They can't steal what isn't there.

Most systems try to protect keys. Lokblok® removes them.
Phantom Secrets™ replaces stored secrets with ephemeral, hardware-bound reconstruction, created only when needed, used once, and destroyed immediately.

No keys at rest. No shares to steal. No recovery backdoors.

Talk to us about zero-persistence cryptographySee the architecture

⚠ The Problem

Security doesn't fail during normal operation. It fails during recovery.

During normal operation

Every system works…

Keys are protected. Backups are encrypted. Policies are enforced. Audits are clean. Everything looks secure.

Until something goes wrong:

  • A key is lost
  • A backup is exposed
  • An employee leaves
  • A transaction needs delegation

That's when security quietly collapses.

The root cause

Traditional approaches all rely on one thing:

Secrets that exist over time.

Stored keys

HSMs, wallets

Encrypted backups

Stored somewhere 'secure'

MPC shares

Held by participants

Seed phrases

Written down somewhere 'safe'

And anything that exists… can be stolen, copied, coerced, or lost.

The Lokblok® Approach

Replace stored secrets with
Phantom Secrets controlled reconstruction.

Lokblok® doesn't store keys. It reconstructs them only at the moment of use, under strict conditions.

Phantom Secrets are never stored

Not in devices, cloud, or backups. There is no key at rest to exfiltrate.

Public, Non-sensitive Data

All persistent data is public Regen Tokens, cryptographically useless on their own.

Quorum-Based Recovery

Reconstruction requires a quorum of independent participants. No single point of failure.

Hardware-Enforced Security

Reconstruction happens only inside secure hardware (Toughkey™). Keys never leave the secure element.

Ephemeral by Design

The key exists ephemerally, then is immediately destroyed. No participant holds a key.

Policy-Driven Access

Access based on conditions: identity verified, event confirmed, quorum achieved, device attested.

Biometric and Workflow Verification

Identity is confirmed through biometric attestation and verified workflow conditions before any reconstruction is permitted.

Delegation

Grant access to a secret without ever transferring it. Delegation is policy-controlled, time-bound, and auditable, with no key ever leaving secure hardware.

Core Principles

What's actually different

This isn't better key storage.
It's no key storage.

Most solutions compete on

protecting secrets:

  • Stronger encryption
  • Better custody
  • More distributed shares

Lokblok

Removes the entire problem.

Traditional model

StoreProtectHope it isn't breached

Lokblok model

Don't storeReconstructDestroy

Security shifts from protecting data to controlling events.

Core Principles

Five architectural guarantees.

Every Lokblok® product enforces these principles in certified hardware and cryptography, not policy.

01

No Persistent Secrets

Secrets only exist at the exact moment they are needed, then disappear.

This removes:

  • Theft at rest
  • Backup compromise
  • Insider access risk

02

Public, Useless Data

All stored artifacts are public, non-sensitive, and cryptographically useless on their own.

Regen tokens are:

  • Public
  • Non-sensitive
  • Cryptographically useless on their own

They enable reconstruction only when quorum conditions are met, not before.

03

Quorum Without Custody

Recovery agents hold nothing sensitive and cannot act alone.

Recovery agents:

  • Hold no key shares
  • Cannot reconstruct anything alone
  • Don't even know the full quorum

This eliminates collusion and targeting risk.

04

Hardware-Enforced Security

All reconstruction happens inside certified secure hardware (Toughkey™).

Guarantees:

  • Keys never leave the secure element
  • Device integrity is cryptographically verified
  • Secrets exist only in protected memory

05

Policy-Driven Cryptography

Access isn't based on who has a key. It's based on whether conditions are satisfied.

Conditions required:

  • Identity verified (ToughID™)
  • Event confirmed (death, sale, approval)
  • Quorum achieved
  • Device attested

If the conditions aren't met, the key simply cannot exist.

Lokblok® Zero Trust Ecosystem architecture overview

Five products. One connected architecture.

Every Lokblok® product is designed to work in concert, creating a complete zero-trust security ecosystem for cryptographic operations.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Phantom Gate™, Lokblok® zero-trust authentication gatewayPhantom Gate™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

Delegation Without Custody

Give access. Not the secret.

Traditional delegation means handing over a key, which means losing control. Lokblok® enables delegation without ever transferring the secret.

  • Permanent delegation: Ownership transfers only when conditions are met (e.g. inheritance, asset sale)
  • Temporary delegation: A user can act with a key without being transferred ownership of said key
  • Delegation becomes controlled capability, not key sharing
1

Conditions Set

Policy conditions are defined: who can access, when, and under what circumstances.

2

Identity Verified

ToughID™ confirms the identity of the requesting party using hardware attestation.

3

Quorum Achieved

The required number of independent participants authorize the reconstruction.

4

Key Reconstructed

The secret is reconstructed inside secure hardware, with no exposure at any point.

5

Operation Performed

The signing or decryption operation completes. The key is immediately destroyed.

Real-World Use Cases

Where Lokblok® matters most

Digital Asset Custody

Private keys are never stored, eliminating the primary attack surface. Bybit-proof architecture for exchanges and custodians.

Inheritance (Transfer on Death)

Assets transfer securely only after verified attestation and quorum approval. Estate planning for digital assets.

Asset Sale (Transfer on Sale)

Keys are regenerated only after escrow and compliance conditions are proven. Trustless transfers with no intermediary.

Enterprise Governance

Enforce real-world approval structures cryptographically: CFO + CEO + Compliance must all approve.

Authentication (Phantom Gate™)

No passwords, no tokens, no stored credentials. Keys exist only for the session, then are destroyed.

Banking & Finance

Zero-persistence secrets for internal systems. Hardware-bound identity. Multi-party approval workflows.

Code Signing & CI/CD Pipelines

Signing keys are never stored in build servers or repositories. Reconstructed at the moment of signing, used once, then destroyed, eliminating supply chain attacks.

Secure File Storage

File access governed by identity attestation and quorum policy. No stored credentials can unlock files without meeting verified conditions.

Integration

Works with your existing stack

Lokblok integrates as a middleware layer. You don't need to replace your systems.

It works with what you already have

  • HSMs and MPC
  • Cloud KMS and vaults
  • Wallets and applications
  • Identity platforms

Nothing to rip out

Your infrastructure stays the same. Lokblok simply changes one thing: how secrets are created and used.

  • No keys stored
  • No credentials to manage
  • No recovery material to protect

Fast to deploy

API-first. No data migration. No disruption.

You don't rebuild your system. You just remove the part that creates the risk.

Why This Matters

Most breaches don't break encryption.

They exploit stored secrets. Lokblok® removes the thing attackers target, eliminating key theft, seed phrase loss, backup compromise, insider misuse, and custodian risk.

$3.1BStolen in H1 2025 alone
$1.4BBybit breach, single event
100%Major breaches involved key compromise
0Keys stored with Lokblok®

Lokblok® removes:

Key theft
Seed phrase loss
Backup compromise
Insider misuse
Custodian risk
Talk to us about eliminating stored keysPhantom Secrets™ — zero-persistence key managementRead the architecture

Practitioner reading: eliminating stored private keys, alternatives to MPC custody, and recovery without seed phrases. See all insights or browse the glossary.