Reference
Insights
Practitioner-level pieces on key-management architecture, zero-custody cryptography, and the alternatives to keeping secrets at rest.
Why Hackers Stopped Looking for Bugs and Started Looking for Keys
The Shift No One Saw Coming
State level attacks play different
Read articleThe Industry Is Solving the Wrong Problem
Access Control Failures Drive $1.6B in Losses
The weakest link in blockchain security isn't the blockchain at all. It's key management.
Read articleHow Compliance Requirements Are Creating What They're Meant to Prevent
GENIUS & The Custody Paradox
More Custody Doesn't Mean More Security
Read articleThe Bybit hack
The Bybit Lesson
Lessons learned from the Bybit hack
Read articleIs Key Rotation Enough?
The Crypto-Agility Test
If You Can't Rotate Keys Today, You Won't Survive Algorithm Migration Tomorrow
Read articleDrift attack
The Human Attack Surface: How Lokblok Would Have Stopped the Drift Protocol Breach
Yesterday's assumptions about key security no longer hold water
Read articlealternatives to MPC custody
Alternatives to MPC custody: when threshold key shares are still keys
Multi-party computation custody distributes key shares across operators, but the shares still exist at rest. Map the failure modes of MPC and the case for on-demand reconstruction without persistent shares.
Read articledelegate signing without giving up keys
Delegate signing without giving up keys: hierarchical signatures explained
Conventional delegation hands over the key. Hierarchical signatures grant the right to sign, under specific conditions, for a bounded time, without ever transferring the key material.
Read articleHSM vs MPC
HSM vs MPC vs zero-persistence: a decision framework
Three models for protecting cryptographic keys, each with honest tradeoffs. Where each one fits, where each one breaks, and how zero-persistence reconstruction sits alongside the established two.
Read articlehow to eliminate stored private keys
How to eliminate stored private keys: a practitioner's guide
Walk the four storage models, HSM, MPC shares, encrypted backups, seed phrases, and the fifth model that removes the storage problem altogether: ephemeral reconstruction inside hardware.
Read articleinsider threat key management
Insider threat and cryptographic keys: why human-process controls run out of road
Rotation policies, dual control, and access reviews mitigate insider risk. They cannot eliminate it as long as a privileged operator can read, copy, or assemble the key. Cryptographic non-possession can.
Read articleMiCA-compliant custody architecture
MiCA-compliant custody architecture: a technical reading
MiCA Article 67 and 70 require segregation of client crypto-assets and demonstrable key control. A zero-custody architecture maps cleanly onto both requirements without operator-level controls.
Read articlepayment HSM modernisation
Payment system key architecture: removing keys-at-rest from the chain
Payment cryptography concentrates risk in a long-lived ZMK/ZPK hierarchy. A zero-persistence runtime adds per-operation reconstruction without disturbing the certified HSM substrate underneath.
Read articlepost-quantum HSM
Post-quantum key management: why algorithms aren't enough
Migrating to post-quantum algorithms is necessary but not sufficient. Stored keys remain a harvest-now-decrypt-later target until you remove the storage assumption itself.
Read articlewallet recovery without seed phrases
Wallet recovery without seed phrases: quorum-based threshold reconstruction
Seed phrases trade one failure mode for another: the wallet can survive without the device, but only if the user can survive without losing a piece of paper. Quorum-based reconstruction removes both failure modes.
Read articlezero-trust key management
Zero-trust key management: extending Never Trust, Always Verify into the cryptographic layer
Zero-trust networking removes the assumption of a trusted perimeter. Zero-trust key management removes the assumption of a trusted key store. Both rely on the same principle: nothing is safe by virtue of where it sits.
Read article