Configure digital asset
security with flexibility
Key management services that offer the modularity to meet all regulatory and internal compliance requirements via local deployments and developer-friendly setups.
Avoid design lock-ins,
manage keys with total freedom
Protect your organization from regulatory shifts or supplier takeovers
and prevent business disruptions in fast-growing markets.
Discover a wide range
of capabilities offered by Dfns
Flexible custodianship
Dfns offers both custodial ("org-controlled") and non-custodial ("user-controlled") wallet configuration options, offering clients the flexibility to meet security or regulatory requirements.
Customizable wallets
Dfns' platform adapts to your needs: segregated wallets for custodians, unique wallets for fintech users, or omnibus wallet structures for exchanges aiming to reduce transaction fees.
Composable deployments
Take control of your private keys, policies, and infrastructure with zero vendor dependencies. Dfns adapts to locations, cloud setups, hardware options, and custom deployment schemes.
Extensive signing groups
Dfns' advanced MPC protocols support deploying multiple partial keys in various instances, allowing multiple entities (e.g., employees, organizations, servers) to participate in key hosting and signing.
Adjustable threshold
Dfns' cutting-edge TSS for ECDSA and EdDSA supports flexible quorums (e.g., 2:3, 3:5, 5:7) and hierarchical signing orders, enabling organizations to align workflows with internal business logic.
Configurable recovery
Define the criteria that qualify as a disaster and use a dedicated, organization-specific recovery layer to retrieve your key material within Dfns' multi-tiered Disaster Recovery Protocol (DRP).
Personalized experience
Design a seamless wallet recovery UX for your end-users and employees with diverse 2FA options, such as cross-device passkey credentials, PDF recovery codes, KYC-locked keys, and more.
Compatible cryptography
Harness the power of versatile key management, offering support for diverse cryptographic primitives, curves, algorithms (e.g., ECDSA, EdDSA, STARK, Schnorr), and derivations (e.g., BIP32, SLIP10).
Key export options
Access the "break-the-glass" key export feature at all levels, from end-users to developers and organization-owned keys, safely ejecting private keys and associated digital assets from Dfns.
Composable deployments built
for adaptive risk management
Streamline and secure your key deployment scheme
with our advanced automations and APIs.
Entrust key hosting to Dfns' decentralized KMS, maintaining complete wallet control via passkey authentication to the API. All key material within the Dfns environment are stored in secure T3+/T4 data centers.
Achieve optimal security and flexibility with co-controlled wallets. Secure a subset of keys on-prem while choosing where the other Dfns-hosted keys are deployed in the geographic areas of your choice.
Deploy all the key material and services locally on-prem in secure enclaves like AWS Nitro or in FIPS 140-3 HSMs like Intel SGX, Azure AMD, Thales Luna Network or other similar solutions.
Select key deployment options leveraging TEEs in T3+/4 data centers and MPC security.
Thanks to their collaborative team and institutional-grade wallet platform, we've enhanced our operational capabilities and widened our business lines. Our security framework has also been reinforced by their state-of-the-art MPC cryptography. Dfns has proven to be an invaluable partner in our mission to provide reliable crypto custody services.”
Dux Reserve
Regulated Crypto Custodian
to assign admin/user controls over wallets
for event-based notifications on KYT-related red flags
to locally story key shares within HSMs.
Security reinforcement for enterprises
with cutting-edge key management
Battle-tested MPC
Multi-party computation is the ideal choice for decentralized, flexible key deployments, but MPC is complex and not all protocols are equal. Dfns uses an audited and open-sourced Rust implementation of CGGMP21, the industry's most popular MPC protocol.
Tamperproof HSM
Local key deployment is available to organizations with a history of proven compliance to standard security practices. Key shares must reside in isolated enclaves or FIPS 140 certified HSM within T3+/4 data centers, and align with ISO 27001 controls.
Real-time observability
Elevate root-level control over access privileges by using enclaves and public key signing to selectively engage in key management workflows any developer or employee of your organization, enabling precise resource access controls.
Root-level controls
Elevate root-level control over access privileges by using enclaves and public key signing to selectively engage in key management workflows any developer or employee of your organization, enabling precise resource access controls.
Disaster recovery
Dfns' DR protocol offers a four-tier structure, inspired by IANA, enabling organizations to customize key recovery based on criticality levels and trigger criteria. Optionally, Dfns can integrate with backup providers like Station70, Coincover, etc.
Face shifting digital asset regulations
with adaptive key security systems
Different regulations require different key storage approaches. Some blur the lines between storage and custody, others require storage on national soil, while some allow CLOUD Act-compliant data centers. With Dfns, you can deploy keys securely anywhere.
Dfns integrates with core banking systems (e.g., Temenos, Finastra, FIS, Sopra), KYT compliance solutions (e.g., Sardine, Chainalysis, Elliptic), on/off-ramp options (e.g., Moonpay, Ramp, Banxa) and other essential applications for compliant financial operations.