Serverless wallet recovery must balance portability, usability, and privacy. Public registries enable decentralized lookup but naive identifier hashing leaks membership through enumeration. We present VA-DAR, a keyed-discovery protocol for ACE-GF-based wallets that use device-bound passkeys for day-to-day local unlock while supporting cross-device recovery using only a user-provided identifier (e.g., email) and a single recovery passphrase. As a discovery-and-recovery layer over ACE-GF, VA-DAR inherits ACE-GF's context-isolated, algorithm-agile derivation substrate, enabling non-disruptive migration to post-quantum algorithms at the identity layer. The design introduces a decentralized discovery-and-recovery layer that maps a privacy-preserving discovery identifier to an immutable content identifier of a backup sealed artifact stored on a decentralized storage network. Concretely, a user derives passphrase-rooted key material with a memory-hard KDF, domain-separates keys for artifact sealing and discovery indexing, and publishes a registry record keyed by a passphrase-derived discovery identifier. VA-DAR provides: (i) practical cross-device recovery using only identifier and passphrase, (ii) computational resistance to public-directory enumeration, (iii) integrity of discovery mappings via owner authorization, and (iv) rollback/tamper detection via monotonic versioning and artifact commitments. We define three sealed artifact roles, two update-authorization options, and three protocol flows (registration, recovery, update). We formalize security goals via cryptographic games and prove, under standard assumptions, that VA-DAR meets these goals while remaining vendor-agnostic and chain-agnostic. End-to-end post-quantum deployment additionally requires a PQ-secure instantiation of registry authorization.

翻译：无服务器钱包恢复必须在可移植性、可用性和隐私性之间取得平衡。公共注册表支持去中心化查找，但简单的标识符哈希会通过枚举泄露成员身份。本文提出VA-DAR，这是一种基于ACE-GF钱包的密钥发现协议，该协议使用设备绑定的通行密钥进行日常本地解锁，同时仅通过用户提供的标识符（如电子邮件）和单个恢复口令即可支持跨设备恢复。作为构建于ACE-GF之上的发现与恢复层，VA-DAR继承了ACE-GF的上下文隔离、算法灵活的派生基础架构，从而能够在身份层实现向后量子密码算法的无中断迁移。该设计引入了一个去中心化的发现与恢复层，它将一个隐私保护的发现标识符映射到存储在去中心化存储网络上的备份密封工件的不可变内容标识符。具体而言，用户通过内存硬化的密钥派生函数（KDF）派生基于口令的密钥材料，为工件密封和发现索引进行域分离密钥，并发布一个由口令派生的发现标识符作为密钥的注册表记录。VA-DAR提供：（i）仅使用标识符和口令即可实现的实用跨设备恢复；（ii）对公共目录枚举的计算抵抗能力；（iii）通过所有者授权保证发现映射的完整性；（iv）通过单调版本控制和工件承诺实现回滚/篡改检测。我们定义了三种密封工件角色、两种更新授权选项和三种协议流程（注册、恢复、更新）。我们通过密码学游戏形式化定义了安全目标，并在标准假设下证明VA-DAR在保持供应商无关和链无关的同时满足这些目标。端到端的后量子密码部署还需要注册表授权的后量子安全实例化。