Locked at the edge — in progress
Device-side sealing — so that no one, not even MSD, will be able to read your data without your key — is being built. Phase-1 operates in operator-trust mode: the operator currently holds the keys.
MSD · Your sovereign data layer
anchor0x6d73…0000Your sovereign data. The keys are yours.
MSD is being built so your data becomes truly yours — Phase-1 runs in operator-trust mode while the sovereignty cutover, where it is opened only when you say so, is in progress. Every share leaves a receipt. Every read is logged. Compliance by architecture, never by backdoor.
Sign-in is live. The walkthrough uses sample data — yours appears when you sign in.
How MSD works
Three primitives. Same trust signature on every read.
Stored on your palace
Your data is designed to live on storage you control, with the provider seeing ciphertext only. Phase-1 runs in operator-trust mode while that custody cutover is in progress.
Open with permission
MSD is designed so only you will be able to open a drawer. Today Phase-1 operates in operator-trust mode; every read still leaves a receipt you can see.
Four storage gates protect every read
Engine allowlist
Only allow-listed engines can ever ask.
Cap-ref recency
Your grant must be fresh, not stale.
Query alignment
The question must match what you granted.
Block timestamp
Anchored on-chain, no time-travel.
Every read must clear all four. Phase-1 today: the engine decrypts using your per-drawer key inside a mock secure enclave. Phase-2 ratchet — when shipped — removes that mock entirely. We don’t pretend Phase-2 ships today.