Building Blocks

The foundation of Secubit’s custody architecture relies on a set of carefully chosen cryptographic and security primitives. These building blocks provide the trust, resilience, and flexibility required for institutional-grade digital asset management. Each component addresses a specific challenge in custody design, and together they form a layered defense that balances security, usability, and scalability.

At the hardware layer, Secubit uses Hardware Security Modules (HSMs) as the root of trust. HSMs are tamper-resistant devices purpose-built to generate, store, and use cryptographic keys without exposing them in plaintext. They enforce strict security policies, support quorum-based approvals, and provide high-assurance cryptographic operations such as signing, encryption, and hashing. In Secubit’s architecture, HSMs guarantee that private keys never leave protected hardware, forming the anchor of both custodial and hybrid custody modes.

On top of this hardware foundation, Secubit integrates Multi-Party Computing (MPC) to distribute trust across multiple entities. Instead of relying on a single private key stored in one location, MPC allows keys to be split into cryptographic shares and used collaboratively without ever reconstructing the full key. This eliminates single points of failure and enables flexible models where Secubit holds one share inside its HSMs while clients hold another, secured by biometrics, PassKey authentication, or automated trading systems. By requiring joint participation, MPC ensures that no single insider or attacker can authorize a transaction on their own.

For user authentication and approval, Secubit adopts PassKey, the modern replacement for passwords that leverages public-key cryptography and biometric factors. PassKey binds user approvals to device-level secure enclaves, ensuring that only legitimate, verified individuals can initiate sensitive actions. Whether approving a custodial transaction or unlocking a non-custodial share, PassKey provides phishing-resistant, user-friendly authentication that integrates seamlessly into Secubit’s workflow.

Finally, Secubit employs Merkle Trees to guarantee data integrity with minimal storage overhead. Instead of storing entire datasets in the HSM, Secubit stores only the Merkle root, which cryptographically commits to all underlying wallet data and policies. Any attempt to alter data can be detected by recomputing the tree and verifying the root. This approach optimizes for the limited storage capacity of HSMs while preserving full integrity guarantees over large and evolving datasets.

Together, these building blocks—HSMs for hardware-rooted trust, MPC for distributed control, PassKey for secure user authentication, and Merkle Trees for scalable data integrity—form the backbone of Secubit’s Wallet-as-a-Service platform. Their interplay ensures that institutional clients gain a custody solution that is both secure and flexible, reducing risks without compromising usability or performance.