# Zero Stored Private Keys

> The private key is the root cause of every key-based breach. Phantom Secrets™ eliminates the stored key entirely. No key at rest means no key to steal.

## The Insight

Every catastrophic key loss — from custody failures to ransomware to insider theft to lawful-access compulsion — depends on the same thing: a private key existed somewhere durable. Encryption at rest, HSMs, multi-sig, and key rotation all assume the key must continue to exist. Phantom Secrets™ removes that assumption.

## What "Zero Stored" Means

- The key does not exist on disk, in memory, in a database, in an HSM file system, or in any backup.
- Threshold shares exist, but no single share — and no possessable subset short of the threshold — reveals the key.
- Reconstruction occurs only inside certified hardware, only when policy is satisfied, and the key is destroyed before the hardware boundary is exited.

## Consequences

- Theft requires reconstruction inside hardware you control under conditions you set
- Lawful-access compulsion has nothing to compel — the operator cannot produce the key
- Insider risk collapses: even a fully privileged operator cannot extract the key
- Backup and recovery become public-data operations

## Related

- Architecture: /api/md/architecture
- Phantom Secrets™: /api/md/products/phantom-secrets