Hot wallet speed

+ cold wallet security

=

Meet CubeSigner, a low-latency API for generating keys and signing transactions inside secure hardware. Stay safe from insider threats, app compromise, and costly mistakes without sacrificing performance.

The key management status quo is downright crazy

Nearly $700 M has been lost in 2023 to private key compromise and access control exploits.

As an industry, we…

Are you surprised that keys get stolen?

We're not.

copy keys
in cloud accounts
Locker
handle keys in web browsers
Locker
manage keys with cryptography research (yes, we mean MPC)
Locker
display keys on screens
export keys in zip files
Locker
store keys on laptops
Locker
expose keys
in memory
Locker

Security

— not security theater

Past Work

Our work secures systems you use every day

CubeSigner is the culmination of decades of our academic work securing production systems. We’ve designed and specified the cryptography underlying Ethereum, deployed fine-grained isolation in Firefox, discovered exploitable bugs in Chrome and Linux, and built automated reasoning tools used by Amazon, Certora, and others.
Problem Space

Building a secure key manager is harder than it looks

You’ve got to design the system with security in mind from day one, so that your key manager:
Ensures keys are not exposed during signing, import, or export.
Protects users’ keys even in the presence of attackers or insider threats.
Prevents attackers from exfiltrating keys via side-channels.
Depends on trustworthy libraries and is safe against supply chain attacks.
Provides low latency, high throughput, and high reliability without sacrificing security.
... and more.
Ignore the slick marketing. Key management is hard—it takes more than a sprinkling of shiny cryptography or vague references to secure hardware.
System Design

We build on gold standards, not magic dust

Secure hardware is the gold standard for key protection in high-security applications because it can create keys that are only accessible to a specific piece of code. Wielding this guarantee to reduce the attack surface in a real system takes skill, though:
You must choose secure hardware wisely. As the ongoing saga of attacks on Intel SGX shows, not all “secure” hardware is actually secure. CubeSigner uses AWS Nitro Enclaves sealed to standards-certified HSMs—nothing more than minimalist, well-studied functionality.
All software that touches keys must be correct. More complex tech stacks make correctness harder, and naively jamming code into an enclave doesn’t fix bugs. CubeSigner’s enclave code is small, simple, written in safe Rust, built on battle-tested dependencies, and designed to enforce security properties using techniques pioneered in our academic work.
Trusted Computing Base for CubeSigner vs off-the-shelf signers in Nitro or SGX hardwarecubesigner illustration

But wait... what about MPC?

We have deep academic experience with MPC, which is why we don’t recommend it for production. First, MPC protocols and the software that implements them are extremely complex, leading to splashy, security-breaking bugs that suggest worse lurking beneath the surface. Second, MPC’s slow signing speed encourages people to cut (security) corners in the name of performance. Finally, most protocols’ security assumptions don’t align with reality. MPC protocols, for example, assume that parties are independent, while many real-world systems deploy multiple copies of the same software on the same cloud infrastructure from the same account. Put simply, MPC has practical limitations.
Read more ↗

What’s the matter with doing crypto in the browser?

Some key managers endanger users while claiming to empower them with in-browser crypto. This crypto is dangerous because it's usually written in JavaScript, a language that takes fine-grained control over code execution out of applied cryptographers' hands. The JavaScript runtime may indiscriminately replicate your keys, leave your secrets strewn about long after they're useful, or optimize in ways that reveal secrets through subtle differences in the timing of operations. Use JavaScript for beautiful wallet UXs, not for handling keys!
Read more ↗

Our audit partner

The Veridise team are leading experts in program analysis, verification, and automated reasoning.

They have a deep knowledge of the Cubist codebase and can advise on integrating it securely via automated policy correctness checking.

Veridise logo inside a shape

Veridise offers preferential benefits and packages for Cubist key management customers.

Our investors:

Polychain capital logo
dao5 logo
Amplify Partners logo
Geometry logo
Divergence Ventures logo
Robot Ventures logo
Notation Capital logo
Bessemer Venture Partners logo
Symbolic Capital logo
Very Serious Ventures logo
Polygon logo
Protocol Labs logo
Axelar logo
Blizzard Fund logo
Time Research logo
ZKValidator logo
Scroll logo
Paxos logo