Feature
Build approval chains that can't be bypassed.
A chain-of-trust model for authorising actions. Multiple levels of identity and policy must be satisfied before a signature is valid. Every level of the hierarchy must be present and verified.
The Concept
Cryptographic governance, not just policy.
Traditional enterprise governance relies on policy documents, approval workflows, and human enforcement. These can be circumvented by privileged insiders, by social engineering, or simply by someone who has the technical ability to bypass the workflow.
Hierarchical Signatures make approval chains cryptographically enforced. You cannot perform a signing operation unless every required level of the approval hierarchy has physically authorized the transaction using their ToughID™ verified identity.
Enterprise Governance Use Case
Treasury wallet signing flow, cryptographically enforced at every stage:
- Transaction requested
- Destination address and value entered
- Identity verified
- Operator authenticates via ToughID™ with hardware-bound biometric liveness
- Quorum and policy confirmed
- Threshold and governance rules enforced in hardware, not application logic
- CFO approval required above threshold
- Compliance sign-off required for international transfers
- Key derived in hardware
- Phantom Secrets generates an ephemeral key inside the ToughKey HSM, existing for milliseconds only
- Transaction signed, key immediately destroyed
- Nothing persists
- Audit log written
- Immutable, identity-bound record created
How It Works
Multi-level signature flow.
Policy Defined
The approval hierarchy is defined in code: who must sign, in what order, with what constraints. This is cryptographically embedded and cannot be changed at runtime.
Transaction Initiated
A transaction is submitted. The policy engine determines which approval levels are required based on the transaction type, value, and context.
Level-by-Level Authorization
Each level of the hierarchy must physically authorize using their ToughID™ device. The authorization is a cryptographic contribution to the final key reconstruction.
Threshold Reached
Once all required levels have authorized, the threshold for key reconstruction is met.
Key Reconstructed & Operation Performed
The signing key is reconstructed ephemerally inside Toughkey™, the operation is performed, and the key is destroyed.
Use Cases
Where hierarchical signatures matter.
Treasury & Finance
High-value transactions require C-suite authorization at every level. No transaction above threshold can occur without all required signatories.
Exchange Operations
Large withdrawal requests from exchanges can require tiered approval: operations, compliance, and executive levels must all sign.
Smart Contract Governance
DAO and protocol governance operations can require hierarchical authorization from multiple stakeholder groups.
Regulatory Compliance
Four-eyes principle and segregation of duties requirements are cryptographically enforced, not just documented.
Technical White Paper: Hierarchical Signature Architecture
Full cryptographic specification for chain-of-trust construction and threshold schemes available for enterprise evaluators.
Request White Paper