Web3’s most extensible policy engine lets you write sophisticated risk management policies—in Rust (and more)—to define exactly what each key is allowed to sign.
An execution engine that runs custom code in a Cubist C2F runtime: enforce any policy logic, and get an attestation of the code locking down your keys.
DogeOS is using CubeSigner to secure the canonical bridge for its EVM-compatible app layer on Dogecoin. Cubist C2F verifies zero-knowledge proofs of DogeOS execution to guarantee correctness while bringing covenant functionality and transaction introspection to Dogecoin.
“CubeSigner gives DogeOS a secure bridge layer by ensuring only our own verified enclave code can sign withdrawals. It’s a critical safeguard against node compromise and the kind of exploits that plague other ecosystems."
Write custom code to restrict what your keys can sign.
Express even the most complex policy rules by writing code in your language of choice. Security and compliance policies should work for you—not the other way around.
Protect yourself from malicious UIs: CubeSigner will only issue a signature if all policy checks pass. A malicious frontend can’t trick the backend policy enforcement.
Get a cryptographic attestation that the policy code you wrote is exactly what’s running inside the TEE. This gives you integrity and your users transparency.
Incorporate your favorite risk management systems, AML software, trading oracles, and other data sources—including on-premise legacy systems—into your unique policy logic.
Replace simple rules with programmable security that reflects how your business operates.
