Request access
RankShield Network · Financial

On-chain settlement verification,attested before broadcast.On-chain settlement verification proves a transfer is authorized before it is broadcast and mined. RankShield Financial reduces each EVM-style transfer to a signed, canonical intent — payer, payee, amount, purpose — verifies a human or AI agent approved it, then releases or holds it, signed with quantum-safe ML-DSA-65.

ml-dsa-65 signedpre-broadcastno counterparties revealed
rail normalizer · native → canonical intent
# native RTP instruction
debtor: acct-04f2
creditor: acct-1180
amount: 48500.00
ccy: USD
e2e: e2e-7c19a3
↓ normalize + de-identify
rs-fin-intent-v1|rail=rtp|amount_minor=4850000|payer=<commit>|payee=<commit>
digest
one canonical intent, one signature path — whichever rail the money moves on.
01 // Irreversible once mined
Why now

Why must an EVM-style transfer be verified before it is broadcast?

Because an EVM-style transfer is irreversible once it is mined, and the only place to stop a bad one is before it reaches the network. On these rails, amounts are carried in 18-decimal base units and settlement is final: once the transaction confirms, there is no chargeback and nothing to claw back. A hijacked key, a social-engineered approval, or a prompt-injected AI agent only has to produce one signed transfer, and the value is gone the moment the block confirms. Fraud tools built for reversible card rails answer a different question — how risky is this? — and often answer it after the money has already moved. On an irreversible ledger that timing is fatal. RankShield Financial verifies the intent behind each transfer before the transaction is signed and broadcast: it reduces the transfer to a canonical record, checks that an authorized party approved it, and releases, holds, or denies it pre-broadcast. Attesting the authorization before it goes to the network is the only control point that still exists on a rail with irreversible settlement.

The pre-broadcast draft

A hijacked key drafts a 2.5 ETH transfer to a fresh address

An attacker with a signing key assembles a transfer to a counterparty never paid before. Once broadcast, it would confirm and never reverse.

RankShield: the intent is attested before broadcast; an un-permitted counterparty fails the check and the transfer is held.
The drifting agent

An AI agent queues transfers just under a review threshold

An autonomous agent is prompt-injected into sending a run of on-chain transfers to a new address, each sized to slip past a human-review line.

RankShield: the agent's signed constitution caps per-transaction and aggregate spend; out-of-authority transfers are held automatically.
18-decimal
EVM-style transfers carry amounts in 18-decimal base units — precision that has to survive normalization intact.
Irreversible
Final once mined — no chargeback, no reversal, nothing to claw back.
Pre-broadcast
The control point is before the transaction reaches the network.
02 // Pre-signing attestation
The mechanism

How does pre-signing intent attestation stop a transfer before it is mined?

Before a transaction is broadcast, RankShield reduces it to a single canonical intent record — payer, payee, amount, purpose — signs it, verifies that an authorized party approved it, and resolves it to a release, hold, or deny. That is RankShield's pre-settlement intent attestation (RS-206), run pre-signing so a bad transfer never reaches the network. The native EVM-style instruction, with its 18-decimal amount, is normalized into that one canonical intent and de-identified, so no address appears in the clear. The signature binds the exact payer, payee, amount, and purpose together; alter a single field and the seal breaks, so the attestation cannot be quietly re-pointed at a different recipient or amount. The verdict is sealed to a tamper-evident record on the RankShield Network, where anyone holding the key can recompute the digest and confirm it. Because the check runs before broadcast and settlement is irreversible, a transfer that verifies is released to be signed and sent, and one that fails — wrong counterparty, over an agent limit, missing a valid signature — is held before it can ever be mined.

Canonical intent
The native 18-decimal transfer is normalized into one de-identified intent record.
Change a field
The signature binds payer, payee, amount, purpose — alter one and the seal breaks.
Held pre-mine
A transfer that fails the check never reaches the network to be confirmed.
03 // secp256k1 exposure
Why the signature matters most here

Why does secp256k1 make on-chain authorizations the sharpest quantum target?

Because on-chain transfers are authorized with elliptic-curve signatures over secp256k1, and ECC is an easier target for a future quantum computer than RSA — a capable machine would need far fewer resources to break an elliptic-curve key, and on-chain public keys are frequently exposed. That makes the authorization behind an on-chain transfer the single place where post-quantum signing matters most. RankShield signs each intent with composite ML-DSA-65, the NIST-standardized post-quantum scheme from FIPS 204, hybridized with a classical signature and crypto-agile so it can rotate to ML-DSA-87 or hash-based SLH-DSA as standards move. This does not replace the chain's own secp256k1 signature; it gives the intent record a durable, post-quantum proof of authorization that stands independent of the chain. It is quantum-safe by construction, not quantum-proof: no CRQC exists today, and the immediate risk is harvest-now-decrypt-later, where an adversary records signed transfers now to attack once a capable machine arrives. Signing the authorization post-quantum today is how a long-lived on-chain record stays defensible for years.

signing algorithm · crypto-agility registryrotatable
standard
FIPS 204
security level
NIST Level 3
public key
1,952 B
signature
3,309 B

Default. Lattice-based. Civilian / HVA / EU-hybrid grade.

every signature is independently verifiable against the NIST standard — rotating the algorithm doesn’t break past proofs.
04 // No counterparties revealed
Privacy by construction

How do de-identified commitments keep counterparties off the record?

RankShield's ledger reveals no counterparties. Account and address references are HMAC-keyed and de-identified under a secret pepper — preimage-resistant — then stored as nonce-bound commitments, so the same party looks different on every transaction and is unlinkable to an observer, openable only with the key. The record holds commitments, not addresses or account numbers, so there is no PII to leak and no new honeypot to breach. That matters especially on-chain, where addresses are already public: RankShield's verification layer does not add a second, correlatable trail of who paid whom. Signing keys live in an HSM, and releasing a transfer needs an M-of-N quorum, so no single key can authorize value to move. Honesty about the primitive: these are salted commitments, a zero-knowledge building block, not full zk-SNARK proofs, and RankShield is not a wallet or custodian and never takes custody of funds. The design goal is verification without exposure — prove the transfer was authorized while revealing nothing about the parties to anyone reading the record.

HMAC-keyed
references de-identified under a secret pepper, preimage-resistant
Nonce-bound
the same party looks different on every transaction
M-of-N · HSM
no single key can release a transfer
No PII
the record stores commitments, not addresses
05 // Settlement reconciliation
After release

Can RankShield confirm a broadcast transfer settled as it was attested?

Yes. Once a transfer is released and broadcast, an enrolled settlement oracle returns a signed receipt, and RankShield reconciles it against the attested intent. The outcome is one of three states: settled as attested, divergence, or unauthorized settlement. That catches a transfer that was released but confirmed for a different amount, and value that settled on-chain without any matching attestation at all — a bypass of the verification layer. For anyone moving value on an irreversible ledger, that reconciliation turns a hopeful assumption into a checkable fact. The signed receipt is bound to the original intent, so a divergence in amount or an unauthorized settlement surfaces as a distinct state rather than a silent discrepancy discovered later. Combined with the pre-broadcast verdict and the post-quantum-signed intent record, it gives a continuous, verifiable trail across the whole lifecycle of an on-chain transfer: authorized before broadcast, sealed at the decision point, and reconciled after the block confirms.

settled_as_attesteddivergenceunauthorized_settlement
06 // Verified vs raw
Verified vs raw broadcast

What does verified on-chain settlement add over a raw broadcast?

A raw on-chain broadcast carries only the transaction itself; RankShield adds a signed, checkable record of intent before broadcast and a reconciled receipt after the block confirms. The table contrasts the two on the dimensions that matter for blockchain payment security on an irreversible rail.

DimensionRaw on-chain broadcastRankShield Financial
Decision timingBroadcast, then finalAttested before broadcast
ReversibilityIrreversible once minedHeld before it can be mined
Authorization proofsecp256k1 signature onlyPost-quantum ML-DSA-65 (FIPS 204)
Counterparty privacyAddresses public on-chainDe-identified commitments, no PII
AI payment agentsUnboundedSigned identity + spend governance
Post-settlement checkManual reconciliationSettlement-oracle reconciliation
07 // Agentic authority
Autonomous transfers

How does RankShield govern AI agents that broadcast on-chain transfers?

Each AI payment agent that broadcasts on-chain transfers is issued a signed identity and a constitution that bounds what it may do: a maximum per transaction, a rolling aggregate limit over a window, the counterparties it is allowed to pay, the purposes it is allowed to serve, and an expiry. Before any agent-initiated transfer is released for broadcast, RankShield checks that the intent falls inside that authority and that the agent is still alive via a heartbeat — a dead-man's switch. An agent that exceeds a limit, pays an un-permitted address, or goes silent has its transfers held automatically, before they reach the network. This matters acutely on-chain, where an autonomous agent holding a signing key can assemble and broadcast transfers at machine speed onto an irreversible ledger. A prompt-injected or drifting agent could otherwise drain value one under-threshold transfer at a time, and every one of them would confirm and never reverse. The constitution is the guardrail that keeps agent authority bounded to what its owner actually granted. Agent keys are themselves post-quantum and crypto-agile, so the identity behind an authorized on-chain transfer is as durable as the intent it signs — the whole chain of authority, not just the payment record, is built to survive a future quantum attacker.

Constitution
Per-transaction cap, rolling aggregate, allowed counterparties and purposes, and an expiry — signed to the agent.
Heartbeat
A silent agent trips the dead-man's switch — its transfers are refused until it proves it is still alive.
Held pre-broadcast
An out-of-authority agent transfer is stopped before it reaches the network to confirm.
Rail-agnostic

Does one verification cover on-chain and every other rail?

Yes. RankShield normalizes on-chain transfers alongside stablecoins, tokenized deposits, RTP, FedNow, and CBDC into a single canonical intent, so the same pre-settlement check protects value wherever it moves — across chains and rails.

On-chainStablecoinTokenized depositRTPFedNowCBDC
FAQ

On-chain settlement verification — questions, answered.

What is on-chain settlement verification?
On-chain settlement verification is the act of proving a transfer is legitimate before it is broadcast and mined, because an EVM-style transfer is irreversible once it confirms. RankShield Financial reduces each transfer to a signed canonical intent — payer, payee, amount, purpose — verifies that an authorized human or AI agent approved it, then releases, holds, or denies it before broadcast. On an irreversible ledger there is no chargeback, so the verification must precede settlement, not follow it.
When is an EVM-style transfer irreversible?
An EVM-style transfer — amounts carried in 18-decimal base units — is irreversible once it is mined into a confirmed block. There is no chargeback and nothing to claw back; the value has moved. That finality is exactly why RankShield verifies the intent before the transaction is broadcast. Once a transfer is signed and sent to the network, the only defensible control point has already passed, so the check has to happen at authorization time.
How does pre-signing intent attestation work?
Before a transaction is broadcast, RankShield reduces it to a canonical intent record, signs it, and verifies that an authorized party approved it. The attestation binds the exact payer, payee, amount, and purpose; change one field and the seal breaks. The verdict is released, held, or denied, sealed to a tamper-evident record. Because the check runs pre-signing and pre-settlement, a fraudulent or unauthorized transfer never reaches the network — it is held before it can be mined.
Why does secp256k1 create quantum exposure?
On-chain transfers are authorized with elliptic-curve signatures over secp256k1, and ECC is an easier target for a future quantum computer than RSA — a capable machine would need fewer resources to attack it, and public keys are often exposed on-chain. RankShield signs the authorization itself with post-quantum ML-DSA-65 (FIPS 204), hybrid and crypto-agile. That gives the intent record durable integrity independent of the chain’s own secp256k1 signature, which it does not replace.
Is this quantum-proof?
No — quantum-safe by construction, never quantum-proof. No cryptographically-relevant quantum computer exists today, and no honest vendor can promise a system is unbreakable. The present risk is harvest-now-decrypt-later: an adversary records signed transfers now to attack once a capable machine arrives. RankShield signs each on-chain authorization with the current NIST post-quantum standard, hybridized with classical cryptography, and built to rotate algorithms as guidance advances.
What do de-identified commitments hide?
The ledger reveals no counterparties. Account and address references are HMAC-keyed and de-identified under a secret pepper, then stored as nonce-bound commitments, so the same party looks different on every transaction and is unlinkable to an observer, openable only with the key. The record stores commitments, not addresses or account numbers. These are salted commitments — a zero-knowledge primitive — not full zk-SNARK proofs, and RankShield never takes custody of funds.
Does RankShield replace the blockchain’s own signature?
No. RankShield adds a verification and attestation layer above the transfer; it does not replace the chain’s secp256k1 signature or take custody of funds. The chain still signs and settles the transaction as it always has. RankShield proves, before broadcast, that the transfer’s intent was authorized — producing an independently verifiable, post-quantum-signed record that stands alongside the on-chain transaction rather than in place of it.
Does this apply to blockchain payment security generally?
Yes. The same pre-settlement model underpins blockchain payment security across EVM-style transfers, stablecoins, and other on-chain rails: verify the intent before broadcast, sign it post-quantum, seal it to a tamper-evident record, and reconcile the settlement receipt afterward. Because RankShield normalizes every rail into one canonical intent, the verification is consistent whether the value is a native token, a stablecoin, or a tokenized deposit.
How are 18-decimal amounts kept accurate through normalization?
EVM-style transfers carry amounts in 18-decimal base units, and that precision has to survive normalization intact. RankShield reduces the native instruction to a canonical intent that preserves the exact amount in its base units, then binds it into the signature alongside payer, payee, and purpose. Because the signature covers the exact value, a transfer that was attested for one amount and broadcast for another breaks the seal, and settlement-oracle reconciliation flags an amount divergence after the fact. Nothing is rounded away between attestation and settlement.
How does RankShield govern AI agents that broadcast on-chain?
Each agent carries a signed identity and a constitution: a per-transaction cap, a rolling aggregate limit, allowed counterparties and purposes, and an expiry. Before an agent-initiated transfer is released for broadcast, RankShield checks the intent is inside that authority and that the agent is still alive via a heartbeat, a dead-man’s switch. This matters on-chain, where an agent with a key can broadcast at machine speed onto an irreversible ledger. An out-of-authority or silent agent has its transfers held before they reach the network, and agent keys are themselves post-quantum and crypto-agile.
Verify, then settle

See your payments verified before they settle.

RankShield Financial is rolling out with design partners on instant and tokenized rails. Request access and we’ll map it to your settlement flow.

Request accessHow it works