What it is
KCS binds blockchain key usage to explicit policy, lineage, backend binding, and attested authority so possession of a key is never enough to force execution.
KCS / Blockchain Integrity Suite
Chain Key Custody
Privileged key custody for blockchain control planes.
KCS binds blockchain key usage to explicit policy, lineage, backend binding, and attested authority so possession of a key is never enough to force execution.
What problem it solves
Most chain control planes reduce security to key storage quality. That leaves privileged execution vulnerable to signer misuse, backend drift, and narrative authority.
What it does
- Authorizes protected key use against verifier-attested signer state, authority, policy, and exact request material.
- Produces signed authorization, refusal, and inconsistency receipts for protected signing attempts.
- Refuses widened, stale, mismatched, or optimistic custody claims.
What it does not do
- It is not a generic wallet, signer cluster, or convenience custody layer.
- It does not trust signer backends, operator narrative, or upstream subsystem claims by default.
- It does not make refusal proof unnecessary; NEO remains separate.
Who it is for
- Operators protecting privileged governance, treasury, bridge, and administrative chain keys.
- Teams that need key use itself to stay bound to attested context rather than possession.
Where it fits
KCS is the blockchain custody boundary. It can supply refusal lineage to NEO and coexist with TXG and GAC without implicit trust.
Typical deployment context
Used for privileged signers, threshold controls, backend binding, and chain control planes.
Use cases
Primary source docs
- READMEkcs/README.md
- Why KCSkcs/docs/01_why_kcs.md
- Architecturekcs/docs/05_architecture.md