This is a very interesting proposal, and I think it could be a very powerful primitive. It’s great to see it being published as an EIP.

If I have one question, it’s whether there are known requirements for creating a proof of a HWT, e.g. what cryptographic schemes need to be supported etc. Is there reference documentation for this? For example, is there an implicit dependency on a zk implementation of say the OIDC spec?

This is really interesting. I’m curious about the vision for the guardians.

One may set multiple OIDC identities(e.g. Google Account, Facebook Account) as guardians to minimize the centralization risk introduced by the identity provider.

Does this imply the ability to roll up multiple JWT proofs into a single proof? For example, if I had a wallet where I wanted to set up 3 guardians and require a 2/3 threshold of valid JWTs as a precondition for recovery, is that feasible with this approach? It seems critical to enforce a minimum of 2 JWT signatures for this to effectively minimize centralization risk, but I’m not sure if this is one of your design goals.

Supporting the mode with multiple OpenID to recover one account is one of our goals, not only to ensure the recovery is decentralized enough but also to provide better security. The way to achieve this is quite flexible though. We can either aggregate the proof off-chain or we can simply implement the multi-sig logic on-chain and do verification for each proof separately.