The Qredo Custody Network: How it Works

by Brian Spector, Chief Product and Strategy Officer at Qredo

Published Jun 27, 2019 10:53:54 AM

Qredo’s breakthrough is eliminating the possibility of digital asset theft by removing the critical attack vector—private keys.

To describe how this works, we use roles that map closely to custodial processes in the physical world, such as when checking assets into a bullion custodian agent:



Principals instruct Custody Agents to create a segregated custodial account with specific redemption conditions, and fund the account once the Custody Agent completes the process. Principals will also invoke the redemption request.

Custody Agents create cryptographic redemption conditions around the digital assets and enable the Principals to fund the custodial account.

Fiduciaries cryptographically attest that redemption conditions are met through an approval process on the Qredo Custody App.

Beneficiaries on the Qredo Custody App or SDK gain control over a custodial account containing the digital assets if the Fiduciaries approve the redemption request.


The Qredo Custody Network runs on top of a peer-to-peer network, and has several components that allow the entities fulfilling these roles to work together in providing secure custody:


Qredo Custody Nodes

Principals, Beneficiaries, Custody Agents and Fiduciaries connect to the network via Custody Nodes, the open source clients which are responsible for sending, receiving and validating messages and data sent over and stored within the network.

Qredo Custody Agent

Custodians listen for wallet creation and redemption instructions sent over the network from Custody Nodes. Through an advanced smart contract engine, the Qredo Custody Agent places digital assets into segregated custodial accounts.

Qredo Custody App

Beneficiaries and Fiduciaries interact with the Qredo Custody Network through the App. In Beneficiary mode, the App enables individuals to gain ownership of the custodial account wallet and send and receive digital assets transactions. In Fiduciary mode, the App collects approval signatures and authorizes redemption requests.


How it Works

Qredo replaces a wallet’s static private keys with just-in-time transactional private keys, which can only be generated once predefined redemption conditions have been met - allowing a transient key to be generated which is required to generate the final transactional key.

While the digital assets are in custodial accounts, the transactional private keys have not yet been created, and neither has the transient key.  As they don’t exist, they are impossible to steal—eliminating the possibility of digital asset theft.

The transient key used to unlock the assets can only be generated when the custodial account Principal initiates the redemption process, and the multi-factor authenticated Fiduciaries approve the request to transfer control of the account to a Beneficiary.

This process can be initiated from within the Principal’s Qredo Custody Node, or within their Qredo Custody App if tethered to the Principal’s Qredo Custody Node. In contrast, Fiduciary approvals can only occur on the Qredo Custody App.

Each participant in this series of steps in the redemption process either generates, or unlocks the keys to generate, a part threshold aggregate signature. This happens in both Apps and Nodes, and the Qredo Custody agent service collects the signatures and forms the complete threshold signature.

The completed signature is combined with a secret key that remains stored within a Hardware Security Module (HSM). The output from the HSM is used to derive the transient private key, which the Beneficiary can use to create a transaction which eventually confirms into a block on the blockchain.


Find out more about the technology behind the Qredo Custody Network in our yellow paper.

New call-to-action