Keryx Protocol · Web3 Documentation

The RWA primitive.
Physical truth, on-chain.

Keryx assigns every physical object its own ERC-4337 smart account — signed by hardware, anchored permanently on-chain, composable with any EVM protocol. The physical object IS the cryptographic authority.

// Every physical object = one ERC-4337 smart account

// Chip private key = the account signer. Hardware-sealed. Non-extractable.

object.smart_account = ERC4337(chip.ecdsa_pubkey)

The Oracle Problem for RWA

On-chain ownership of physical assets has always been a lie.

Every RWA protocol faces the same fundamental flaw: the on-chain token is only as trustworthy as the off-chain link. A QR sticker, a paper certificate, a centralised database entry — all clonable, all server-dependent, all forgeable without detection.

Keryx solves the oracle problem at the hardware level. The chip embedded in the physical object generates a non-extractable ECDSA key pair. Every tap produces a unique, non-replayable signature. The physical presence of the object IS the cryptographic proof.

Oracle Comparison

Traditional RWA

bindingpaper_cert or QR_sticker

forgeableYES

server_depYES

audit_trailcentralised_DB

Keryx RWA

bindingECDSA_chip_keypair

forgeableNO // hardware-sealed

server_depNO // on-chain rendering

audit_trailBase_L2 + Arweave

Multi-Token Model

Three token layers. One physical object.

[ALWAYS EXISTS][ERC-5192][NON-TRANSFERABLE]

Token 1 — The Soulbound Anchor

Non-transferable. Chip-bound. Issued by Keryx at provisioning. Permanently anchored to the chip's ECDSA P-256 keypair. Token 1 is the ground truth — it records chip binding, ownership history, status flags, lifecycle events, and provenance media, all append-only. It cannot be sold, transferred, or burned. It exists for every object, regardless of tier. It survives any platform, company, or server — including Keryx.

Properties

standardERC-5192 // minimal soulbound

transferablefalse // permanent

chainBase · Ethereum · Polygon

storageSSTORE2 + Arweave

renderingon-chain via IKeryxRenderer

write_accessKeryx + owner + creator

State Machine (15 states)

VERIFIED · TRANSFER_READY · UNCLAIMED
LOST · STOLEN · FOUND · CLAIM · DISPUTED

[TIER 3 ONLY][ERC-721][CREATOR-ISSUED][COMPOSABLE]

Token 2 — The Digital Twin

Optional. Creator-deployed ERC-721. References Token 1 as its immutable parent. Can be minted at provisioning or years after physical delivery. PHYSICAL_BONDED is the recommended default — the digital twin cannot be sold without physically holding the object and producing a chip ECDSA signature.

Transfer Modes

PHYSICAL_BONDED
// chip sig required on every transfer
// physical + digital inseparable
FREE_TRANSFER
// standard ERC-721
BONDED_WITH_UNLOCK
// creator can call unbond()

royaltiesERC-2981 // 10% default

chainsBase · Ethereum · Polygon

[ANY TIER][PERPETUAL MINTING][GASLESS ON BASE]

Tokens 3–N — The Experience Layer

Creator-issued. Always children of Token 1. Mintable at any point after Token 1 exists — months or years after delivery. Creator retains perpetual minting rights regardless of who currently owns the object. The physical object becomes a permanent channel for creator-to-collector engagement.

Token Types

EventAccess// timestamped expiry · FREE_CLAIM

Loyalty// WALLET_BOUND · accumulates benefits

ContentDrop// auto-claimed on first scan

ProofOfPresence// WALLET_BOUND · non-transferable

CoCreatorEdition// PHYSICAL_BONDED · second creator

gas_cost~$0.001 per token (Base L2)

margin>99% gross per mint

NFT Survivability

Readable in 2050. Zero dependency on Keryx.

Rendering Architecture

Layer 01KeryxRegistry[immutable]

chipUID · chipPubKey · tokenId · brandId

permanent — cannot be altered post-mint

Layer 02IKeryxRenderer[upgradeable pointer]

HTML · CSS · SVG · locale strings

SSTORE2 — contract bytecode storage

~$0.05–$0.50 per brand renderer (Base)

single tx update — zero NFT impact

Layer 03Arweave[permanent media]

provenance images · video · documents

no hosting fees · no expiry · decentralised

IPFS snapshot in metadata (fallback)

Access Paths

web3://keryx-registry.base.eth/passport/<chipIdHash>  // ERC-4804
data:text/html;base64,...                              // self-contained tokenURI
https://api.keryx.xyz/token/<tokenId>                 // operational (keryx-dependent)

“Every chip tap reads from the on-chain registry. If keryx.xyz disappears tomorrow, every authenticated object retains its full provenance — verifiable via any EVM node or ERC-4804 gateway, for as long as Base exists.”

CyberBrokers

10,001 SVGs on Ethereum. Full on-chain rendering.

Art Blocks

Generative scripts stored as contract bytecode.

Nouns DAO

SSTORE2 + DEFLATE. 4× gas reduction vs naive SSTORE.

Chain Strategy

One protocol. Three chains. Value-appropriate settlement.

LIVE · RIP-7212 ACTIVE

Ethereum Mainnet

chain_id1

useFine art · Luxury · Collector-grade

Maximum security, deepest liquidity. EIP-7951 activated December 2025 — native P-256 verification.

P-256 verify: 6,900 gas

PRIMARY · GASLESS VIA PAYMASTER

Base L2

chain_id8453

useSports · Consumer · Collectibles

RIP-7212 live since July 2024. ~$0.001/tx. Keryx paymaster covers all consumer gas. EVM-equivalent.

P-256 verify: 3,450 gas

LIVE · HIGH FREQUENCY

Polygon PoS

chain_id137

useLifecycle events · Secondary market

Lowest cost for frequent state updates. RIP-7212 live since March 2024 (Napoli hard fork).

P-256 verify: 3,450 gas

// CREATE2 via Safe Singleton Factory — identical contract addresses across all three chains

Security Model

Two factors. Neither alone is sufficient.

No single party can mint a Keryx token alone. Two independent signatures are required simultaneously:

— The chip's ECDSA P-256 signature (Key 1): generated on-chip, non-extractable, proves physical presence of the object.

— The creator's ERC-4337 wallet signature (Key 3): proves certified identity is attached to the mint. A stolen passphrase without the chip fails. A physical chip without the wallet fails. Counterfeit chips fail at P-256 signature verification.

Attack Surface

passphrase_onlyFAIL // no chip → no ECDSA sig

chip_onlyFAIL // no wallet → UserOp invalid

passphrase + chipPASS // both factors present

already_mintedFAIL // registry rejects duplicate

counterfeit_chipFAIL // P-256 verify → invalid sig

Open Protocol

Build on Keryx.

Smart Contracts

KeryxRegistry (ERC-721 + ERC-2981 + ERC-5192)

IKeryxRenderer interface

ChildToken registry

ERC-4337 UserOperation integration

P-256 verifier via RIP-7212 precompile at 0x100

View Contracts →

APIs

REST API: api.keryx.xyz/v1

Auth: chip_signature

Endpoints: /verify · /mint · /transfer · /status

SDKs: JavaScript · Python (planned)

API Reference →

Integrate

Any EVM marketplace can query tokenURI()

ERC-2981 royalties: OpenSea, Blur, LooksRare

ERC-4804 web3:// URL support

PHYSICAL_BONDED transfer hook interface

Integration Guide →

docs.keryx.xyz · currently in private beta · request access below

Get Access

Ready to build on Keryx?

Protocol access is available to qualified builders. Tell us about your project and use case — we respond within 48 hours.

docs.keryx.xyz →

The RWA primitive.Physical truth, on-chain.