How BlockWill's Trust Model Works

How we secure digital assets without ever holding your keys.

A post I shared this week sparked a great thread, and almost every question circled the same point: if BlockWill helps pass on digital assets, who actually holds the keys?

The answer is the whole thesis of the company. You should never have to trust us with your keys, so we built it so you don't.

Three questions kept coming up. Here is how the model actually works.

"Does the company hold my keys, like a CEX?"

No. The encryption private key lives on your own YubiKey, in your possession. It never reaches us. What sits on our servers is ciphertext we have no ability to decrypt. If we could touch your keys, we would just be a custodian, and you would be right not to trust that.

"What if I lose access? A lost device, a missing seed?"

Self-custody usually fails the moment one fragile secret is lost. We remove that single point of failure. Recovery runs through defined roles (Executor, Guardian, Beneficiary) and conditional release logic, so assets still reach the right people without us ever holding the key.

"What if someone forces me to hand over the keys?"

This is the hard one, and I will not pretend we have fully eliminated it. Release is gated by on-chain conditions and time delays, not a single key handover, so no one can be coerced into releasing everything at once. That delay is also a detection window. We deliberately refuse to be a recovery backdoor ourselves, because anything that can override coercion can usually be coerced too.

Trust-minimized, not trustless

I would not call this trustless. I would call it trust-minimized, and the distinction is deliberate. Pure trustlessness assumes the key holder is always around to act. Inheritance is the one use case where, by definition, they are not. So the problem is not removing trust entirely. It is removing discretionary human trust and anchoring everything in two things instead: a key only the owner holds, and code that executes on-chain.

That is the category we are building. Not a wallet, not a custodian. Digital inheritance infrastructure.

If you work in self-custody, estate planning, or security and want to poke holes in this, I welcome it. The questions this week made the answer sharper. DM open, or find us at blockwill.io.

Frequently Asked Questions

The one-line answer. You never have to trust BlockWill with your keys. By design, we cannot access them.

Does BlockWill ever have access to my private keys?

No. This is a design choice baked into the architecture, not a policy we could quietly change later. Your encryption private key resides on your own YubiKey and stays in your possession. It never leaves your control and never reaches our servers. Because we never hold the key, we cannot read, move, or surrender your assets, and neither can anyone who manages to compromise us.

How are my keys and data actually secured?

Everything you place in your SecureVault is encrypted on your side using the private key held on your YubiKey. What lives on BlockWill's infrastructure is ciphertext we have no ability to decrypt. That is what zero-knowledge means in practice: the stored data is meaningless without a key we never possess.

Is this self-custody? How is it different from just holding my own keys?

It is non-custodial, so you keep control of your keys exactly as you would in self-custody. The difference is everything that happens around that. Pure self-custody has no safe answer for incapacity or death; if the key is lost, the assets are usually lost with it. BlockWill keeps you in control while you are able to act, and adds a structured, owner-defined path for your assets to reach the right people when you cannot.

What happens if access is lost, through a lost device or my passing?

Self-custody usually fails at exactly this point, because it depends on one fragile secret surviving. BlockWill is built to remove that single point of failure. Release to the people you choose runs through roles you assign (Asset Manager, Executor, Guardian, Beneficiary) and conditions you define, so there is a defined path forward that never requires us to hold your key. The specific re-provisioning flow is part of the product and we are glad to walk through it directly.

What stops someone from coercing me into handing over my keys?

This is the hardest threat in the space, and no self-custody system can honestly claim to eliminate it. BlockWill reduces it in two ways. First, release is gated by on-chain conditions and time delays rather than a single key handover, so no one can force an instant, complete release. Second, that delay creates a detection window in which the owner is notified before anything moves, so a coerced action can be caught and stopped. We also refuse to build ourselves into a recovery backdoor, because any party powerful enough to override coercion can usually be coerced in turn.

If you never hold the key, how does an asset reach my beneficiary?

Release is governed by VaultRelay, our smart-contract automation layer on Polygon. When a condition the owner defined is met and verified on-chain, for example an inactivity trigger or a pre-set release date, the contract executes the transfer of access to the named people. Decryption rights are created at the moment of need, never held in advance by BlockWill. The detailed mechanism is part of our core engineering, but the principle is constant: no standing access for us, ever.

Is BlockWill trustless?

We call it trust-minimized, and the distinction is deliberate. Pure trustlessness assumes the key holder is always present to act. Inheritance is the one use case where, by definition, they are not. So the goal is not to eliminate trust entirely, but to remove discretionary human trust and replace it with two things you can verify: a key only you hold, and code that executes on-chain.

Who or what actually enforces the release, BlockWill or the code?

The code. Conditional release runs as smart contracts on Polygon, executing only the conditions the owner set. A beneficiary gains access because a rule was satisfied and verified on-chain, not because someone at BlockWill approved it. Our role is to build and maintain the infrastructure, not to sit in the middle of your succession as a gatekeeper.

Why does this matter?

Most digital assets are lost not because they are stolen, but because no one can reach them once the owner is gone. Solving that without forcing people back into custodial trust is the entire point of BlockWill. We are building digital inheritance infrastructure: a way to pass on what you own with the security of self-custody and a reliable path for it to reach the people you choose.

Where trust lives

The same instinct that makes people distrust a centralized exchange is the instinct we designed around. Here is where control sits across three models.

Centralized exchange

Who holds your private key: The exchange.

If you lose access or pass away: Exchange process, often frozen.

Who controls when assets move: The exchange.

Can the provider be coerced for your assets: Yes.

Pure self-custody

Who holds your private key: Only you.

If you lose access or pass away: Assets are usually lost forever.

Who controls when assets move: Only you, while able to act.

Can the provider be coerced for your assets: Not applicable.

BlockWill

Who holds your private key: Only you, on your YubiKey.

If you lose access or pass away: Structured release to the people you chose.

Who controls when assets move: On-chain conditions you defined.

Can the provider be coerced for your assets: No. The provider never holds the key.

The bottom line

You should never have to trust an infrastructure provider with the keys to your life's assets. BlockWill is built so you do not have to. We never hold your keys, we cannot read your data, and we are not the party that decides when your assets move. That is not a feature we added. It is the architecture we started from.

Want to go deeper on the architecture? Reach Deepak Saini at deepaksaini@blockwill.io, or visit www.blockwill.io.