THREAT MODEL REPORT

Uncompromising Security

AlwaysThere assumes servers are compromised. We build exclusively on client-side encryption and decentralized consensus.

Interactive Sandbox

Zero-Trust Cryptography Simulator

Plaintext Input (Client-Side Only)

Click encrypt to initiate client-side math

Zero-Trust: Ciphertext uploaded; Plaintext never stored.

Client-Side AES-256-GCM

Your seeds, passwords, and documents are encrypted directly in your browser using the wildly standard WebCrypto API before any data is transmitted to an IPFS node. Even if our servers are fully breached, the attackers only recover cipher-text.

WebCrypto Subsystem Isolation
Ephemeral Memory Wipes post-encryption

const iv = window.crypto.getRandomValues(new Uint8Array(12));const encodedData = new TextEncoder().encode(plaintextSeed);// Payload is encrypted BEFORE leaving deviceconst encryptedBuffer = await window.crypto.subtle.encrypt({ name: "AES-GCM", iv }, keyMaterial, encodedData );

Immutable Smart Contracts

The protocol's heartbeat mechanism runs on Polygon smart contracts. These contracts are open-source, immutable, and strictly enforce the decay timers. Not even the protocol developers can alter your configuration or trigger a payout early.

Read Audit Reports

Trust Math, Not Humans.

Verify our cryptographic claims yourself. The code is entirely open-source, heavily audited, and designed for maximum paranoia.

View on GitHub Technical Whitepaper

Adversarial Threat Models

How we mitigate state-level actors, malicious insiders, and infrastructure collapse.

Scenario 1: Complete Database Breach

The Threat: Hackers compromise our backend database (MongoDB) and gain access to all records.

The Defense: They acquire nothing actionable. Our database only stores the IPFS hash (CID) pointing to your ciphertext payload and encrypted Shamir shares. Without your precise Decryption Key Sequence (which remains client-side), it is mathematically impossible to read your will.

Scenario 2: Malicious Validator Node

The Threat: A node operator attempts to prematurely release your inheritance or steal your data.

The Defense: The threshold signature scheme requires an m-of-n consensus. A single malicious node cannot recreate the key. Furthermore, the nodes don't have the final decryption key—they only hold encrypted shards meant strictly for the beneficiary's public wallet address.

Scenario 3: AWS / Server Takedown

The Threat: The core development team is coerced or physical servers are seized by authorities.

The Defense: Asset storage exists entirely on the decentralized IPFS network (via Storacha), secured by native Polygon smart contracts. The execution of the decay timer and release protocols occurs purely on-chain, requiring zero centralized infrastructure to execute successfully.