Inside AEGISKey, the threshold signing system designed to make financial privacy a matter of mathematics rather than trust.
Albert Dadon AM · CEO and Founder, AEREDIUM
April 28, 2026 · Melbourne
There is a moment, somewhere between the tap of a fingerprint and the appearance of a balance on screen, where something quietly remarkable happens. In that half-second, a cryptographic key is reconstructed across three separate data centres on three separate continents, used to derive a session credential, and then destroyed — all before a user has finished glancing down at their phone.
Nobody planned for this to be invisible. It is invisible because, at AEREDIUM, the view was always that the most important infrastructure is the kind you never have to think about.
The system is called AEGISKey. The wallet it powers is StablePro. And the problem both were built to solve is one that predates blockchain by several decades: the persistent failure of the financial system to give ordinary people — and serious enterprises — genuine privacy over their own transactions, without surrendering accountability in the bargain.
The Old Bargain
The traditional arrangement has always been a poor one. You give a bank — or a broker, or an exchange — custody of your assets and, by extension, full visibility into your financial life. In return, you receive the convenience of not managing keys yourself and the comfort of a regulator standing somewhere in the background. The privacy you surrender is treated as a reasonable cost of participation.
Blockchain, for all its early idealism, did not improve the terms. It merely relocated the transparency problem. Where a bank's ledger was private to the institution, a public blockchain is legible to anyone — every transaction, every counterparty, every amount, indexed and searchable in perpetuity. The result is a system that is, in a meaningful sense, less private than the one it was supposed to replace.
What neither world ever offered was a third option: one in which your transaction record is cryptographically sealed against all observers by default, can be selectively and verifiably disclosed for legitimate purposes, and is recoverable if you lose your device — all without any single party holding the master key.
That is the option AEGISKey was built to provide.
The privacy and security properties of this system are not a policy. They are a structural property of the mathematics.
How It Works
The architecture rests on two interlocking ideas. The first is an advanced, fully audited cryptographic algorithm in which each user's encryption key is never stored whole anywhere. It is split into shares distributed across independent enclaves in independent jurisdictions. Any operation that touches that key requires at least two of three enclaves to cooperate. One data centre, one cloud provider, one court order issued in one country: none of these is sufficient. This is what makes the guarantee structural rather than contractual.
The second idea is a monotonic counter embedded in each enclave's hardware that avoids equivocation entirely. Every key operation an enclave performs is stamped with a counter value that the hardware enforces as monotonically increasing; it cannot repeat, and it cannot go backwards. This means that a compromised operator cannot run a shadow copy of an enclave and have it sign conflicting operations in parallel. The counter would have to roll back, and the hardware simply will not permit it. The tamper-evident record of every operation is anchored to the blockchain itself.
Together, these two mechanisms achieve something that neither centralised custody nor existing blockchain infrastructure has managed: threshold-enforced privacy with a hardware-attested audit trail.
The User's Experience
What this means in practice is perhaps best understood through the ordinary situations that financial infrastructure is expected to handle — and routinely fails at.
Consider a business owner sending a payment to a supplier. She types the amount, adds a memo, taps send. A fresh encryption key is generated inside the enclave, the transaction payload is sealed under AES-256-GCM, two separate key-wrapping entries are created — one retrievable by the sender, one by the recipient — and every ephemeral key is permanently destroyed. What lands on the blockchain is ciphertext. A competitor who searches that wallet address on the public explorer finds nothing. A competitor who somehow obtains the specific transaction identifier finds a record confirming that a transaction occurred at a particular time, and every field — counterparty, amount, token, memo — marked as encrypted. The transaction is provably real. Its contents are provably inaccessible.
Consider the same business owner at year-end. Her accountants need access to quarterly figures. She opens the AEGISKey Portal, designates the firm as an authorised auditor, selects which fields they may see — amounts and counterparties, but not the memo field, which contains commercially sensitive notes — and sets a date range. The accountants see exactly what the policy permits. When the engagement closes, she revokes access. The audit trail on-chain records every disclosure that was made, timestamped and counter-stamped against the hardware's monotonic record, providing a trail that neither party can later dispute.
Consider, finally, the moment that reveals more about a custody model than any marketing document: the lost device. In the older paradigm of self-custody, a phone at the bottom of a harbour was a catastrophe. In a centralised model, recovery was possible but depended entirely on the custodian's goodwill and the security of their own systems. In the AEGISKey model, recovery is a procedure — email verification, identity confirmation, three of five backup codes — after which the user's master key shares are rebound to a new wallet address. The old address remains in the user's transaction lineage, so historical records remain accessible. The new address is now the active credential. The underlying key material never moved, because it was never in one place to begin with.
A Network, Not a Prototype
On the sixteenth of April, 2026, the AEREDIUM three-node TEE-BFT consensus network committed its first block. The milestone followed the resolution of nine separate engineering problems across three codebases — problems that exist precisely because the network was built against real hardware attestation, real Byzantine fault tolerance, and real threshold counter management, rather than simulated approximations of those properties.
The nodes run in hardware-isolated trusted execution environments hosted across multiple cloud providers — including AWS, Azure, Google Cloud, and others — distributed across independent jurisdictions around the globe, spanning Europe, the Americas, Asia (including the Far East and South East Asia), Africa and the Middle East, connected over an encrypted mesh network. A fourth validator serves as the EVM settlement oracle. Each enclave's compiled code is measured into a hardware attestation published in the AEREDIUM deployment registry; anyone may verify that the software inside the enclaves matches the software that was reviewed.
A Closing Note
The financial infrastructure that most people use every day was designed in an era when the tradeoff between privacy and accountability was considered intractable. You could have one or the other. Institutions chose accountability, meaning they could verify compliance. Individuals had no meaningful choice at all.
The argument that AEGISKey makes — in hardware, in mathematics, and now in a live operating network — is that the tradeoff was never necessary. A system can be privately encrypted by default, selectively and verifiably disclosed for legitimate purposes, auditable after the fact through a tamper-evident on-chain record, and still recoverable by its rightful owner without any party holding a master key.
It is a technical argument. But it is also, at its core, an argument about what financial infrastructure should be: something that works for the people who depend on it.
The first block has been committed. The rest follows from here.
AEREDIUM · aeredium.io
Patent-pending technology