Custody Architecture With Vendor Zero Signing Capability
Move assets instantly and securely with keys that remain fully under your institution’s control.
Rox eliminates counterparty risk at the architectural level. Under FCA CP25/14, MiCA, Basel III, SAMA, and CBUAE frameworks, regulatory exposure is determined by vendor capability, not vendor intent. Because Rox holds no key shards and participates in no signing round, it does not meet the regulatory definition of a third party able to control or move client assets.
Why Rox Security Is Unmatched
Every institution has unique security needs. That’s why we offer flexible custody configurations
Zero Vendor Shards
Private keys and all key material remain solely on your institution’s SCNs. Rox holds nothing, sees nothing, and stores nothing.
Your Keys, Your Infrastructure
Run signing SCNs in your data center, sovereign cloud, or offline environment. Rox never hosts or accesses your key infrastructure.
Sub-second Global Signing
Achieve real world sub second signing performance across global regions with deterministic, policy validated execution.
Fresh Security Every Session
Each signing session establishes new certificates, ephemeral keys, and cryptographic channels, eliminating persistent secrets and reducing attack exposure.
End-to-End Encrypted Relay
All Distributed MPC traffic between Self-Custody Nodes is fully encrypted. Rox relays session coordination signals only, no partial signatures, no key material, and no intermediate cryptographic state ever passes through Rox infrastructure.
Zero Trust by Design
No party, including Rox, can influence or complete a signing operation. All signatures require institutional authorization and policy compliance, removing single point failure risk.
You Decide the Security Model
Every institution has unique governance and infrastructure requirements. Rox supports multiple deployment and custody configurations while maintaining Zero Vendor Trust.
Truly Decentralized.
Truly Non-Custodial
Rox holds no keys, shards, or recovery materials and never participates in signing, authorizing, or blocking transactions. All operations originate and complete within your institution’s infrastructure. Your organization maintains full, uncompromised control over every signature, workflow, and approval.
Built For Absolute Sovereignty
Even in the rare event of system failure or access loss, your assets and private keys remain safe — with encrypted, policy-controlled recovery protocols. Rox Custody guarantees:
Sub second deterministic signing across supported networks
Comprehensive enterprise API suite for full automation
Counterparty free integration with Zero Vendor Trust
Instant recovery operations under institutional control
How Each Custody Model Responds Under Total Vendor Compromise
When evaluating institutional custody, the only test that truly matters is what happens under a full vendor compromise. Most MPC and HSM systems still rely on vendor-held shards, vendor co-signing, or vendor-controlled execution paths, making the vendor a permanent point of cryptographic exposure. The Rox SCN model eliminates this entirely. Even in a total vendor failure scenario, Rox cannot sign, cannot influence execution, and cannot access any key material. Security remains fully sovereign inside the institution.
| Feature | Co-Signing MPC Provider | HSM | Rox SCN Model |
|---|---|---|---|
| Vendor holds shards | Yes | No | Never |
| Vendor signs | Yes | No | Never |
| Governance tied to crypto | Weak | Weak | Strong |
| Multi-cloud | Limited | No | Yes |
| Vendor Survival Dependency | High | High | None |
Only Rox offers a security model where total vendor compromise results in zero signing capability and zero blast radius, true institutional sovereignty.
Zero Vendor Shards. Zero Vendor Signing.
A custody architecture that satisfies the FCA's CP25/14 third-party disclosure test by design, not by legal workaround.