On-chain bank-grade settlement, sealed end to end.
Nexera Sigillo brings ISO 20022 settlement on chain. Every transfer stays fully ISO compliant from origin to destination, encrypted end to end through fully homomorphic encryption, and finalized on chain in seconds. Your custody. Your compliance. Your customer relationship.
On chain, settlement finalizes between the two institution gateways with deterministic finality. The payload is encrypted end to end under fully homomorphic encryption; only the sending and receiving banks hold the decryption keys. Off chain, ISO 20022 messages travel over the bank rails your payment hub already operates today.
On-chain settlement, on bank standards.
Nexera Sigillo lets you offer your customers on-chain settlement without leaving the standards you already run on. Every transfer is fully ISO 20022 compliant from origin to destination. Custody, compliance, and the customer relationship stay with you.
Custody stays with you.
Funds remain under your control until they reach the counterparty. The on-chain leg holds value for seconds, gated by your gateway's signature.
Compliance stays with you.
Sanctions, screening, and threshold checks run on your side, before any settlement event fires. Exceptions surface to your operators in seconds.
The customer stays yours.
Customers see your name, your app, your brand. Nexera Sigillo is invisible from the front-end. The chain is even more so.
Permissioned at the bank. Encrypted on the chain.
Every Nexera Sigillo transfer is wrapped in the same ISO 20022 envelope your payment hub already issues, encrypted end to end through fully homomorphic encryption, and settled on a shared on-chain ledger. Only the sending and receiving banks can decrypt. The chain holds the proof; the data stays private.
- Bank-side. Connects to your existing payment hub. ISO 20022 in. ISO 20022 out. The same envelopes you already issue today.
- Gateway-side. Runs on your infrastructure. Encrypts every transfer at the edge before it reaches the chain. Compliance checks fire here.
- Chain-side. A shared on-chain ledger gated at the institution layer. Every payload is ciphertext; only the sending and receiving banks hold the keys. Auditors verify integrity through fully homomorphic proofs without seeing the values.
Settle on shared rails.
Reveal nothing.
Every Nexera Sigillo transfer is encrypted at the sending bank's edge and stays encrypted on chain through fully homomorphic encryption. Sanctions, range, and structuring checks run against the ciphertext without decrypting it. Only the sending bank, the receiving bank, and the parties on the transfer hold the keys.
FHE engine
Encrypt at the edge
Amounts and counterparty data are encrypted inside the sending bank's gateway before the transfer touches the chain. Plaintext never leaves the bank.
Verify on ciphertext
Sanctions screening, structuring detection, and threshold checks evaluate the encrypted payload. The check passes or fails without ever decrypting.
Threshold reveal
When law or audit requires it, decryption needs an independent quorum of signers. Reveal scope is bounded. Every reveal is logged.
The amount and counterparty data leave the sending bank already encrypted. They stay encrypted on chain. Auditors verify sanctions, range, and structuring checks against the ciphertext via fully homomorphic encryption, then the receiving bank decrypts inside its own gateway and credits the customer. The chain holds the proof; the data stays private.
| Amount | Parties | Memo | Sanctions ✓ | Range proof | |
|---|---|---|---|---|---|
| Sending bank | readable | readable | readable | ✓ | ✓ |
| Receiving bank | readable | readable | readable | ✓ | ✓ |
| Network correspondents | ●●●●● enc | ●●●●● enc | ●●●●● enc | ✓ | ✓ |
| Auditor (default scope) | ●●●●● enc | ●●●●● enc | ●●●●● enc | ✓ | [ above limit ] |
| Public chain observers | ●●●●● enc | ●●●●● enc | ●●●●● enc | — | — |