I've been in crypto nearly a decade and have seen a lot of good tools get built.
Multisigs, multi-party computation, ERC-4337, smart wallets. They all work. But they all have something in common: whatever you do with them is mostly visible onchain, it requires coordination between people, they're chain-isolated, and key custody is binary.
Key Encumbrance
A Cornell Tech research team published a paper called Liquefaction that solves some of these problems in a genuinely novel way. The core primitive is key encumbrance: a private key gets generated inside a TEE enclave, and the only way to interact with it is through programmable policies.
Nobody ever has access to the key itself, not the user, not delegates, not operators.
You get signatures back when your request passes the policy conditions. Because the key never leaves the enclave and all policy enforcement happens inside it, the assets tied to that key can be privately moved, traded, shared, or pooled with no direct onchain trace.
From Research to Practice
So how did we implement this??
How we approached this is from the angle of the key living inside the TEE, and you attach programmable policies that a user or intent has to pass before the key encrypts and signs the transaction on the target chain.
This setup doesn't require a multisig-style approach. It can be a single actor operating under multiple policy scopes. You can work alone, under conditions you've defined.
Oasis took this concept and built on top of it. The result: encumbrance-powered vault infrastructure for DeFi.
The architecture has a user layer at the top, where an (your) app talks to this functionality through an SDK. Your intent passes into the enclave. Everything inside the enclave is composed of three things:
- A policy engine
- The encumbered key
- And a transaction executor
Your request hits the policy engine first. The policies are stored in a smart contract, and if the request passes, the key signs. If it doesn't, nothing happens. To put it super plainly, you are convincing smart contract based policies to get access to the signature (the private key remains inside an enclave).
To put it concretely: even though Oasis has its own network, you're not depositing assets to Oasis. You're depositing to a confidential container where you generate wallets for target chains and sign with them over programmable policies.
Your assets stay where they are. Oasis is the security layer, nothing more.
Encumbrance vs. Multisigs
With a multisig, actions are onchain, you're locked to a single chain, coordination requires a quorum, enforcement is contract-based, and delegation means adding and removing signers (which requires signing to authorize).
With encumbered keys, those limitations disappear.
Revoke someone's access by updating a policy. Set a delegation that expires after 30 days. No quorum, no onchain coordination. Because the private key was never shared, the rules are only enforceable through the policy layer, which is exactly the point.
The Future
Abstract infrastructure like this only matters if it unlocks tangible capabilities. Here's what programmable policies look like in practice:
Non-custodial automatic execution.
If Solana exceeds a price threshold, the enclave checks the condition and the key signs the sell. No manual approval, no bot holding your private key.
Composable policy chains.
Sell Solana profit into USDC, route that USDC to passive yield. One set of policies, no manual signing at either step.
Scoped bot access.
Attach policies to an encumbered key: x dollars per day, working hours only, whitelisted tokens only. The bot accesses signing through an API and never sees the key.
Delegation without quorum.
Program a rule that access expires after 30 days. The private key was never shared, so the TEE enforces it, not human coordination.
Session-based gaming.
A player sets a threshold and time window, x dollars over the next five hours, and policies handle signatures within those bounds. No leaving the game to approve transactions.
All non-custodial, all policy-enforced.
But the core of it is this: access should be an instruction, not a compromise. With encumbered keys, we can make apps programmable, private, and permissionless in a way that was previously impossible.
More soon.
.png)