SCF #42 | Build Track | Open Track
Zelf Legacy: Biometric Inheritance Infrastructure for Stellar
Requested Budget: $90,000 USD (in XLM)
Organization: Zelf World LLC (Wyoming, USA)
Executive Summary
Zelf Legacy lets Stellar wallets and apps handle inheritance without moving funds or trusting a central party. Users keep full control; beneficiaries get access only after verified inactivity and biometric proof. No private keys exposed, no biometric data stored.
We've built the hard part already. Our ZelfProof tech derives a private key from your face (optionally plus a password) so you can run a self-custody wallet with no seed phrases and no servers. The output is a ~350-byte encrypted packet, not a biometric template. Live face scan + liveness detection verifies; add a password and you get two factors. SDK runs on Web Extension, iOS, and Android. We tried Solana and Avalanche as proof of concept; the fit wasn't there for inheritance and payments. Stellar gets it: payments, rightful owners, leaving assets to family when you're gone. The $90k funds building Soroban contracts, heartbeat protocol, oracle (proof of concept to complete), and tooling from scratch for Stellar. Not a port.
What Is Zelf Legacy?
Zelf Legacy solves the most critical unaddressed problem in crypto: "What happens to your assets when you die?"
Most inheritance schemes lock your funds in a contract. We don't. Zelf Legacy passes access rights to beneficiaries only after inactivity is verified and they prove who they are (face + ID). Your assets stay where they are.
How It Works
Step 1: Create Your Will
You turn on Legacy Mode in the Zelf app and pick your beneficiaries. Each one is bound via ZelfProof. Their face is the key. We never store biometric data.
- Legal Smart Contract Wrapper on Soroban
- Biometric Beneficiary Designation via ZelfProof
- Policy encrypted and stored on IPFS & Arweave (immutable, decentralized)
- Shamir's Secret Sharing (SSS) splits the seed phrase into shares. You set the rules: 2 of 3, 3 of 5, lawyer or no lawyer, 1 beneficiary or several. Threshold is configurable.
Step 2: Heartbeat Protocol
The app pings the Soroban contract periodically to prove you're alive. ZK compression keeps it cheap and private:
- Nobody can tell if you have a policy
- Heartbeats are signed; liveness detection blocks spoofs
- You set the inactivity window (30 days to 24 months) and grace period
- ZK cuts on-chain storage by 100–1000x
Step 3: Secure Claim
Once inactivity and grace period are over, beneficiaries can claim. Three checks:
- Face match: live scan against the ZelfProof the holder registered. No biometric data shared.
- ID check: Verifik's KYC (190+ countries).
- ZK proof on Soroban: contract verifies entitlement and releases credentials. Keys stay off-chain.
Why We Don't Lock Your Funds
| Approach | Fund Transfer (typical approach) | Access Rights (Zelf Legacy) |
|---|---|---|
| User retains control | No. Funds locked in contract | Yes. Full control until inheritance |
| Smart contract risk | High. Funds at risk if contract is exploited | Minimal. Contract holds policies, not funds |
| DeFi composability | Broken. Locked funds can't be used | Preserved. Assets remain active |
| Yield/staking | Lost during lock period | Continues normally |
| Multi-chain assets | Requires per-chain deployment | Single policy covers cross-chain access |
| Legal enforceability | Uncertain. Code-is-law | Supported. Produces verifiable evidence for lawful off-chain execution |
Technical Architecture
ZelfProof engine: done. Guardian Oracle: proof of concept. We need to build the Soroban contracts, heartbeat protocol, oracle completion, and Stellar SDK layer.
Stellar Integration Plan
Stellar-Specific Building Blocks Used
- Soroban Smart Contracts (Rust): PolicyRegistry, Heartbeat accumulator, Claim verification logic. Directly Stellar-specific: replaces our Anchor/Solana program.
- Soroban Three-Tier Storage:
Persistentfor policy state and heartbeat root,Temporaryfor intermediate claim state,Instancefor contract configuration. No equivalent on other chains. - Soroban
require_auth()model: Replaces implicitmsg.sender. Explicit authorization required per Stellar's account model. - Soroban Event System: Heartbeat emissions use Soroban events rather than state writes, reducing per-heartbeat cost to near zero.
- BLS12-381 Native Curve Support: Soroban's built-in BLS12-381 support allows on-chain ZK proof verification without an external library. This is one of the primary technical reasons Stellar was chosen over EVM chains.
- Stellar Wallets Kit: Used in Tranche 3 SDK for Freighter/Lobstr wallet integration examples.
- IPFS + Arweave (storage layer): Policy metadata and ZelfProof packets stored off-chain; Stellar Ledger records only state hashes and events.
What We Already Have (Proven Components)
We're not starting from zero. Most of the budget goes to Stellar-specific work.
| Component | Current Stack | Stellar Adaptation |
|---|---|---|
| ZelfProof Engine | TypeScript/Native SDK (offline) | None needed. Chain-agnostic. |
| Inheritance business logic | Rust (Anchor/Solana) | Medium. Same language, swap macros and storage model. |
| Heartbeat Protocol | Solana + Light Protocol | Medium. Soroban events + BLS12-381 + Merkle accumulator. |
| Biometric SDKs | Web, iOS, Android | None needed. Client-side. |
| KYC/AML | Verifik Production API | None needed. Backend service. |
| Guardian Oracle | Proof of concept (Node.js) | Medium. Complete and adapt to Soroban. |
| Arweave/IPFS storage | Production integration | None needed. Chain-agnostic. |
Key Technical Differences: Soroban vs. Solana
| Aspect | Solana | Soroban |
|---|---|---|
| Language | Rust (Anchor) | Rust (Soroban SDK) |
| Auth Model | Implicit msg.sender | Explicit require_auth() |
| Storage | PDAs (accounts) | Typed storage (Persistent/Temporary/Instance) |
| ZK Support | Via Light Protocol (external) | Native BLS12-381 curves |
| Tx Cost | ~$0.00025 | ~$0.0001 |
| Finality | ~400ms | ~5 seconds |
Stellar Integration Flow
Data flow showing exactly how Stellar components participate in the inheritance lifecycle:
Tranche 1: MVP ($25,000)
Timeline: 5 weeks
Soroban Inheritance Registry Contract + ZelfProof Integration. Build the Soroban contract that stores inheritance policy metadata and enforces claim eligibility. The contract integrates with ZelfProof for biometric verification. Heartbeat Protocol with Merkle proof-based history verification. Simulated end-to-end inheritance event on Stellar Testnet.
Architecture (5 weeks breakdown)
Tranche 2: Testnet ($35,000)
Timeline: 6 weeks
Guardian Oracle + Claim Verification Pipeline. When inactivity and grace period expire, the oracle notifies the lawyer (or beneficiaries directly if the lawyer does not act). The claim flow validates that the claimant matches the registered ZelfProof before enabling seed phrase reconstruction.
Architecture (6 weeks breakdown)
Tranche 3: Mainnet ($30,000)
Timeline: 6 weeks
Developer SDK, Wallet Integration, Documentation & Mainnet Launch. Creation of developer tooling, wallet integration modules, and documentation. Includes demonstration application, mainnet deployment, and UX-ready onboarding flows.
Architecture (6 weeks breakdown)
Why Stellar?
We care about payments, rightful owners, and passing assets to family when it matters. So does Stellar.
- Low transaction costs: Heartbeat signals must be economically sustainable over years or decades.
- 5-second finality: Critical for time-sensitive claim processing.
- Soroban's Rust ecosystem: Direct code portability from our Solana Rust codebase.
- BLS12-381 support: Native support for the cryptographic curves our ZK proofs require.
- Real-world financial infrastructure: Stellar's focus aligns with inheritance, a fundamentally real-world financial need.
Risk Mitigation
| Risk | Mitigation |
|---|---|
| Soroban contract security | Third-party audit by Ackee Blockchain or OtterSec before mainnet |
| ZK proof performance | Use native BLS12-381 support; fallback to off-chain verification with on-chain attestation |
| Oracle manipulation | Multi-signal attestation requirement; no single oracle can trigger inheritance |
| Regulatory uncertainty | Jurisdiction-aware policy framework; access-rights model avoids custody classification |
Open Source Commitment
We'll open-source everything Stellar-specific under MIT: contracts, heartbeat protocol, oracle interface, SDKs, demo app, docs.
ZelfProof stays proprietary but ships as an SDK with a free tier for Stellar devs.
$90k gets you: Soroban inheritance contracts, heartbeat protocol, oracle (we have a proof of concept), SDKs, demo app, and mainnet. We've got the biometrics; the rest gets built for Stellar.
Don't let your crypto die with you.