— 01The first key.
Long before anyone invented a bank, a person invented a lock. The lock was not very good. It was a wooden pin in a wooden door, and you defeated it with a knife or a stronger arm. But it was the world's first cryptography — a public mechanism that anyone could observe, controlled by a secret that lived in one person's pocket.
The lock was good enough because the trust model was honest. If the door opened, it opened because the keyholder authorised it. Nobody asked the carpenter to keep a master copy. Nobody filed paperwork with the city for the right to bolt a door at night. The relationship between the key and the keyholder was the whole point of the system.
Three thousand years later, we have forgotten this. We have invented a class of object — the bank, the broker, the exchange — whose entire business model is to convince you that holding your own key is impossibly dangerous, and that the safe alternative is a relationship of pure trust with their balance sheet.
The bank doesn't hold your money. The bank holds a promise to pay you the money, on the condition that it still exists when you ask.— Anonymous, 2009
— 02The pattern repeats.
Bitcoin was a polemic against this arrangement. The first block of the chain quotes a newspaper headline about a bank bailout — not as decoration but as a manifesto. The thesis was simple: if you can hold a key in your own pocket, you should never again accept an IOU as a substitute for money.
And yet, within a decade, the entire cryptocurrency industry had reproduced the IOU economy in miniature. Exchanges accumulated balances. Custodians took fees for what is, mathematically, the simplest job in security: do not lose a 256-bit number.
Every single one of them has now failed at it. Mt. Gox lost the keys. QuadrigaCX lost the keys. Celsius lost the keys. FTX did not lose the keys — they spent them. The pattern is not a series of unlucky accidents. The pattern is the architecture. Whenever a person other than you holds the key, you are a creditor in a bankruptcy that has not yet happened.
— 03Φύλαξ.
The Greek word φύλαξ — phýlax — means guardian. It also means watcher, and sentinel. In Plato's Republic, the phylakes are the citizens trusted to defend the city; in classical Athens, a phylax was the doorkeeper who decided who could enter the room and what could leave it. The word does not mean owner. The phylakes do not own the city, and the doorkeeper does not own the doors. They protect what belongs to someone else, by standing at the threshold and asking the right question.
We named the device after this word because the device is not a custodian. The device does not own your assets, and we do not own your assets through the device. The device is the lock in the door, and you are the keyholder in the metaphor that humans understood three thousand years ago.
Everything we ship — the firmware, the schematics, the manuals — exists to make that ancient relationship work in a context where the things you own are no longer made of metal. Where the door is mathematical. Where the key is a number you must protect against an adversary you will never meet.
— 04What we promise.
Five things, in plain language. If we ever stop honouring any of them, the project has failed and you should burn the device.
One. There is no secure element. We will not put your keys behind a sealed, proprietary chip that none of us — not you, not even we — can open and inspect. They live on a general-purpose device whose every instruction is published. Transparency is the security.
Two. Every line of firmware is public, every PCB layer is published, every cryptographic primitive is one you can verify against twenty years of academic literature. You should not have to take our word for anything.
Three. The device does not phone home. There is no telemetry. There is no Bluetooth, no Wi-Fi, no cellular. If you cut the USB cable, the device is a paperweight that holds your money. That is the point.
Four. We will never accept venture capital that demands a closed roadmap, a kill switch, a regulatory backdoor, or a custodial product line. The cap table is published.
Five. If the company disappears, you do not lose your money. The seed phrase is a BIP-39 standard. It will recover your funds on any hardware wallet ever made, by anyone, forever. That is the meaning of standard, and that is the meaning of open.
— 05What we ask.
Hold the key. Write the words down. Test the recovery. Read the firmware if you can read code. Find someone you trust who can read code if you can't. Refuse, with prejudice, every product that asks you to delegate any of this.
If we have done our job, PHYLAX is not the destination — it is the smallest, most boring object that ever sat between you and the assets that were always yours. A doorkeeper. A phylax. A piece of silicon that exists to be uninteresting.
And if we have done it especially well, your grandchildren will inherit it without ever asking what the orange logo on the front was supposed to mean. They will just open the door.