The Kintity Protocol
A hardened, zero-knowledge framework for permanent storage and conditional release of digital assets. We architect so the service provider is never the point of failure.
The Zero-Knowledge Mandate
Kintity servers function as a high-availability storage layer. We store encrypted noise; the intelligence stays on your device.
Encryption lifecycle.
Every record follows the same three-step handover — client-side genesis, key wrapping, and a blind ciphertext transmission.
Client-Side Genesis
The browser or mobile app generates a per-record Data Encryption Key. Plain-text records are encrypted using AES-256-GCM locally before anything touches the network.
const dek = crypto.getRandomValues(new Uint8Array(32)); const result = await encrypt(plaintext, dek);
Key Wrapping
The DEK itself is wrapped using your Account Key Encryption Key. That KEK is derived from your credentials and device context, never stored in our database.
const wrappedDek = await wrap(dek, userKEK);
The Ciphertext Handover
Only ciphertext, nonce, tag, and wrapped DEK are transmitted to Kintity. Servers validate the request but remain blind to the content.
transmit({
payload: result.ciphertext,
metadata: { nonce, tag, wrappedDek }
})The Inheritance Logic
When a verified life event is confirmed, the protocol executes delivery of specific wrapped DEKs to designated beneficiaries.
Verification Layer
Multiple signals, from inactivity timers to legal triggers, must align before the inheritance cycle initiates.
Recovery Layer
Beneficiaries receive wrapped keys and use their own private material to unwrap and decrypt locally.
Ready to secure your legacy?
Join the growing community of families trusting the Kintity protocol.