Tide's Cybersecurity Fabric
Traditional security assumes breaches can be prevented. Tide assumes they are inevitable, and redesigns the system so that compromise is inconsequential. No user, vendor, admin, or developer ever directly possesses the authority behind your security. It emerges through the Fabric only when needed, in context, under policy, then vanishes.
Beyond Access Control
The Era of Authority Management
Every major breach of the last decade traces to the same structural flaw: a signing key, credential database, admin vault, or session token that existed as a complete, extractable object. When that object is compromised, the entire trust model collapses in a single step. No amount of monitoring, patching, or compliance prevents a structural flaw.
Tide eliminates the target itself.
Tide's Cybersecurity Fabric dissolves authority across four independent surfaces: storage, use, governance, and policy logic. No single entity, not any node, not any administrator, not Tide itself, ever possesses enough information to validate a credential, sign a token, forge an identity, or unilaterally change the rules. Authority is not hidden better. It is kept beyond anyone's direct reach and only emerges through the Fabric during valid, quorum-backed operations.
The Fabric in Action
Use Cases
Four Layers of the Fabric
Every operation on Tide's Cybersecurity Fabric traverses four distinct layers. These are not silos. They are abstraction levels that every request passes through.
Legitimacy Layer
Before authority is granted, the requestor must prove the validity of their intent. This layer handles the provenance of the request—verifying that the entity (user or machine) attempting to engage with a secret has the right to do so in this specific context. It establishes the "who" and the "why" before the "how" is ever considered.
Authority Layer
This is the core cryptographic engine. It manages the lifecycle of the authority keys: generation, validation, healing, maintenance, and disposal. Crucially, this layer ensures that keys are never revealed. They exist only as mathematical fragments distributed across the network nodes.
Agency Layer
This is the kinetic layer of the stack. While other layers establish legitimacy and manage the keys, this layer is where authority is exercised. Here, the potential of a cryptographic key is expressed as action. Rather than simply retrieving a key to use it, it utilizes Secure Multi-Party Computation (sMPC) to perform operations via the decentralized fabric. The nodes collectively compute the result of a cryptographic operation without any single node ever knowing the input, the key, or the output.
Settlement Layer
Running orthogonal to the previous three, this layer provides the immutable audit trail and funding mechanism. It binds a verifiable digital payment voucher to every request. This guarantees identity (context-aware accountability), economics (fees for compute), and auditability for every action taken on the network.
Legitimacy Layer
Before authority is granted, the requestor must prove the validity of their intent. This layer handles the provenance of the request—verifying that the entity (user or machine) attempting to engage with a secret has the right to do so in this specific context. It establishes the "who" and the "why" before the "how" is ever considered.
Authority Layer
This is the core cryptographic engine. It manages the lifecycle of the authority keys: generation, validation, healing, maintenance, and disposal. Crucially, this layer ensures that keys are never revealed. They exist only as mathematical fragments distributed across the network nodes.
Agency Layer
This is the kinetic layer of the stack. While other layers establish legitimacy and manage the keys, this layer is where authority is exercised. Here, the potential of a cryptographic key is expressed as action. Rather than simply retrieving a key to use it, it utilizes Secure Multi-Party Computation (sMPC) to perform operations via the decentralized fabric. The nodes collectively compute the result of a cryptographic operation without any single node ever knowing the input, the key, or the output.
Settlement Layer
Running orthogonal to the previous three, this layer provides the immutable audit trail and funding mechanism. It binds a verifiable digital payment voucher to every request. This guarantees identity (context-aware accountability), economics (fees for compute), and auditability for every action taken on the network.
How the Fabric Works
The Cybersecurity Fabric is a decentralized network of independently operated nodes, each run by a different organization on independent infrastructure. When a user authenticates, signs, decrypts, or authorizes, the Fabric orchestrates a single closed-circuit process:
- Session binding. A verifiable runtime on the user's device generates a session key cryptographically bound to the device itself. The chain of custody starts at the edge.
- Zero-knowledge identity. The user proves their identity via PRISM, Tide's zero-knowledge authentication protocol. The Fabric verifies the proof without ever seeing the user's credentials. PRISM supports both password-based and passwordless (2FA) authentication.
- Authority consensus. The request moves to the Fabric, where nodes independently validate it against quorum-enforced policy, perform oblivious cryptographic operations on their key fragments, and return results mathematically locked to the requesting device.
- Just-in-time agency. The device fuses the fragmented responses into coherent authorization: access data, approve a transaction, prove identity, grant a permission. Authority materializes for the duration of the operation, then ceases to exist.
At no point does any single node see the complete key, the full output, or the purpose of the operation. The complete technical specification is in the whitepaper.
What Makes Tide Different
Not just key splitting
MPC and threshold systems distribute keys but typically retain centralized control over governance, policy, and administration. Tide dissolves authority across all four. The attack surface does not migrate from the key to its control plane.
No single point of bypass
Passkeys and federated identity still depend on the vendor or server not to bypass the authentication guarantee. Tide removes that dependency entirely. The Fabric enforces security at the cryptographic layer, not the policy layer.
Truly decentralized nodes
Each key is distributed across a swarm of 20 Fabric nodes, each operated by a different organization. This is not 3-of-5 threshold sharing across a single vendor's infrastructure. An attacker would need to simultaneously compromise 14 distinct organizations within the window of a single transient ceremony.
End-to-end verifiability
An authentication layer threads security and verifiability from the user to the server and back. The system does not just verify the user. The infrastructure continuously proves its own integrity to the user through verifiable proofs.
No HSM dependency
Tide's security does not rely on the secrecy of hardware. HSMs are a singular operational authority. Whoever controls the application layer authorized to invoke one effectively possesses the signing authority. Tide eliminates this class of vulnerability.
Familiar UX, unfamiliar security
Users experience authentication exactly as they do today, whether with passwords, security keys, or biometrics. Nothing changes on the surface. Underneath, no credential, hash, or verifiable artifact is stored anywhere, by anyone. Offline attacks have no material to attack. The experience stays the same. The security model underneath is fundamentally different.
Built for Developers
Tide's Cybersecurity Fabric reaches developers through TideCloak, a drop-in Keycloak-compatible IAM layer. When a developer builds on Tide, security and trust dependencies are removed from their code entirely. The immunity is structural, not implementational, so it flows through to every end user on the platform without the developer having to earn it line by line. Build fast, ship with AI tools, iterate at speed. Your security does not depend on the quality of your code.
Drop-in integration
Standard OIDC and OAuth 2.0 compatible. Tide's SDKs interface via standard frameworks. Upgrade to decentralized, zero-knowledge authentication without re-architecting your stack.
Nothing to leak
Your application never handles root keys. You request an action, the Fabric returns the result. You cannot mismanage keys that you never possess. This entire class of vulnerability is mathematically eliminated.
Build fearlessly
Whether you are writing code by hand or generating it with AI, your platform's security guarantees hold. The Fabric enforces authority at the cryptographic layer, independent of application code quality. Move fast without the security tradeoff.
Cyber insurance passthrough
Platforms built on Tide can qualify for cyber-insurance passthrough from one of the world's biggest insurers, covering both the organization and its users. Contact us to learn more.
Validated
Tide's technology has been peer-reviewed and lab-tested by tier-one universities and global experts. Tide's work has been recognized by industry awards and cited by global policy bodies, including the OECD and government agencies in the UK and Australia. Tide's technology is trusted by organizations from high-growth startups through to Fortune 500 companies.
FAQs
Not at all. Tide's architecture removes the need to trust any single entity, including Tide. Security is enforced by decentralized cryptographic guarantees across independently operated Fabric nodes. No single party has full control or access to your keys or data. The protocol enforces this at the cryptographic layer, not the policy layer - all in a fully verifiable manner.
Some of the underlying cryptographic primitives have existed for decades, but were computationally impractical and existed in isolation. Three things changed: network connectivity became a standard requirement for business operations, computing power made threshold cryptography viable at scale, and Tide developed new cryptographic constructions and consolidated them with existing primitives into a unified scheme (Ineffable Cryptography) that reduced round-trips from minutes to microseconds. Tide's contribution is not just consolidation; it includes novel protocols like PRISM and the Double-Blind Threshold Signature Scheme that did not exist before.
Traditional key management systems still have a master key somewhere that someone has full authority over, whether in an HSM, in memory during operations, or in a secure enclave. That is a singular point of failure, and a proven attack vector. Tide's keys never exist in whole form, not even for a microsecond. More importantly, Tide dissolves authority over the key as well: no single administrator can direct its use, no single policy engine decides when it acts, and no single governance model determines who can change its behaviour.
The Cybersecurity Fabric is decentralized across independent organizations globally, each operating independently of any single organization. For it to go down, you would need simultaneous failures of over 30% of the nodes you use. Unlike most SaaS providers that rely on a single infrastructure provider, Tide's decentralized architecture provides a substantially higher degree of resilience.
They would need to compromise 14 of 20 independently operated nodes (spread across different organizations, jurisdictions, and infrastructure providers) for the specific user. That's after also breaching the organization. Each additional node adds cost and complexity to the attack. Then consider that each user's key is distrubted among a different combination of nodes on the Fabric - making it economically and practically inviable for a mass breach.
No. You can off-board at any time by activating the Ragnarok Protocol, which reconstructs and exports your complete authority keys to your own infrastructure, followed by cryptographic shredding of the Fabric's shards. No business continuity threat.
No. While both use decentralization, Tide does not require consensus on a global ledger. There is no mining, no energy waste, and no public transaction history. It is a pure cryptographic protocol, not a distributed database.
Tide's architecture is quantum-resistant by design. The Fabric can swap in post-quantum algorithms without changing the architecture. But there is a deeper point: when the rest of the industry goes through the painful process of migrating to post-quantum cryptography, they end up back where they started, with a fundamentally broken security paradigm where private keys still exist as extractable objects. Tide does not just swap the algorithm, it advances security and privacy by ensuring that keys cannot be misused, because they never exist in complete form to begin with.
Yes. Tide exceeds most compliance requirements because sensitive authority material never exists in cleartext on your infrastructure. You maintain data sovereignty while achieving higher security than traditional HSM-based approaches. Audit logs are cryptographically verifiable without exposing the underlying secrets.
Still have questions? Read the whitepaper, Access the SDK, or talk to us.