The Problem
You know something that matters. Maybe it's evidence of fraud. Maybe it's a personal history that would hurt people who are still alive. Maybe it's an idea you can't release yet. You want it preserved and eventually disclosed. But not now, and not on anyone else's terms.
Every existing solution fails at this. A safety deposit box requires a bank that stays solvent. A lawyer requires a firm that survives. A USB drive in a shoebox requires someone who remembers where the shoebox is. Google's Inactive Account Manager requires Google to keep caring about a feature with zero revenue. Each depends on an institution outlasting your timeline, and institutions are poor at that.
The question isn't whether we can encrypt data. The question is whether we can build a system where every actor can individually defect and the capsule still opens on schedule.
The Design
A vault has five components. Each one can fail independently without killing the system.
Permanent storage
The encrypted payload goes on Arweave, a blockchain designed for permanent data. You pay once. The endowment model prepays ~200 years of replication at declining cost curves. No subscription. No renewal. No leverage point for ransom.
Post-quantum encryption
The payload is encrypted with AES-256-GCM (quantum-resistant symmetric cipher). The AES key is wrapped with a hybrid scheme: X25519 (classical) + ML-KEM-1024 (NIST post-quantum standard). An attacker needs to break both. This is the same hybrid approach Signal and Chrome already use.
Distributed key custody
The wrapped key is split via Shamir's Secret Sharing into n shares, distributed to independent custodians who don't know each other. Any k-of-n can reconstruct the key. No single custodian can open it alone. No single custodian can block release by defecting. Shamir's scheme is information-theoretically secure. Quantum computers don't help.
Autonomous trigger
A smart contract monitors for a verified death event via decentralized oracle networks (Chainlink, etc.) that watch public death registries. On confirmation, a countdown begins -- configurable to any duration. When the timer expires, the contract signals key reconstruction. No human decision in the loop. An AI agent handles the dead man's switch: periodic check-ins, escalation on missed signals, beneficiary discovery at release time.
Zero-knowledge proof layer
Before encryption, the depositor generates ZK proofs (Groth16 or Plonk) over the plaintext. These proofs are stored alongside the ciphertext on Arweave and are publicly verifiable at any time. They attest to properties -- "this capsule contains financial records from 2025," "this capsule references entity X" -- without revealing the content. The depositor can credibly claim "I have the evidence" without opening the seal.
The Game Theory
Every system is only as strong as its weakest actor's incentive to defect. Here's how each player in the vault's game is constrained.
The Depositor
Wants: certainty of eventual release, privacy until then, no ability for anyone to tamper or suppress.
Fear: dying and the secret dying with them. Or the capsule leaking early.
Constraint: genuinely cannot open the capsule early. Doesn't hold enough shares. The smart contract is public -- anyone can verify the time-lock hasn't expired. Their inability is verifiable and protects them under duress.
The Custodians
Wants: minimal liability, minimal effort.
Fear: legal exposure from the contents, pressure from powerful parties to destroy their share.
Constraint: they don't know the other custodians. They don't know what the capsule contains. They may not even know they're holding a time capsule share -- it's just an encrypted blob. Bribery requires finding all k custodians, which requires knowing n identities that were never linked on-chain.
The Subjects
Wants: permanent suppression.
Fear: the capsule exists at all.
Constraint: the ciphertext is on Arweave and can't be deleted. The key is distributed across anonymous custodians they can't identify. The only remaining attack is breaking the encryption -- and the PQC layer closes that window for any computing architecture we can anticipate.
The Infrastructure
Wants: to continue existing.
Fear: irrelevance, collapse.
Constraint: redundancy. If Arweave dies, mirrored copies on Filecoin and cold storage persist. If the smart contract chain dies, the Shamir shares can be manually reconstructed. No single infrastructure failure kills the vault. A law firm has reputational incentive spanning centuries. A blockchain has no agency -- it either runs or it doesn't. A startup has every incentive to pivot away from a product with a 20-year payoff cycle. The design trusts math and redundancy, not business models.
Plausible Deniability
A vault that everyone knows exists is already a liability. Plausible deniability isn't a feature. It's a survival property.
Decoy capsules
Every deposit creates multiple encrypted blobs of identical size. One contains real content; the rest contain procedurally generated plausible decoy content. Different passphrases open different blobs. Under duress, the depositor reveals the decoy passphrase. An adversary cannot distinguish real from decoy without the real passphrase. This is a hidden volume scheme -- the same principle as VeraCrypt, applied to decentralized storage.
Unlinkable deposits
Each deposit uses a fresh pseudonymous wallet with no on-chain link to the depositor's identity. The wallet is funded through privacy-preserving transfers. There is no transaction trail connecting a person to a capsule.
Steganographic mode
For maximum deniability: embed the encrypted capsule inside innocuous files (images, documents, audio) uploaded to Arweave. The capsule's existence is hidden, not just its contents. You can't suppress what you can't find.
Anti-Hostage Design
Every hostage scenario comes from a chokepoint: a single party, a single key, a single payment channel. The design eliminates all of them.
- Trustee extortion ("pay me or I destroy my share"): Shamir's k-of-n means any individual share is disposable. A trustee who destroys their share has zero leverage if n is large enough.
- Storage ransom ("pay ongoing fees or we delete"): Arweave's endowment model has no renewal, no invoice, no leverage. Once stored, no party can hold the data hostage.
- Chain ransom ("gas fees spiked, pay up"): the trigger contract is pre-funded for execution at 100x current gas. Or deployed on a chain with fixed execution costs.
- Forced early opening ("decrypt it now"): the depositor genuinely can't. Not enough shares, time-lock unexpired, verifiable on-chain. Inability is the defense.
- The system as a weapon ("I deposited fabricated evidence about you"): this is the one scenario with no clean engineering fix. An unstoppable disclosure mechanism is also an unstoppable blackmail device. The same properties that protect a whistleblower enable a fabricator. Partial mitigation: ZK proofs at deposit time commit to content properties, making post-hoc fabrication detectable. But pre-fabrication remains possible.
What This Has to Do with Trust
The same cryptographic primitives that govern an AI agent's execution receipt also govern a dead man's last testimony. The math doesn't care about the timescale.
In Trust at Scale, the argument is that trust breaks down at scale because you can't personally verify every actor. The solution is cryptographic commitments -- receipts, audit trails, verifiable proofs. Agent execution protocols prove "this agent did X at time T" with a cryptographic receipt chain.
A vault is the same primitive stretched across decades instead of milliseconds.
- Receipt chain: an agent receipt proves "this agent did X at time T." A vault proves "this person deposited X at time T, to be revealed at T+N." Same commitment pattern.
- Trust without trusting actors: the book argues you design systems where individual actors can defect and the system still holds. A vault does exactly that: any custodian, any chain, any storage provider can fail, and the capsule still opens.
- ZK proofs: agent receipts prove compliance without exposing proprietary logic. A vault proves content properties without opening the capsule. Same technique, different domain.
- Accountability as infrastructure: the book's central argument. A vault makes accountability infrastructure for human disclosure -- not just machine execution.
If the accountability layer works for AI agents making API calls in milliseconds, it works for a whistleblower ensuring the truth outlives them by twenty years. One set of primitives. Every timescale. That's what "at scale" means.
What It Costs
The math favors the depositor.
- Arweave storage: a few cents for text documents. Under $10 for a substantial media archive. One-time.
- Smart contract deployment: under $5 on an L2. Under $500 on Ethereum mainnet.
- Key distribution: effectively free if custodians are personal contacts. Marginal cost if using institutional custodians.
- ZK proof generation: seconds of compute at deposit time. No ongoing cost.
- Total for the full stack: under $500 for a PQC-proof, ZK-verified, game-theoretically sound vault with a 20-year horizon. No subscriptions. Nothing to renew.
Compare this to a legal trust ($30,000-50,000 to self-sustain across decades) . The most robust version is also the cheapest.
What Gets Built First
A vault is not a product. It's a protocol. The distinction matters because a product can be shut down and a protocol can't.
The minimum viable protocol: Arweave deposit, Shamir key split, timer contract on an L2, basic deposit interface. No AI agent, no ZK proofs, no deniability layer in v1. Those are protocol upgrades, not launch requirements.
Revenue comes from one-time deposit fees scaled by payload size and duration. Optional premium features: larger payloads, more custodians, ZK proof generation, institutional API for law firms and estate planners.
The market for 20-year commitments is small and patient. This is not a SaaS business. It might be better positioned as grant-funded infrastructure (Ethereum Foundation, Filecoin Foundation, press freedom organizations) than as a venture-backed startup. A product with a 20-year payoff cycle and no recurring revenue is a hard pitch to a VC. It's a natural pitch to a foundation.