Deheritance uses military-grade security and zero-knowledge architecture to ensure your digital legacy remains private and accessible only to authorized beneficiaries.
Zero-Knowledge Architecture
Our zero-knowledge approach means:
- We never see your data: All encryption happens on your device before upload
- We can't access your vault: Even Deheritance staff cannot decrypt your files
- You control access: Only you and your beneficiaries can unlock vaults
- Privacy by design: No backdoors, master keys, or data mining
Client-Side Encryption
Your vault is protected with industry-standard encryption:
- AES-256-GCM: Military-grade authenticated encryption
- 12-byte IV: Unique initialization vector for each encryption
- Integrity protection: GCM mode detects any tampering
- SHA-256 checksums: Verify data integrity during decryption
Shamir Secret Sharing
Your encryption key is split using cryptographic secret sharing:
- 5 total shares: Key is divided into 5 pieces
- 3 threshold: Any 3 shares can reconstruct the key
- No single point of failure: Losing 1-2 shares doesn't prevent access
- Distributed storage: Shares can be stored in different locations
Post-Quantum Security
Future-proof protection against quantum computers:
- ML-KEM-768: Post-quantum key encapsulation mechanism
- NIST-approved: Based on standardized quantum-resistant algorithms
- Backward compatible: Works with current systems while protecting against future threats
- Optional protection: Add quantum security layer to your vault
Decentralized Storage
Your encrypted vaults are stored permanently:
- Blockchain storage: Data distributed across decentralized networks
- No single point of failure: Cannot be taken down or censored
- Permanent availability: Data exists as long as blockchain exists
- Immutable records: Once stored, data cannot be altered
Security Question Protection
Beneficiary verification uses strong cryptographic methods:
- PBKDF2-HMAC-SHA256: 210,000 iterations for brute-force resistance
- 16-byte random salt: Prevents rainbow table attacks
- 32-byte derived keys: Sufficient entropy for security
- Answer normalization: Consistent handling prevents false negatives
Privacy Guarantees
We protect your privacy through:
- Minimal metadata: Only essential information stored
- No tracking: No analytics or user behavior monitoring
- GDPR compliant: Full compliance with data protection laws
- Open source: Cryptographic implementations are auditable
Security Best Practices
Keep your vault secure with these recommendations:
- Secure key storage: Use hardware wallets or encrypted storage
- Distribute shares: Store fraction keys in separate locations
- Regular testing: Verify beneficiary access periodically
- Strong security questions: Use answers only beneficiaries know
- Backup procedures: Create redundant secure backups