[saltcured]

I wonder if the actual desire is to be able to buy a set of cloned keys. I.e. instead of having each key be unique, be able to buy a set of N keys with identical private key. Or the ability to create such a set yourself with a special initialization sequence. This would give you your high-availability backup, but means you cannot revoke the first key if lost. So it seems like you'd really have to trust the other hardware protections and PIN/lock features if misuse of a lost/stolen key is a concern.

Periodically, I try to think if there is some other expected UX you might want that is somehow neither cloned nor independent keys. Like some hybrid of secret-sharing and group key schemes. Have a set of N keys which know about each other and can act individually to authenticate for the same identities, including for new identities enrolled by any key in the group, as in the case of a cloned key. But, include some capability for k out of N keys to "vote out" a member from the group in order to revoke the lost key and prevent it from authenticating any of the identities in the future.

I am not a cryptologist, but I can't really imagine any crypto mechanism to actually produce this combination of effects. A fully distributed group registration and authentication effect during normal use, so enrollment via one key can be followed by authentication using another. But at the same time, allowing ejection a member from the group to prevent future misuse. I can only imagine this as a protocol, where every authentication for the group would have to consult some centralized ledger or revocation list for the group membership. It could be decentralized/federated in a sense, but would require some kind of online check with the "latest" ledger state for a given key group.