Request access
RankShield Network · Financial · Solutions

Crypto custody security,attested before it signs.Crypto custody security is the discipline of verifying and cryptographically attesting a transaction’s intent before it is signed and broadcast on-chain. RankShield Financial performs custodian pre-signing verification — attesting each withdrawal with quantum-safe cryptography and governing programmatic transfers with an agent constitution — while never taking custody of funds or keys.

pre-signing intentagent-governedno custody taken
agent ap_7f3 · signed constitutionml-dsa-65
rolling aggregate · 24h$20,000 / $25,000
RELEASEDintent ⊆ authority · signed · released
01 // Intent
The problem

Why is the moment before signing the moment that matters for a custodian?

Because once a custody transaction is signed and broadcast, it settles finally on-chain — irreversibly, with no chargeback and nothing to claw back. A crypto custodian or exchange approves withdrawals and transfers that move value in seconds, and increasingly those requests come from programmatic systems, not a person clicking approve. If a withdrawal is forged, replayed, or driven by a hijacked automation, the signed transaction is indistinguishable from a legitimate one the instant it hits the mempool. The only place a control can still change the outcome is before the signing step — where the intent can be verified, an authorized approver confirmed, and anything outside the granted authority held or denied. RankShield puts a verifiable, cryptographic checkpoint at exactly that point, so the decision to sign is proven rather than assumed, and RankShield never touches the keys or the funds to do it.

Pre-signing
The last point a control can change the outcome is before the transaction is signed and broadcast.
No custody
RankShield never holds keys or funds — it verifies intent in front of your signing flow.
02 // Verify
Pre-signing intent attestation

How does RankShield attest intent before a transaction is broadcast?

Every withdrawal or transfer is reduced to a canonical intent — payer, payee, amount, purpose — and hashed to a single digest. RankShield signs that intent, verifies it against the authorized approver, checks it against the granted authority, and returns released, held, or denied before the transaction is signed and broadcast. Released means the intent is proven and can proceed to your signing path. Held means it needs another approval. Denied means it fell outside the authorized approver, amount, or purpose. The verdict is itself signed and sealed to a tamper-evident record on the RankShield Network, so the decision to broadcast is an independently verifiable attestation, not a trusted log entry. This is the RS-206 pre-settlement intent attestation model applied at the custodian pre-signing boundary — the same canonical-intent-and-digest machinery that runs across every rail RankShield normalizes.

Canonical intent

one record · one digest

The withdrawal is normalized into a single canonical intent and hashed to one digest — the object the attestation is signed and verified against before any signing happens.

Released / held / denied

a verdict, before signing

Each transaction resolves to a verdict before it is broadcast. Held and denied stop it while it is still reversible in your pipeline, and record why as verifiable evidence.

Sealed attestation

tamper-evident record

The verdict is signed and sealed to a tamper-evident record — the decision to sign and broadcast becomes an attestation an auditor can replay independently.

03 // Governed
Programmatic withdrawal governance

How are automated and programmatic withdrawals governed?

A growing share of custody withdrawals are triggered by automations and AI agents, not a human clicking approve — and that is exactly where authority has to be bounded. RankShield gives each agent a signed identity and a constitution: a maximum per transaction, a maximum rolling aggregate over a window, an allowlist of counterparties, allowed purposes, an expiry, and a dead-man’s-switch heartbeat. A withdrawal is released only if it falls inside that granted authority; step outside the per-transaction cap, hit an unlisted counterparty, or exceed the rolling aggregate, and it is held or denied. The heartbeat is the safety catch: if the agent goes silent — crashed, killed, or hijacked — its payments are refused by default, so an unattended automation fails closed. This is the RS-207 agentic spend-governance model, and it turns programmatic withdrawals from an open pipe into a bounded, revocable authority.

Constitution
Per-tx cap, rolling aggregate, allowed counterparties and purposes, expiry — released only inside granted authority.
Dead-man
Silent agent → payments refused. An unattended or hijacked automation fails closed, not open.
04 // Anchor
Anchoring the evidence

How is a governed transaction anchored without exposing account data?

Every verdict is signed and sealed to a tamper-evident record on the RankShield Network, and that record stores commitments, not account or wallet identities. References are HMAC-keyed and de-identified under a secret pepper — preimage-resistant — then stored as nonce-bound commitments, so the same account looks different on every transaction and is unlinkable to an outside observer, openable only with the key. There is no PII on the ledger. Signing keys live in an HSM, and releasing a withdrawal requires an M-of-N quorum, so anchoring the evidence never concentrates risk in a single key. A settlement oracle then returns a signed receipt — settled_as_attested, divergence, or unauthorized_settlement — catching a bypass or an amount mismatch between what was approved and what actually hit the chain. To stay precise: these are salted commitments, a zero-knowledge primitive, not full zk-SNARK proofs.

HMAC-keyed · pepperednonce-bound commitmentsHSM keysM-of-N quorumsettlement oracleno PII on ledger
Why RankShield Financial
05 // Quantum
Quantum-safe signing

Is custody signing quantum-safe today, and how does RankShield differ?

Be precise here. Based on our research, incumbent custody signing is classical ECDSA in production today. In May 2026, BitGo and Silence Laboratories demonstrated a PQC-MPC transaction as a simulation using ML-DSA / FIPS 204 — a proof of concept by a regulated custodian, not a generally available product. So the honest position is that quantum-safe custody signing is emerging, not shipped. RankShield does not claim to replace your signing; it signs the authorization it attests with composite ML-DSA-65 (FIPS 204), hybrid with a classical signature and crypto-agile, so the evidence layer behind a withdrawal is quantum-safe by construction — never quantum-proof. Because custody keys are elliptic-curve and elliptic-curve is easier to break than RSA, harvest-now-decrypt-later makes them a priority target, and a cryptographically-relevant quantum computer does not exist yet. Signing the attestation with a post-quantum scheme now, and staying agile, keeps that evidence durable whichever way the standards move.

signing algorithm · crypto-agility registryrotatable
standard
FIPS 204
security level
NIST Level 3
public key
1,952 B
signature
3,309 B

Default. Lattice-based. Civilian / HVA / EU-hybrid grade.

every signature is independently verifiable against the NIST standard — rotating the algorithm doesn’t break past proofs.
06 // Governed
Exchanges & hot wallets

How does pre-signing verification fit an exchange's high-volume withdrawal flow?

Exchanges face a harder version of the custody problem: withdrawals are high-volume, often automated, and flow out of hot wallets that are online and therefore exposed by design. The answer is not to slow every withdrawal to human speed; it is to bound the automation and attest each intent cryptographically at machine speed. Each withdrawal engine gets a signed identity and a constitution — per-transaction cap, rolling aggregate over a window, allowlisted counterparties, allowed purposes, expiry, and a dead-man heartbeat — so a normal withdrawal inside those bounds releases without friction, while anything anomalous is held or denied. When a hot-wallet system is compromised, the two failure modes are a burst of large withdrawals and a drain to new, unlisted addresses; the aggregate cap catches the first and the counterparty allowlist catches the second, and the heartbeat halts everything if the engine is taken over. Each released withdrawal still carries a quantum-safe signed attestation, so even at exchange volume you keep a verifiable record of every intent that was approved before it was signed and broadcast.

Agentic payment security
07 // Custody
Where RankShield sits

If RankShield attests transactions, why is it not a custodian?

Because attesting a transaction and custodying value are two different jobs, and RankShield only does the first. A custodian holds keys and funds and bears the responsibility of moving them; RankShield never holds either. It sits in front of your signing and broadcast flow as a verification layer: it reads a proposed transaction, reduces it to a canonical intent, attests that intent against an authorized approver, and returns a verdict your own systems act on. Your keys stay in your HSM or MPC arrangement, your regulatory posture as the custodian does not change, and value never routes through RankShield. That separation is deliberate and load-bearing. It means adopting RankShield does not introduce a new party into the custody chain that could itself be compromised to move funds, and it means the attestation is genuinely independent — an auditor can replay it without RankShield being a counterparty to the transaction. The evidence is stronger precisely because the attestor takes no custody.

Why RankShield Financial
08 // Anchor
Settlement reconciliation

How do you confirm the broadcast transaction matched the attested intent?

Attesting intent before signing is only half the loop; the other half is confirming that what actually settled on-chain matches what was attested. Once a transaction is broadcast, an enrolled settlement oracle returns a signed receipt with one of three results: settled_as_attested, divergence, or unauthorized_settlement. Settled_as_attested means the on-chain outcome matched the released intent exactly. Divergence flags a mismatch — most often an amount that changed between approval and broadcast. Unauthorized_settlement means value moved without ever carrying a released verdict, which catches a transaction that bypassed the verification layer entirely. For a custodian or exchange, that unauthorized_settlement case is the one that matters most: it surfaces a withdrawal signed and broadcast outside the sanctioned pre-signing path. Because the oracle's receipt is itself signed and sealed, the reconciliation is verifiable evidence rather than a trusted internal report. Paired with the pre-signing verdict, you hold a signed record at both ends of every withdrawal — the intent that was approved, and the settlement that resulted.

On-chain settlement verification
What it stops

What custody-specific failures does pre-signing verification catch?

The attacks that cost custodians most share a property: the loss is final the moment the transaction is signed and broadcast. Attesting intent before signing moves the catch earlier — to when the withdrawal can still be held or denied.

Hijacked automation

A withdrawal bot is taken over

An attacker compromises a programmatic withdrawal agent and tries to drain funds to their own addresses at machine speed, faster than a human can react.

RankShield: The agent constitution caps per-transaction and rolling aggregate, allowlists counterparties, and refuses payments the moment the dead-man heartbeat lapses — so a hijack fails closed.
Forged withdrawal

An approval is replayed or forged

An adversary reuses a captured signed instruction, or forges one against a harvested elliptic-curve key, to push a withdrawal through before signing.

RankShield: Each intent is nonce-bound and the attestation is quantum-safe signed with ML-DSA-65; a replay or a classical-key forgery fails verification before the transaction is broadcast.
Custody momentWhat RankShield attestsEvidence produced
Withdrawal requestAuthorized approver, amount, purpose — inside granted authoritySigned intent + released/held/denied verdict, sealed
Programmatic transferAgent constitution: per-tx cap, aggregate, counterparty, heartbeatGoverned attestation; refusal if heartbeat lapses
Pre-signingCanonical intent + digest, quantum-safe signature (ML-DSA-65)Tamper-evident seal on the RankShield Network
Post-settlementOn-chain result vs. what was attestedOracle receipt: settled_as_attested | divergence | unauthorized
FAQ

Crypto custody security — questions, answered.

What is crypto custody security in this context?
Crypto custody security here means verifying and cryptographically attesting the intent of a transaction before it is signed and broadcast on-chain. RankShield Financial reduces each withdrawal or transfer to a canonical intent, verifies the payer, payee, amount, and purpose against the authorized approver, and returns a released, held, or denied verdict — sealing that decision to a tamper-evident record. It is a control that sits in front of the signing step, not a replacement for your custody stack.
Is RankShield a custodian?
No. RankShield Financial is not a custodian, wallet, or exchange, and it never takes custody of funds or keys. It sits in front of your existing signing and broadcast flow as a verification layer: it reads a proposed transaction, attests its intent, and returns a verdict your own systems act on. Your keys stay in your HSM or MPC setup, your custody arrangement does not change, and value never passes through RankShield.
What does custodian pre-signing verification actually do?
Custodian pre-signing verification inserts a proven checkpoint between a withdrawal being requested and the transaction being signed and broadcast. RankShield attests the canonical intent, confirms an authorized approver stands behind it, and returns released, held, or denied. Because it happens before signing, a held or denied verdict stops the transaction while it is still reversible in your pipeline — before it becomes an irreversible on-chain settlement with nothing to claw back.
How are programmatic and automated withdrawals governed?
Each automation or agent that can request a withdrawal is given a signed identity and a constitution: a maximum per transaction, a maximum rolling aggregate over a window, allowed counterparties, allowed purposes, an expiry, and a dead-man’s-switch heartbeat. A withdrawal is released only if it falls inside that granted authority. If the agent goes silent, the heartbeat lapses and its payments are refused automatically, so a hijacked or malfunctioning automation cannot keep draining value unattended.
Do incumbent custodians already sign with post-quantum cryptography?
Not in production today. Based on our research, incumbent custody signing is classical ECDSA. In May 2026, BitGo and Silence Laboratories demonstrated a PQC-MPC transaction as a simulation using ML-DSA / FIPS 204 — a proof of concept by a regulated custodian, not a generally available product. RankShield signs the authorization it attests with composite ML-DSA-65 (FIPS 204), hybrid with a classical signature, so the evidence layer is quantum-safe by construction — not quantum-proof — regardless of what the underlying custody signs with.
Why does the quantum threat matter for custody specifically?
Custody signing keys authorize on-chain value directly, and elliptic-curve keys are easier for a future quantum computer to break than RSA, which makes them a priority harvest target. A cryptographically-relevant quantum computer does not exist yet, so the concrete risk is harvest-now-decrypt-later: an adversary records signed authorizations now to attack them later. RankShield signs each attested authorization with ML-DSA-65 today and stays crypto-agile, so the evidence behind a withdrawal remains verifiable even as standards and threats evolve.
What is the dead-man’s-switch heartbeat?
The dead-man’s-switch heartbeat is a liveness signal an automated agent must keep sending. As long as the heartbeat is present and the agent stays inside its constitution, its withdrawals can be released. If the heartbeat stops — the agent crashed, was killed, or was taken over — RankShield refuses further payments from that agent by default. It converts silence into a safe state, so the failure mode of an unattended automation is a halt, not an open pipe to attacker-controlled counterparties.
How does a governed transaction get anchored as evidence?
Every verdict is signed and sealed to a tamper-evident record on the RankShield Network. The record stores commitments, not account or wallet identities — references are HMAC-keyed and de-identified under a secret pepper, so the same account looks different on every transaction. Releasing a withdrawal requires an M-of-N quorum of HSM-held keys, and a settlement oracle can confirm the transaction settled as attested, flagging divergence or an unauthorized settlement if the on-chain result does not match what was approved.
Verify, then settle

See your payments verified before they settle.

RankShield Financial is rolling out with design partners on instant and tokenized rails. Request access and we’ll map it to your settlement flow.

Request accessHow it works