Security First, Privacy Always
Every layer of Dead Man's Proof is designed to protect your data. From encryption at rest to zero-retention inference, privacy is not a feature. It is the foundation.
Five layers of privacy
Data never leaves your vault
Only cryptographic hashes are committed onchain. Raw data stays server-side, encrypted at rest with AES-256-GCM. No one sees your private information.
AI evaluation with zero data retention
Venice AI enforces zero data retention at the infrastructure level. Sealed data enters the model, the attestation comes out, and nothing persists. No logging, no training, no copies.
Multi-agent verification
No single point of trust. Multiple AI agents independently evaluate claims against sealed data. Consensus across agents strengthens attestation confidence.
ZK proofs for simple claims
For straightforward numerical and boolean claims, zero-knowledge proofs remove AI trust entirely. Mathematical certainty, no inference required.
On-chain audit trail
Every attestation is published to Base mainnet as a tamper-proof record. Once sealed and attested, the result is permanent. No one can alter or delete it.
Defense in depth
Prompt Injection Defense
5 layers of protection- ✞Input sanitization strips injection patterns before queries reach the model
- ✞Role isolation separates system instructions from untrusted user input
- ✞Hardened system prompt with explicit rules that cannot be overridden
- ✞Output scanning detects and replaces any leaked private data tokens
- ✞Query length limits (500 chars) prevent payload stuffing attacks
Data Leak Detection
Token-level scanning- ✞Private data is tokenized into significant fragments before evaluation
- ✞AI reasoning output is scanned for any matching tokens from the sealed data
- ✞Common words are filtered out to reduce false positives
- ✞If two or more significant tokens are detected, the reasoning is replaced with a safe generic response
Encryption at Rest
AES-256-GCM envelope encryption- ✞Every vault gets a unique Data Encryption Key (DEK), 256-bit random
- ✞DEKs are wrapped with a master Key Encryption Key (KEK) using AES-256-GCM
- ✞96-bit initialization vectors and 128-bit authentication tags per operation
- ✞Key rotation requires only re-wrapping DEKs, not re-encrypting all data
Access Control
Per-vault permissions- ✞Public vaults: anyone can submit queries
- ✞Allowlisted vaults: only specified addresses can query
- ✞Token-gated vaults: hold a specific token to gain access
- ✞Private vaults: only the depositor can initiate queries
On-chain verification
Every attestation published permanently
Hash commitments and verdicts stored in the DeadMansVault contract
Source code readable on Basescan
Full source, ABI, and constructor args publicly available
Agent identity standard
AI agent registered with verifiable onchain identity
Agent commerce protocol
Trustless escrow for agent-to-agent and agent-to-user interactions
What we don't store
No raw private data on our servers. Data is held in-memory only during evaluation, then discarded.
No AI training on your data. Venice AI enforces zero data retention at the infrastructure level.
No copies of your documents. Once evaluation completes, the decrypted plaintext is garbage collected.
No logs of query content. Questions and answers are published onchain, not stored in application logs.
Contract security
Foundry tests passing
Comprehensive test suite covering deposits, queries, attestations, access control, and edge cases.
Checks-effects-interactions
All state-changing functions follow the checks-effects-interactions pattern to prevent reentrancy.
Access control
Every state-changing function is gated. Only the authorized agent wallet can publish attestations.
Reentrancy protection
State updates occur before external calls. No callback vulnerabilities in the attestation flow.
Trust the code.
Privacy is not a promise. It is an architecture. Read the source, inspect the contract, verify the proofs.