Insights

Drift attack

The Human Attack Surface: How Lokblok Would Have Stopped the Drift Protocol Breach

alternatives to MPC custody

Alternatives to MPC custody: when threshold key shares are still keys

Multi-party computation custody distributes key shares across operators, but the shares still exist at rest. Map the failure modes of MPC and the case for on-demand reconstruction without persistent shares.

delegate signing without giving up keys

Delegate signing without giving up keys: hierarchical signatures explained

Conventional delegation hands over the key. Hierarchical signatures grant the right to sign, under specific conditions, for a bounded time, without ever transferring the key material.

HSM vs MPC

HSM vs MPC vs zero-persistence: a decision framework

Three models for protecting cryptographic keys, each with honest tradeoffs. Where each one fits, where each one breaks, and how zero-persistence reconstruction sits alongside the established two.

how to eliminate stored private keys

How to eliminate stored private keys: a practitioner's guide

Walk the four storage models, HSM, MPC shares, encrypted backups, seed phrases, and the fifth model that removes the storage problem altogether: ephemeral reconstruction inside hardware.

insider threat key management

Insider threat and cryptographic keys: why human-process controls run out of road

Rotation policies, dual control, and access reviews mitigate insider risk. They cannot eliminate it as long as a privileged operator can read, copy, or assemble the key. Cryptographic non-possession can.

MiCA-compliant custody architecture

MiCA-compliant custody architecture: a technical reading

MiCA Article 67 and 70 require segregation of client crypto-assets and demonstrable key control. A zero-custody architecture maps cleanly onto both requirements without operator-level controls.

payment HSM modernisation

Payment system key architecture: removing keys-at-rest from the chain

Payment cryptography concentrates risk in a long-lived ZMK/ZPK hierarchy. A zero-persistence runtime adds per-operation reconstruction without disturbing the certified HSM substrate underneath.

post-quantum HSM

Post-quantum key management: why algorithms aren't enough

Migrating to post-quantum algorithms is necessary but not sufficient. Stored keys remain a harvest-now-decrypt-later target until you remove the storage assumption itself.

wallet recovery without seed phrases

Wallet recovery without seed phrases: quorum-based threshold reconstruction

Seed phrases trade one failure mode for another: the wallet can survive without the device, but only if the user can survive without losing a piece of paper. Quorum-based reconstruction removes both failure modes.

zero-trust key management

Zero-trust key management: extending Never Trust, Always Verify into the cryptographic layer

Zero-trust networking removes the assumption of a trusted perimeter. Zero-trust key management removes the assumption of a trusted key store. Both rely on the same principle: nothing is safe by virtue of where it sits.