DeadSerious

If something happened to you tonight, who gets your passwords, photos, or crypto? Dead Serious is a digital dead-man switch that protects your secrets until it’s time to pass them on.

Comment

DeadSerious — Zero-Knowledge Digital Inheritance Vault

Inspiration

In today's world, our most valuable assets are digital — passwords, crypto wallets, personal documents, private videos. Yet there is no truly secure and privacy-first way to pass them on after death.

Most existing solutions:

  • Notify emergency contacts immediately
  • Rely on centralized trust
  • Store sensitive data in ways that companies can technically access

We wanted to build a system that behaves like a real will:

  • Private while you're alive.
  • Unlocked only after you're gone.
  • Accessible only through distributed trust.

That idea became DeadSerious.

What It Does

DeadSerious is a zero-knowledge digital inheritance vault.

It allows users to:

  • Encrypt sensitive data client-side
  • Split the encryption key using Shamir's Secret Sharing
  • Designate secret nominees (who are not notified while the user is alive)
  • Set a check-in frequency to prove they are still alive
  • Trigger a dead-man's switch if check-ins stop
  • Require all nominees to collaborate to reconstruct the master key

The server never sees plaintext or the reconstructed key.

How We Built It

Frontend

  • JavaScript
  • React (Vite)
  • TailwindCSS
  • WebCrypto API — for AES-256-GCM encryption
  • secrets.js-grempe — for Shamir's Secret Sharing

Backend

  • Node.js + Express

Storage

  • PostgreSQL — vault metadata, nominee status, and check-in tracking
  • AWS S3 — encrypted file storage

Core Architecture

Vault content is encrypted client-side using AES-256-GCM. The master encryption key is split into fragments using Shamir's Secret Sharing. Encrypted vault data is uploaded to S3. PostgreSQL stores vault metadata, nominee information, check-in timestamps, and unlock status. A dead-man's switch mechanism checks for missed check-ins. Once triggered, nominees are notified and must collaborate to reconstruct the key.

At no point does the server have access to the decrypted content.

Challenges We Ran Into

  • Coordinating client-side encryption with backend state — ensuring the encrypted blob and the metadata stayed in sync without ever exposing raw key material to the server.
  • Managing secure file uploads to S3 — streaming ciphertext through a presigned URL pipeline while preserving end-to-end encryption guarantees.
  • Designing the dead-man's switch logic cleanly — handling edge cases like network outages, delayed check-ins, and partial nominee responses without false triggers.
  • Ensuring key fragments were handled securely — preventing fragments from being logged, cached, or accidentally serialized server-side.
  • Balancing security with 24-hour time constraints — carefully scoping features to ensure a working demo while preserving core cryptographic guarantees.

Accomplishments We're Proud Of

  • Successfully implemented true client-side AES encryption
  • Integrated Shamir's Secret Sharing for distributed trust
  • Built a working dead-man's switch mechanism
  • Achieved a genuine zero-knowledge design
  • Delivered a fully functional end-to-end demo in 24 hours

Most importantly, we built a system where secrets stay secret until mathematically unlocked.

What We Learned

  • Security is about reducing trust assumptions — every party you don't have to trust is an attack surface eliminated.
  • Distributed key management is more powerful than centralized control — no single node, not even ours, can unlock a vault alone.
  • Client-side encryption drastically changes threat models — the server becomes a blind courier, not a custodian.
  • Simplicity is critical when building cryptographic systems under time pressure — complexity is the enemy of correctness.
  • We also learned how to clearly communicate security design decisions to non-technical audiences.

What's Next for DeadSerious

Feature Description
Configurable threshold schemes Support flexible $k$-of-$n$ configurations (e.g., 2-of-3 nominees required)
Verifiable death confirmation Automated, auditable confirmation workflows that don't rely on self-reporting
Multi-factor nominee auth Require nominees to prove identity before receiving their key fragment
Hardware-backed key storage Leverage secure enclaves (TPM, Secure Enclave) for fragment protection
Formal threat modeling Penetration testing and adversarial analysis of the full cryptographic pipeline
Legal estate planning integration Tie digital inheritance to legally recognized estate documents

Our long-term goal is to build a secure digital legacy platform people can truly trust — one where the math does the trusting, so you don't have to.

Built With

Share this project:

Updates