Every generation gets one infrastructure reset.
In the industrial era, nations built ports, roads, power grids. In the digital era, most of the world outsourced the foundation: cloud hosting, messaging, identity, business names, and records. That trade felt convenient—until it became a dependency.
Rootz flips the model. Instead of bolting "blockchain features" onto legacy systems, we are building infrastructure where origin and ownership are native—for people, businesses, products, and the data that defines them.
One Contract Per Asset
Whether it's your AI thinking, a head of lettuce, or a semiconductor—the structure is the same.
A Data Wallet has two parts:
- Origin Data (the Genesis Block) - immutable creation record
- Notes - data that accumulates over the wallet's lifetime
Owner: 0x4b2E..."] subgraph genesis["GENESIS BLOCK (Origin - Immutable)"] direction TB who["WHO created it
(signed by hardware key)"] what["WHAT type of asset"] when["WHEN it was created
(blockchain timestamp)"] where["WHERE it originated
(device/domain/location)"] hash["Initial content hash"] end subgraph notes["NOTES (Data that accumulates)"] direction TB note1["Note 1: AI session transcript
← signed, timestamped"] note2["Note 2: Follow-up conversation
← signed, timestamped"] note3["Note 3: Project completion summary
← signed, timestamped"] more["..."] end header --> genesis genesis --> notes end style wallet fill:#f8fafc,stroke:#4f46e5,stroke-width:3px style genesis fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px style notes fill:#f3e8ff,stroke:#7c3aed,stroke-width:2px style header fill:#dbeafe,stroke:#2563eb,stroke-width:2px
Universal Applications
📝 AI Thinking Archive
🥬 Supply Chain: Head of Lettuce
💻 Semiconductor Chip
Nested Wallets: Binding Context to Transactions
A note can reference another Data Wallet—embedding verified identity, credentials, or related assets.
When the vet adds a health record to a steer's Data Wallet, the note includes a reference to the vet's credential wallet. When a building permit is issued, it references the property wallet. This creates verified context.
Owner: 0x4b2E..."] direction TB subgraph note3["Note 3: Building Permit Issued"] direction TB permit["Permit #2026-0142
Issued by: City Planning Dept"] subgraph embedded["EMBEDDED REFERENCE"] direction TB inspector["Inspector Credential Wallet: 0x9f2a...
Licensed: State Board #4521
Valid through: Dec 2027"] end permit --> embedded end subgraph note4["Note 4: Inspection Completed"] direction TB result["Passed: Electrical, Plumbing, Structural
Signed by: Inspector (wallet 0x9f2a...)"] end note3 --> note4 end style property fill:#f8fafc,stroke:#4f46e5,stroke-width:3px style note3 fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px style note4 fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px style embedded fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
Use Cases
KYC Binding
Financial transactions embed verified identity wallets
Veterinary Records
Vet's credential wallet embedded in livestock health notes
Firmware Updates
Chip wallet receives update note with developer signature wallet
Instructions + Results
Command wallet embedded, result wallet attached
Many Participants, One Record
Grant access to team members, vendors, or auditors—everyone writes to the same wallet.
The owner controls who can add notes. Team members, contractors, regulators—each can contribute while the owner maintains control. Every contribution is signed by its author.
Owner: Company ABC (0x4b2E...)"] direction TB subgraph team["TEAM ACCESS"] direction TB alice["✓ Alice (Engineer)
Can add notes"] bob["✓ Bob (QA)
Can add notes"] auditor["✓ External Auditor
Read only"] agency["✓ Regulatory Agency
Read only"] end subgraph notes["NOTES"] direction TB note1["Note 1: Design spec uploaded
← signed by Alice"] note2["Note 2: Test results attached
← signed by Bob"] note3["Note 3: Revision completed
← signed by Alice"] note4["Note 4: Audit review complete
← signed by Auditor"] end team --> notes end style project fill:#f8fafc,stroke:#4f46e5,stroke-width:3px style team fill:#dbeafe,stroke:#2563eb,stroke-width:2px style notes fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px style alice fill:#dcfce7,stroke:#16a34a,stroke-width:1px style bob fill:#dcfce7,stroke:#16a34a,stroke-width:1px style auditor fill:#fef3c7,stroke:#ca8a04,stroke-width:1px style agency fill:#fef3c7,stroke:#ca8a04,stroke-width:1px
Owner Controls Access
Grant, modify, or revoke team permissions at any time
Every Note Signed
Each contribution carries its author's cryptographic signature
Audit Trail Built-In
Who added what, when—permanently recorded on blockchain
Your Identity Isn't a Single Key
It's a smart contract that manages all your device keys—with recovery built in.
When you sign a note, you're signing with YOUR identity—regardless of which device you're using. Lose a phone? Revoke that device key. Your identity and all your Data Wallets remain intact.
0x4b2E..."] subgraph devices["Authorized Devices"] direction TB laptop["Laptop (TPM): 0x9f2a...
✓ Active"] phone["Phone (SE): 0x3d1f...
✓ Active"] desktop["Desktop (TPM): 0x7b4c...
✓ Active"] oldphone["Old Phone: 0x2e5a...
✗ Revoked"] end subgraph recovery["Recovery"] direction TB social["Social recovery with
3-of-5 trusted contacts"] end identity --> devices identity --> recovery style identity fill:#dbeafe,stroke:#2563eb,stroke-width:3px style devices fill:#f8fafc,stroke:#4f46e5,stroke-width:2px style recovery fill:#fef3c7,stroke:#f59e0b,stroke-width:2px style laptop fill:#dcfce7,stroke:#16a34a,stroke-width:2px style phone fill:#dcfce7,stroke:#16a34a,stroke-width:2px style desktop fill:#dcfce7,stroke:#16a34a,stroke-width:2px style oldphone fill:#fee2e2,stroke:#dc2626,stroke-width:2px
No Single Point of Failure
Multiple devices authorized, each with independent keys
Device Compromise ≠ Identity Loss
Revoke compromised device keys without losing your identity
Team Authorization
Grant access at the identity level for seamless collaboration
Seamless Cross-Device
Same identity, different keys—works everywhere you are
Every Domain Becomes a Wallet
DNS extension, not replacement. Your existing domain gains cryptographic identity.
Epistery extends DNS with cryptographic identity. Your domain becomes an economic actor that can sign documents, own assets, and authorize users—without creating a new namespace.
Traditional DNS vs Epistery-Extended DNS
(IP address)"] end subgraph epistery["Epistery-Extended DNS - Points to WHERE + WHO"] direction LR domain2["example.com"] -->|resolves to| bundle["192.168.1.1 (IP)
+
0x7a3F... (wallet)
+
Agent contract"] end style traditional fill:#fee2e2,stroke:#dc2626,stroke-width:2px style epistery fill:#dcfce7,stroke:#16a34a,stroke-width:2px style domain1 fill:#dbeafe,stroke:#2563eb,stroke-width:2px style domain2 fill:#dbeafe,stroke:#2563eb,stroke-width:2px style ip1 fill:#f3e8ff,stroke:#7c3aed,stroke-width:2px style bundle fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px
Two Anchors of Trust
🌐 Domain Identity (Server)
DNS TXT record proves domain ownership
Agent contract acts on behalf of domain
Domain signs documents and authorizes users
🔐 Browser Identity (Client)
Browser generates keypair tied to domain
TPM-backed where available
Proves origin: this browser, this device, this time
Combined Result: When both anchors sign, you have cryptographic proof that a specific person, on a specific device, at a specific domain, at a specific time, created specific content. This is Origin².
Data That Survives
Blockchain records the events. Decentralized storage holds the content.
The blockchain is expensive—you don't store files there. Instead, we use a three-layer architecture:
• Timestamps (proof of existence)
• Content hashes (integrity verification)
• Permission changes
Cost: ~$0.002 per transaction"] end subgraph decentral["DECENTRALIZED STORAGE (Content)"] direction TB ds1["• IPFS for public/semi-public content
• Encrypted before upload
• Only hash goes on-chain
• Content addressable (tamper-evident)"] end subgraph enterprise["ENTERPRISE STORAGE (Optional)"] direction TB es1["• Compliance requirements (data residency)
• Faster retrieval for high-volume access
• Same encryption, same integrity proofs"] end blockchain --> decentral decentral --> enterprise end style storage fill:#f8fafc,stroke:#4f46e5,stroke-width:3px style blockchain fill:#dbeafe,stroke:#2563eb,stroke-width:2px style decentral fill:#e0e7ff,stroke:#4f46e5,stroke-width:2px style enterprise fill:#f3e8ff,stroke:#7c3aed,stroke-width:2px style bc1 fill:#dbeafe,stroke:none style ds1 fill:#e0e7ff,stroke:none style es1 fill:#f3e8ff,stroke:none
Signed
Every piece of data cryptographically signed by its creator
Encrypted
Keys only the owner controls—end-to-end encryption
Integrity Verified
Hash on blockchain proves content unchanged since creation
Redundant
Decentralized storage means no single point of failure
Keys That Can't Be Stolen
Private keys never leave your device's secure hardware.
This is not theoretical. TPM chips are in billions of devices today. We're using hardware that's already deployed—now with software that makes it useful for data ownership.
(never leaves)"] signs["Signs data"] operations["[Key operations
happen inside]"] end software <-->|request/response| tpm end style device fill:#f8fafc,stroke:#4f46e5,stroke-width:3px style software fill:#dbeafe,stroke:#2563eb,stroke-width:2px style tpm fill:#dcfce7,stroke:#16a34a,stroke-width:2px style privatekey fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
Why This Matters
Device-Bound Keys
Keys cannot be copied to another machine
Malware Protection
Even with full system access, malware can't extract the private key
Lost Device Recovery
Revoke that key, not all keys—identity remains intact
Hardware Attestation
Cryptographic proof the device is legitimate, not counterfeit