Arkenaarkena/docs

Arkena Docs

Self-custody on Arkena

Your wallet holds the keys. Arkena's servers cannot move your assets, reset your password, or recover your phrase.

When people say a wallet is self-custodial, they mean one specific thing: the keys that control your assets live on your device, generated and held by you. The platform never sees them. This page explains what that means in practice on Arkena, and what it implies about how you should treat the wallet.

The keys are yours

When you created your wallet, the extension generated a 24-word recovery phrase locally. From that phrase, it derived the cryptographic keys that prove ownership of your party on Canton. Those keys never leave the extension's encrypted storage on your machine.

Arkena's servers don't have a copy. They can't read your phrase, can't re-derive your keys, can't sign on your behalf. The trade-off is exact: you get full control, and you get full responsibility.

What this implies

You can recover, but only with the phrase. Move to a new machine, lose your laptop, switch browsers — restoring the wallet from your phrase re-derives the same party with the same assets. Without the phrase, no recovery path exists. Not from us, not from anyone.

We cannot reset your password. The password is local to one browser; it encrypts the keys at rest. Forgetting it means recovering with the phrase on a fresh setup, then choosing a new password.

We cannot freeze, claw back, or move your assets. This is the part that makes self-custody meaningful. If we could, you wouldn't really hold them — we would.

The signing model

Every state-changing action on Arkena — buying an NFT, listing an item, swapping tokens — flows through a prepare → sign → execute loop:

  1. The Arkena backend builds the transaction and shows you a human-readable summary in the wallet popup.
  2. The wallet asks for your approval and signs locally with the keys.
  3. The signed transaction goes to Canton for settlement.

The backend's role is convenience: it indexes the ledger, shows you nice UIs, prepares the transactions. None of that requires it to hold your keys.

What Arkena's servers do

  • Read the ledger. Index NFTs, balances, listings, and activity from Canton so the marketplace UI is fast.
  • Build transactions. Take "I want to buy this NFT" from the UI and produce a signable transaction that, when accepted, executes the trade atomically.
  • Match swap intents. Run the matching engine that pairs takers' intents with LP quotes.
  • Coordinate. Submit your signed transactions to Canton on your behalf.

What they do not do:

  • Hold or move your assets without your signature.
  • Reset, recover, or look up your recovery phrase.
  • Override a signed transaction once it's submitted.

The Canton trust model in two paragraphs

Your assets on Canton aren't balances in someone's database. They're contracts — small bits of code that the ledger enforces — and you're a signatory on every contract that holds something you own. Moving an asset means archiving the old contract and creating a new one, with all relevant signatories agreeing. Without your signature, no contract holding your assets can be archived.

This is what makes self-custody load-bearing. The ledger doesn't trust Arkena's backend any more than it trusts you. The backend's transaction proposals are inert until you sign them.

What's next