Home/Features/Zero Standing Secrets

Feature

Private keys that don't exist.

You can't steal what isn't there. The private key is never written to storage. It is computed, used, and discarded. This is the fundamental proposition of Phantom Secrets™ expressed as a user-facing reality.

Plain English

What this means for you.

In every other security system, no matter how advanced, a private key exists somewhere. It might be encrypted, distributed across multiple parties, stored in a hardware module, or locked in a vault. But it exists. And anything that exists can be found, stolen, coerced, or leaked.

Phantom Secrets™ takes a fundamentally different approach. The private key is never stored. Instead, it is mathematically derived at the moment of use from public, non-sensitive data, combined with real-time quorum authorization and hardware attestation.

When the operation is complete, the key ceases to exist. There is nothing to steal. There is nothing to lose. There is nothing to protect.

Traditional: Key exists somewhere

  • Cold and hot wallets store key on device
  • HSM stores key in secure chip
  • MPC distributes key across parties
  • Each approach: attackable at rest

Phantom Secrets™: Key doesn't exist

  • Key is derived on-demand, not stored
  • Exists only inside secure hardware for milliseconds
  • No artifact reduces entropy at rest
  • Attack surface: zero

Technical Flow

The key lifecycle, for developers.

1

Public Regen Tokens Generated

During setup, Regen Tokens are computed and published. These are mathematically derived from the secret but reveal nothing about it, and are safe to store publicly.

2

Reconstruction Event Triggered

A signing request is received. The policy engine evaluates conditions: Is the identity verified? Has quorum been achieved? Is the device attested?

3

Key Derived in Hardware

Inside the Toughkey™ secure element, the private key is mathematically derived from the Regen Tokens plus quorum contributions. It is never exposed outside the secure element.

4

Operation Performed

The signing or decryption operation is performed inside the secure element using the derived key.

5

Key Discarded

The key is immediately discarded. No copy exists anywhere. Not in hardware, not in software, not in logs.

Why This Matters

Every major breach has one root cause: a key existed somewhere it shouldn't.

This removes

Key theft
Seed phrase loss
Backup compromise
Insider access risk

For technical users

No persistent key material
No entropy leakage via stored artifacts
No offline attack surface
Single-operation key lifecycle

Technical White Paper Available

The complete cryptographic specification for Phantom Secrets™ ephemeral key derivation, including threat model analysis and formal security proofs, is available to qualified security researchers and enterprise evaluators.

Request White Paper

Security stops being about protecting secrets.
It becomes about controlling when they can exist.

Get In TouchPhantom Secrets™ Product Page