BAPBA Protocol
Getting Started

Introduction to Burning Ash Protocol

What is BAP, why it exists, and how it securely manages digital wills through encryption and Shamir's Secret Sharing.

Burning Ash Protocol

Burning Ash Protocol (BAP) is a dead man's switch for digital wills — a secure system that ensures your important documents reach your loved ones after you're gone.

Why BAP Exists

When someone dies, their digital assets — documents, passwords, instructions, final wishes — are often lost forever. Existing solutions have significant limitations:

  • Google Inactive Account Manager — Locked to Google ecosystem only
  • Inheriti — Requires blockchain knowledge
  • LifeChecker — Lacks encryption
  • Everplans — Requires manual legal processes

BAP solves these problems by combining:

  • Cross-platform encrypted storage (Google Drive, Dropbox, AWS S3, FTP/SFTP)
  • Threshold-based access via Shamir's Secret Sharing (K-of-N survivors must authenticate)
  • OTP-based authentication accessible to non-technical users
  • Automated liveness checks with configurable intervals and escalation

How It Works

The BAP system involves three key roles:

Host

The person who creates and manages their digital will. The Host:

  • Uploads encrypted documents
  • Designates Survivors who should receive access
  • Configures liveness checks to confirm they're still alive
  • Sets a threshold (K-of-N) requiring multiple Survivors to collaborate

Survivor

A person designated by the Host to receive will access after death. Survivors:

  • Don't need accounts or apps
  • Verify identity via OTP (email, SMS, WhatsApp, or Telegram)
  • Work together to meet the threshold and decrypt the will

The Protocol

  1. Host creates a will — uploads documents, adds Survivors, sets threshold
  2. Periodic liveness checks — system periodically verifies the Host is alive
  3. If Host is unresponsive — after configurable attempts, the Will Transfer Protocol activates
  4. Survivors authenticate — each Survivor verifies via OTP
  5. Threshold met — when enough Survivors authenticate, the will is decrypted and accessible

Key Features

Military-Grade Encryption

All documents are encrypted using AES-256-GCM before they leave your server. The encryption key (DEK) is unique per will and protected by envelope encryption.

Shamir's Secret Sharing

The encryption key is split into shares using Shamir's Secret Sharing (SSS). With a 3-of-5 threshold, for example, any 3 Survivors can combine their shares to reconstruct the key.

Multiple Notification Channels

Connectors support:

  • Email (any SMTP provider)
  • SMS (Twilio)
  • WhatsApp (Meta Cloud API)
  • Telegram (Bot API)

Multiple Storage Backends

Documents can be stored on:

  • Google Drive (OAuth 2.0)
  • Dropbox (OAuth 2.0)
  • AWS S3
  • FTP/SFTP

Configurable Liveness Checks

  • HCIT — How often the Host confirms they're alive (7-90 days)
  • HCRT — How long the Host has to respond (24-72 hours)
  • HCRAC — How many missed checks before the will activates (1-5 attempts)

Security Principles

  1. Encrypt-before-upload — No plaintext ever touches external storage
  2. Zero-knowledge architecture — Server never sees unencrypted documents
  3. Crypto-shredding — Destroying the key destroys all documents
  4. No single point of failure — Multiple Survivors required for access

Quick Example

Imagine Alice wants to ensure her documents go to her family:

  1. Alice uploads her will documents (encrypted immediately)
  2. She adds her husband, daughter, and son as Survivors with threshold 2-of-3
  3. The system generates a 256-bit encryption key and splits it into 3 shares
  4. Alice receives backup codes to distribute to each Survivor
  5. Every 30 days, Alice confirms she's alive
  6. If Alice doesn't respond after 3 missed checks, her Survivors are notified
  7. Any 2 Survivors can verify their identity, combine their shares, and access the documents

Next Steps

Ready to get started?

Architecture

BAP consists of:

  • Go Backend — REST API with Chi v5 router, GORM ORM, SQLite/PostgreSQL database
  • Next.js Frontend — Next.js 16, React 19, TypeScript 5.9, Tailwind CSS 4, shadcn/ui
  • Encryption Layer — AES-256-GCM + Shamir's Secret Sharing + optional Ed25519 signing
  • Connector System — Pluggable notification providers (Email, SMS, WhatsApp, Telegram)
  • Billing — Stripe integration for SaaS mode (Free/Pro/Enterprise plans)

For detailed architecture information, see the Architecture Overview.

Welcome

Welcome to Burning Ash Protocol documentation

Installation Guide

Complete installation guide for Burning Ash Protocol using Docker Compose or manual setup.

On this page

Burning Ash ProtocolWhy BAP ExistsHow It WorksHostSurvivorThe ProtocolKey FeaturesMilitary-Grade EncryptionShamir's Secret SharingMultiple Notification ChannelsMultiple Storage BackendsConfigurable Liveness ChecksSecurity PrinciplesQuick ExampleNext StepsArchitecture