Sarcophagus: Decentralized dead-man switch — a self-sovereign inheritance protocol for the metaverse

by Felix Machart, Jan. 06

We are excited to be backing Sarcophagus DAO, alongside Placeholder, Inflection, Infinite, Lattice, LD Capital, Lo Enterprises, Compound VC, Hinge, Blockchange capital, Arweave, Figment & a couple of strategic angels, which has raised a total of $5.47M in funding over the last months.

While having initially been conceived as a mechanism for heavy machinery to stop if it’s operator or driver were to stop pressing a button or switch, a dead-man switch has universal applicability in digital systems as well (e.g. notifications or auto-logout if a user becomes inactive).

As such, creating fail-safe solutions which trigger an action based on a participant not assuring his/her liveness, will be a fundamental building block in web3 and the decentralized finance stack as well.

Since we generally see blockchains and DAOs having the potential to create more resilient, trust-minimized institutions as solid underlying pillars of society, a decentralized dead-man switch and self-sovereign inheritance protocol is a logical building block for us to back.

Pseudonymous accounts / avatars need a native way to saveguard & inherit assets

Especially on the metaverse it already is common among some circles to use pseudonymous identities and it will become increasingly so. People will want to have separate identities for online activities that can be observed by a significantly larger amount of people in order to freely express themselves with little inhibitions and enjoy experimental lifestyles.

In the decentralized metaverse everyone can be truly free. A separate offline identity enables individuals to remain grounded and lead a life out of the limelight or switch to another online identity in case of a change in interests or lifestyle.

Such pseudonymous identity can be represented by avatars. They are able to collect digital assets for work as well as play. Productive assets (incl. in-game), art as well as fashion. In order to make sure key-loss, death or other accidents does not lead to irrecoverability of on-chain assets, there is the need for an inheritance protocol without the need for real-world identities.

Enter Sarcophagus

Sarcophagus fits in as an important puzzle piece for numerous use-cases that pertain to individuals as well as DAOs. For the first time you can own information and reveal it in a programmatic and non-custodial way after death or key-loss.

Users can securely store documents/messages that are automatically revealed to a recipient if they stop signing cryptographic messages (as a sign of life).

There is a huge opportunity specifically for crypto-native use-cases wherever there is some element of “human back-up” and succession planning necessary. By storing a signed but unpublished transaction, any on-chain action can be made conditional on a party failing to prove their liveness.

Assets in a portfolio can be inherited to a specified address by putting a signed but unpublished transaction into a Sarcophagus, which then enables the recipient to publish that transaction in order to execute the inheritance (a publishing service will come in v2). The same primitive is useful for multi-signature set-ups in DAOs (especially incl. off-chain signature schemes such as BLS horcruxes) in order to make sure that a given key-holder is still able to fulfil their function and otherwise transfer signature rights to a back-up participant.

Further use-cases range from political activists that want to ensure critical information is revealed should they disappear (serving as a form of life insurance), to integrations with self-sovereign back-up services such as Ardrive (e.g. frequently backing up someone’s research or even second brain, to be released upon key-loss or death) or applications in the traditional will and trust industries (save data storage is often a liability, which can be pushed to a self-sovereign solution).

The protocol coordinates the following actors in order to provide the service of a decentralized dead-man switch, which lays the foundation for a plethora of services:


The user that encrypts a set of data and saves it on Arweave for access by the recipient at “resurrection time” (e.g. in 1h or 1 year) in case she fails to perform a sign of life (the re-wrapping message).


The party(ies) that the creator entitles for retrieving the data, represented by Ethereum addresses. Only recipients can decrypt the inner encryption layer of a Sarcophagus, once the outer layer has been decrypted by an archeologist.


The operators that are economically incentivized to decrypt the outer layer of the encryption if the creator/embalmer fails to sign the re-wrapping message. Archaeologist operators need to run nodes that observe whether sarcophagi have to be decrypted (and post a bond in SARCO tokens that can be slashed if they decrypt early or late). Next to slashing, publicly visible reputation based on past performance keeps them in check, since the most reliable operators will see the most usage (specific archeologists are responsible for a given Sarcophagus through the curse smart contract). One of the most critical upgrades in Sarcophagus v2 will be the ability to have multiple archeologists be responsible for redundancy. It is to be expected that the most mission critical use-cases will rely on the most reputable archeologists, which will be able to charge a premium over new-comers. Read here how to get started as an archeologist.

Data is encrypted in 2 layers (with recipient & archeologist Ethereum public/private key-pairs) with archeologists posting a bond in the curse contract — which is recovered + bounty when decrypting the outer layer at resurrection time — source: Sarcophagus litepaper

In the mummification phase, the user will upload the data, which is encrypted client-side with the public key of the recipient together with:

  • Resurrection time (when the sarcophagus should be decrypted if the user fails to re-wrap)
  • The bounty (incentivizes Archeologists to decrypt a layer of encryption, paid only upon decryption at the correct time)
  • Digging fees (payments to the Archaeologists that are guaranteed and paid upon re-wrapping or decryption at the correct time)

It is also possible to introduce web 2.0 authentication methods such as FaceID and OAuth for less mission-critical use-cases.

A range of possible authentication methods for (re-)wrapping the data to be safeguarded by Sarcophagus — source: Sarcophagus litepaper

Join the DAO!

​​The Sarcophagus DAO governance is set up as a main DAO on Aragon, as well as several subDAOs that are governed through snapshot and Gnosis mutisigs for greater agility.

Sarcophagus DAO structure overview — source: Sarcophagus documentation

While Sarcophagus is a DAO, there still is room for leadership. The key initiators have a track record of building secure key-management infrastructure for high-net-worth individuals and funds, while working with experienced developers for implementation.

We are super excited to be part of the Sarcophagus community and would be happy if you would become part of it as well!

Check out their website, documentation, Github, Twitter and join the discussion on Discord!