In some embodiments, a dedicated mobile app is implemented on the at least one second computing device 220 to allow, for example, recovery of the cryptographic keys when needed. Such dedicated mobile app, (e.g., dedicated “recovery” mobile app) may access data on the at least one second computing device 220 including at least portion of the cryptographic keys stored thereon, and chain code (e.g., to derive future child keys). The dedicated “recovery” mobile app may decrypt encrypted keys using the recovery private keys, compute master keys from decrypted at least portion of the cryptographic keys and/or derive all child keys from the master key. The dedicated “recovery” mobile app may output all private keys, for instance to a text file, for easy of use by the user of at least one second computing device 220.

In some embodiments, the at least a portion of the cryptographic key 206 is divided into ‘m’ segments, such that each segment may be encrypted using the recovery public key 204 (e.g., using any chosen plaintext attack (CPA) secure additive homomorphic scheme, such as homomorphic ElGamal encryption).

In some embodiments, the signing algorithm for the recovery private key 205 has the same generic elliptic curve function as for signing of the encrypted at least a portion of the cryptographic key 206. Using a “universal HD” property for the signing algorithm (e.g., all individual wallets keys may be derived from a single master key), it may be sufficient to have a single recovery private key 205 of the type of that master key. For example, use the widely used ‘Secp256k1’ key supported by OpenSSL. The signing algorithm may be chosen in accordance to the type of the respective key.