approved the recovery of your specific DID to your specific new key.^1,3 Guardians send this data back to you through the same secure channel you used to share the recovery information.

Code Example: Completing the Recovery Spend

Once you have collected the threshold number of attestation strings from your guardians, you submit them together in a single did_recovery_spend call. For a 3-of-5 setup, that means three guardian attestations:^1,3

# Execute recovery spend with collected attestation data strings
chia rpc wallet did_recovery_spend '{
  "wallet_id": 2,
  "attest_data": [
    "6a8d474f...guardian1_full_attest_string",
    "7b9e585g...guardian2_full_attest_string",
    "8c0f696h...guardian3_full_attest_string"
  ],
  "fee": 10000000
}'

# Response confirms recovery transaction was submitted
# {
#   "spend_bundle": {...},
#   "success": true
# }

# Verify recovered DID control after confirmation
chia wallet did get_details -id did:chia:1xyz...yourDID

# Your DID now operates under the new key
# The singleton ID and DID identifier remain completely unchanged
# Guardian configuration persists unless you explicitly update it

The recovery spend creates a new coin for your DID with updated ownership while preserving the entire singleton lineage.^2,4 This maintains continuity of your identity — NFTs, credentials, and associations linked to your DID remain valid because the DID identifier is derived from the launcher ID, not the current puzzle hash.^11,12

Chia vs Ethereum Social Recovery: A Technical Comparison

Both Chia and Ethereum support social recovery, but the underlying architectures are quite different. Understanding those differences helps you make an informed choice about which approach fits your needs.^5,6,14

Ethereum’s account abstraction approach (ERC-4337) gives developers more flexibility for custom guardian logic and gasless transactions through bundlers.^5,6 But that flexibility adds complexity and introduces more potential attack surfaces. Argent wallets, for example, combine on-chain guardians with optional cloud-backed key recovery, trading some decentralization for a smoother user experience.⁷

Chia’s coin model limits attack surfaces by design. Each DID operates independently — a bug in one DID’s puzzle has no effect on any other DID on the network.^2,14 Ethereum’s shared smart contract architecture means a single vulnerability can potentially affect every user of the same wallet implementation, as DeFi history has demonstrated many times.¹⁴

Best Practices and Security Considerations

Implementing social recovery well goes far beyond running the right commands.^6,7 The real security comes from your choices: who your guardians are, how you communicate with them, and whether you test everything before you actually need it.

Guardian Selection Strategy

The strongest guardian networks balance the risk of collusion against the risk of unavailability.^6,7 Never select guardians who are closely connected to each other. A parent and a sibling who live together could both be affected by the same home intrusion. A group of work colleagues could all be subject to the same legal action. Mixing relationships — family, old friends, colleagues, professional contacts — makes coordinated action against you extremely difficult.

Geographic distribution adds another important security layer.^7,15 If all your guardians live in the same country, a single legal order could potentially reach all of them simultaneously. Spreading guardians across different jurisdictions dramatically raises the coordination cost for any adversary.

Mix human guardians with hardware wallet backups for resilience. Human guardians offer flexibility and judgment calls, but people change phone numbers, move, and drift out of contact.^6,7 A hardware wallet stored in a safe or safety deposit box is reliably available but can’t make decisions. Using both types gives you redundancy — if human guardians are temporarily unreachable, a well-placed hardware wallet backup can still authorize recovery alongside other guardians.

Testing Your Recovery Setup

Never assume your recovery configuration works without actually testing it.^7,15 Create a test DID on the Chia testnet with minimal value, configure the same real guardians you’d use in production, and walk through the entire recovery flow end to end. This surfaces configuration errors, communication friction with guardians, and any technical misunderstandings before real assets are at risk.

# Testing protocol for recovery validation (use testnet first)
# 1. Create a test DID with real guardian DIDs
chia wallet did create -n Test_Recovery_DID
# Then update recovery list via did_update_recovery_ids RPC to add actual guardians

# 2. Document all parameters and guardian contact methods
# 3. Simulate key loss (remove the wallet config, don't delete keys yet)
# 4. Execute full recovery process with real guardian coordination
# 5. Verify successful recovery and note any friction points
# 6. Update your procedures based on lessons learned
# 7. Repeat annually or after any guardian configuration change

Schedule a recovery drill at least once a year or whenever your guardian configuration changes.^7,15 Guardian contact information drifts — people change email addresses, phone numbers, and devices. Regular testing confirms your recovery network is still functional and that your guardians still understand their role and know how to perform an attestation.

Common Pitfalls to Avoid

The most dangerous assumption you can make is that having social recovery configured automatically means you’re protected.^6,7 Poorly chosen guardians create vulnerabilities worse than a well-managed seed phrase. Using family members who all live together means a single incident could compromise multiple guardians at once. Naming a company or custodial service as a guardian introduces the risk that the organization won’t cooperate — or may not exist — when you need help years later.

Updating your recovery list requires executing a did_update_recovery_ids transaction that modifies your DID’s recovery list hash.^1,2 If you make this change without notifying your guardians, their stored coin and puzzle hash information may be out of date, rendering their old attestations invalid. Always coordinate recovery list updates with every guardian and confirm they have current information.

Protect your guardians against social engineering. An attacker who learns your guardian DIDs might attempt to impersonate you and ask those guardians to approve a fraudulent recovery.^7,8 Establish a simple verification procedure with each guardian ahead of time — a shared passphrase, a specific question only you two know the answer to, or a requirement to confirm through a second communication channel. This makes it genuinely difficult for anyone to trick your guardians into helping a fake recovery.

Example Recovery Configurations

Personal Use — Multi-Device + Social Setup: For an individual protecting a meaningful NFT collection or DeFi position, a 5-guardian configuration with a 3-of-5 threshold works well for most people. Distribute guardianship across two hardware wallets stored in separate secure locations, two trusted people in different cities, and one close family member. This configuration tolerates two unavailable guardians while requiring three to act together for any recovery — authorized or unauthorized.^1,2

Institutional Use — Treasury and DAO Protection: Organizations managing significant on-chain assets should consider a 7-of-10 or higher configuration. Spread guardianship across core team members, board advisors, legal representatives, and geographically distributed cold storage devices. This provides institutional-grade security with enough tolerance for personnel changes and device failures without compromising recovery capability.^1,2

Conclusion

Social recovery with Chia DIDs changes digital identity security from a single fragile secret into a distributed network of trust.^1,2,6 By building recovery mechanics directly into the protocol through Chialisp smart coins,^2,4 Chia eliminates the complexity and cost of Ethereum’s contract-based approach^5,6 while preserving strong on-chain security through the isolated coin model.¹⁴ The result is a recovery system that’s genuinely useful in the real world — not just theoretically available.

The technology is only part of the equation. The real security comes from thoughtful guardian selection, clear communication with those guardians, and proactive testing before you ever need the recovery flow to work under pressure. Configure your DIDs with a diverse, geographically spread set of guardians. Test the recovery workflow end to end. Keep your guardian contact information current. These habits turn social recovery from a checkbox into a genuine safety net.

Ready to take action? Start by identifying three to five potential guardians who meet the criteria above. Create a test DID on the Chia testnet and walk through the full recovery process with those real guardians. Once you’re confident the process works, bring that same setup to your production DIDs. Your future self will be glad you did.

Chia DID Social Recovery FAQs

What is Chia DID social recovery and how does it protect my identity?

Chia DID social recovery is a guardian-based system that lets a group of trusted DIDs collectively restore your access to a lost blockchain identity without requiring your original seed phrase.^1,2 Rather than relying on a single secret that anyone who finds it can use, social recovery distributes control across multiple guardians who must cooperate to reach your verification threshold before any recovery can proceed.

How many guardians do I need for Chia DID social recovery?

There is no fixed requirement, but a 5-guardian setup with a 3-of-5 threshold provides strong protection for most individual use cases.^6,7 This configuration tolerates two unavailable guardians while requiring at least three to act together for any recovery — protecting against both accidental loss and deliberate collusion by a small group.

Can I change my Chia DID social recovery guardians after creation?

Yes — you can update your guardian DIDs by executing a did_update_recovery_ids transaction that changes your DID’s stored recovery list hash.^1,2 This requires that you still have control of your current key. After updating, notify all guardians and make sure they have current coin and puzzle hash information for future attestations.

What happens if one of my Chia DID social recovery guardians loses access to their DID?

Losing a single guardian doesn’t block recovery as long as your threshold is set appropriately.^1,6 In a 3-of-5 configuration, for example, losing two guardians still leaves three functional guardians who can authorize recovery together — which is exactly why choosing your threshold thoughtfully at setup time is so important for long-term security.

How does Chia DID social recovery compare to Ethereum social recovery wallets?

Chia DID social recovery is built directly into the protocol through Chialisp smart coins, while Ethereum social recovery requires deploying a separate smart contract wallet like Argent or Safe.^5,6 This means Chia recovery typically involves lower fees, no relayer dependencies, and a simpler attack surface — though Ethereum’s contract-based approach offers more flexibility for custom guardian logic and gasless transaction options.¹⁴

Chia DID Social Recovery Citations

1. Chia Network — DID RPC Documentation: https://docs.chia.net/did-rpc/
2. Chialisp.com — DIDs Standard and Source Code: https://chialisp.com/dids/
3. Chia Network — DID CLI Reference: https://docs.chia.net/did-cli/
4. Chia Network GitHub — CHIP-0004 DID Standard: https://github.com/Chia-Network/chips/blob/main/CHIPs/chip-0004.md
5. Mitosis University — Intro to Social Recovery Wallets (Safe, Argent, and ERC-4337): https://university.mitosis.org/intro-to-social-recovery-wallets-safe-argent-and-erc-4337/
6. Vitalik Buterin — Why We Need Wide Use of Social Recovery Wallets: https://vitalik.eth.limo/general/2021/01/11/recovery.html
7. Dynamic — Recovery Methods in Wallets: An Overview: https://www.dynamic.xyz/blog/recovery-methods-in-wallets-an-overview
8. Decrypt — Is Social Recovery the Answer to Losing Your Seed Phrase?: https://decrypt.co/143433/is-social-recovery-answer-losing-your-seed-phrase
9. Chia Network — Official Documentation Home: https://docs.chia.net/
10. Chia Network — About Page: https://www.chia.net/about/
11. Chia Network — NFT Introduction Guide: https://docs.chia.net/guides/nft-intro/
12. Chia Developers — Minting NFTs With RPC: https://devs.chia.net/guides/nft-rpc/
13. Chia Network — RPC Overview: https://docs.chia.net/rpc/
14. Medium — Chia: Bitcoin 2.0 for the Cypherpunk Generation: https://medium.com/@dracattusdev/chia-bitcoin-2-0-for-the-cypherpunk-generation-f7c8ccff747b
15. Vocal Media / Trader — Social Recovery for Crypto: Never Lose Your Funds Again: https://vocal.media/trader/social-recovery-for-crypto-never-lose-your-funds-again