SELF-MASTERYWeeks to result

Pre-Rotation Private Key Recovery

Lock in your digital identity recovery path before you ever need it

Problem it solves

In decentralized identity systems, a lost or compromised private key causes permanent, unrecoverable loss of credentials and identity with no centralized fallback available.

Best for

Self-sovereign identity holders, Bitcoin self-custodians, and protocol developers who need decentralized key recovery without relying on any central authority or custodian.

Not ideal for

Users who prefer custodial identity solutions or are unwilling to manage cryptographic key material across multiple physically separated secure locations.

Overview

Why this framework exists

Pre-Rotation, popularized by the KERI protocol, resolves the catastrophic-loss problem inherent in decentralized identity systems. Before a primary private key is ever used, the holder generates one or more rotation keys and cryptographically commits to them in the key event log. If the primary key is later compromised or lost, the holder broadcasts a rotation event using a pre-generated backup key, invalidating the old key and establishing the new one. This mirrors Bitcoin multisig best practices: recovery capability is established proactively, not reactively. The cost is that losing all rotation keys alongside the primary leaves no recovery path, making custody hygiene across multiple separated locations non-negotiable.

Core principles

5 total
  1. Prepare recovery mechanisms before you need them, never reactively
  2. Pre-commit to rotation keys cryptographically before first use of the primary key
  3. Physical and logical separation between primary and rotation key storage is mandatory
  4. Match recovery complexity to the sensitivity of what the key controls
  5. Context determines the acceptable trade-off between convenience and recovery assurance

Steps

6 steps
  1. Generate your primary private key and establish your DID
    Create the primary cryptographic key pair that will serve as your decentralized identity anchor. This key controls your DID and authorizes all subsequent credential issuance and presentation.
    Pro tipGenerate keys offline on a hardware device wherever your threat model warrants maximum isolation.
  2. Generate pre-rotation key pairs before the primary key is used publicly
    Before the primary key is used for any public-facing operation, generate one or more backup rotation key pairs. These keys exist solely to replace your primary key if it is compromised or lost.
    Pro tipGenerate multiple staged rotation levels for deep fallback—if Rotation Key 1 is also compromised, Rotation Key 2 can still recover your identity.
    WarningNever generate rotation keys on the same device or at the same session as your primary key if your threat model includes device-level or session-level compromise.
  3. Commit pre-rotation key hashes to your key event log before first use
    Commit the cryptographic hash of your rotation keys into your protocol's key event log before the primary key is ever used publicly. This proves you controlled the rotation keys before any compromise occurred, preventing fraudulent rotation claims from an attacker.
    WarningRetroactive commitment—made after the primary key has been used—cannot prevent an attacker who already controls the primary key from submitting their own fraudulent rotation claim first.
  4. Store rotation keys in separated, secure custody
    Place rotation keys in geographically or custody-separated storage entirely apart from your primary key—hardware wallets, safety deposit boxes, trusted multisig participants, or institutionally held custody as warranted by your threat model.
    Pro tipTreat rotation key custody with the same rigor as a Bitcoin inheritance plan—someone trusted must be able to use them on your behalf if needed.
  5. Document and rehearse the rotation event broadcast procedure
    Write out the exact steps to broadcast a key rotation event and test them against a dedicated test DID before any real compromise forces live execution. Know precisely how to revoke the old key and establish the new controlling key.
    Pro tipRun an annual rotation drill on a test identity to ensure the procedure still works and all custody participants know their role under pressure.
    WarningA rotation procedure that has never been tested will likely fail when executed under the time pressure and stress of a live compromise event.
  6. Broadcast a rotation event immediately upon detected compromise
    When compromise is detected or credibly suspected, use a pre-rotated backup key to broadcast a rotation event that invalidates the old key and establishes the new controlling key across the network. Act before the attacker can issue fraudulent credentials using the compromised key.
    WarningA compromised primary key continues to be valid for credential issuance until the rotation event is confirmed by the network—broadcast immediately, do not delay to investigate first.

Checklist

Saved in your browser

Examples

2 cases
KERI Pre-Rotation in Practice

A developer establishes a DID using KERI and immediately generates two rotation keys, committing their hashes to the Key Event Log before any credentials are issued against the primary. Rotation keys are stored on separate hardware wallets in different physical locations. When the developer's laptop is later stolen, they broadcast a rotation event from one backup hardware wallet, invalidating the stolen primary key across the KERI witness network within hours.

OutcomeIdentity recovered without centralized authority; stolen key rendered useless; credentials re-bound to the new controlling key with no data loss.
Bitcoin Multisig as Recovery Analogy

A Bitcoin self-custodian maps pre-rotation logic onto a 2-of-3 multisig: one key for daily use, one in a home safe, one held by a trusted family member with a sealed recovery procedure. When the daily-use key is compromised, the remaining two keys authorize migration to a new wallet, preserving the full stack without any exchange or custodian involvement.

OutcomeFull fund recovery executed without any third-party intervention; attacker cannot access remaining funds without two additional keys they do not possess.

Common mistakes

3 traps
Storing rotation keys on the same device as primary
If rotation keys are created or stored on the same device as the primary key, a single device compromise defeats the entire recovery architecture. Physical and logical separation between primary and rotation key storage is mandatory, not optional, regardless of convenience cost.
Never rehearsing the rotation procedure
Pre-rotation keys that have never been used in a test rotation event create false confidence. The procedure must be practiced on a test identity before a real compromise forces live execution under time pressure and stress.
Losing all pre-rotated keys alongside the primary
Pre-rotation solves single-key loss, not total custody failure. Storing all keys in the same location eliminates every recovery path in a decentralized system that has no centralized support hotline to call.

Origin story

How this framework came to be

Drawn from the KERI (Key Event Receipt Infrastructure) protocol and described on TFTC, where it was cited alongside Bitcoin multisig as a model for proactive decentralized key recovery without any centralized fallback or support hotline.

Source

Traced to primary
Source · VIDEO
The Digital ID Trap Is Closing Faster Than You Think (your version, lock as-is) — TFTC
TFTC · 2026
Open source →

Related frameworks

Browse all Self-Mastery →