# Glossary

> The language of secrets that don't exist. Each term has its own page with related concepts.

## All terms (A–Z)

- [Business-Logic-Enforced Cryptography](https://www.lokblok.co/glossary/business-logic-enforced-cryptography) — The principle behind hierarchical signatures: organisational policies (who must sign, under what conditions) are not just workflow rules but cryptographically required. If the right people don't sign, the secret simply cannot be recovered.
- [Ephemeral](https://www.lokblok.co/glossary/ephemeral) — The property of a regenerated secret. It exists only for the briefest moment to perform its task, then is immediately destroyed — leaving nothing to store or steal.
- [Hierarchical Signatures](https://www.lokblok.co/glossary/hierarchical-signatures) — An extension of MPC/TSS that enforces real-world business logic in the cryptography itself. Instead of simple thresholds (e.g. 'any 2 of 3'), signatures can require specific roles or conditions (e.g. CFO + CEO + Compliance Officer for large transactions). These rules are cryptographically binding, preventing spoofing, insider abuse, or collusion. Lokblok refers to this as business-logic-enforced cryptography.
- [Lokbox](https://www.lokblok.co/glossary/lokbox) — Lokblok's secure cloud storage system (formerly Toughcloud) that shards and encrypts data across decentralised storage providers, with the customer retaining sole control of encryption keys. This design eliminates single points of compromise in cloud environments. Available today via S3-compatible APIs.
- [Middleware](https://www.lokblok.co/glossary/middleware) — In Lokblok, middleware refers to two related layers. First, Lokblok's platform role: operating as an invisible, cloud-based security layer between existing applications and cryptographic hardware. Institutions integrate via APIs and SDKs, while end users never see Lokblok directly. Second, at the component level: the client-side and server-side software libraries that handle communication with Toughkey™s, Secure Terminal™, and other Lokblok modules. By design, Lokblok spans both senses — a SaaS middleware platform that delivers security as a service, and a set of middleware components that connect applications to certified hardware.
- [Multi-Party Computation (MPC)](https://www.lokblok.co/glossary/multi-party-computation) — A cryptographic process where multiple parties jointly compute on a secret without any one party seeing the whole secret. In Phantom Secrets, recovery agents regenerate temporary secret shares, which are recombined inside a Toughkey to produce a usable private key for signing or encryption. The key exists only ephemerally, then is destroyed — ensuring nothing persists at rest.
- [Phantom Gate™](https://www.lokblok.co/glossary/phantom-gate) — A stealth-mode access service formerly called Phantom Secrets Knock Knock Protocol. Keeps applications and servers invisible until an authenticated sequence is performed with a Toughkey™. Reduces the attack surface to near zero, extending Zero Trust ('Never Trust, Always Verify') into the service layer itself. Requires Secure Terminal™.
- [Phantomizing](https://www.lokblok.co/glossary/phantomizing) — The full process of converting a persistent secret into a phantom secret that never exists at rest. Secrets are destroyed and only regenerated inside certified hardware when needed.
- [Regen Tokens](https://www.lokblok.co/glossary/regen-tokens) — A step within phantomizing where encrypted secret shards are replaced with harmless Regen Tokens. These act like signposts — pointing to where a secret could be reconstituted, but carrying no value if stolen.
- [Secure Terminal™ Encrypted Local Storage](https://www.lokblok.co/glossary/secure-terminal-encrypted-local-storage) — An enhancement to Secure Terminal™ that allows encrypted files to be kept entirely local on the user's device instead of being pushed to cloud storage. Users can optionally sync their encrypted files to services like OneDrive or Dropbox, but Lokblok itself never handles the raw file.
- [Threshold Secret Sharing (TSShr)](https://www.lokblok.co/glossary/threshold-secret-sharing) — The foundational method of splitting a secret into multiple parts (shares), where only a defined threshold (e.g. 2 of 3) can reconstitute it. In traditional systems, shares are stored and later recombined. In Lokblok, shares are never stored: they are generated, recovered as needed, and destroyed immediately after use. This makes Threshold Secret Sharing the generic base concept underpinning Phantom Secrets, MPC, and Threshold Signature Schemes.
- [Threshold Signature Scheme (TSSig)](https://www.lokblok.co/glossary/threshold-signature-scheme) — A form of MPC where the private key is never reconstructed at all. Instead, each participant produces a partial signature, and these are combined to form a complete digital signature. Unlike Phantom Secrets (where shares recombine inside a Toughkey), in TSSig the key never exists even ephemerally — only the final signature does. Lokblok implements TSSig directly in certified hardware, making it far stronger than software-only schemes.
- [ToughID™](https://www.lokblok.co/glossary/toughid) — A Lokblok identity specification that orchestrates KYC, verification, and recovery processes across multiple parties, using tokenised data and hardware-based attestations to prove each step without exposing sensitive information.
- [Toughkey™](https://www.lokblok.co/glossary/toughkey) — Certified hardware (FIPS / Common Criteria smartcard or USB form factor) that anchors Phantom Secrets in a tamper-resistant environment. Binds identity to device and ensures secrets are only ever reconstructed inside hardware.
- [Zero Trust](https://www.lokblok.co/glossary/zero-trust) — The principle 'Never Trust, Always Verify.' Lokblok applies this to every layer: users, devices, networks, applications, and secrets. Nothing is assumed safe; everything must prove trustworthiness in real time.

## By category

### Phantom Secrets™

- [Phantomizing](https://www.lokblok.co/glossary/phantomizing)
- [Regen Tokens](https://www.lokblok.co/glossary/regen-tokens)
- [Ephemeral](https://www.lokblok.co/glossary/ephemeral)
- [Toughkey™](https://www.lokblok.co/glossary/toughkey)
- [Multi-Party Computation (MPC)](https://www.lokblok.co/glossary/multi-party-computation)
- [Threshold Secret Sharing (TSShr)](https://www.lokblok.co/glossary/threshold-secret-sharing)
- [Threshold Signature Scheme (TSSig)](https://www.lokblok.co/glossary/threshold-signature-scheme)
- [Hierarchical Signatures](https://www.lokblok.co/glossary/hierarchical-signatures)
- [Business-Logic-Enforced Cryptography](https://www.lokblok.co/glossary/business-logic-enforced-cryptography)

### Secure Terminal™

- [ToughID™](https://www.lokblok.co/glossary/toughid)
- [Phantom Gate™](https://www.lokblok.co/glossary/phantom-gate)
- [Secure Terminal™ Encrypted Local Storage](https://www.lokblok.co/glossary/secure-terminal-encrypted-local-storage) _(Coming Soon)_

### Standalone / Infrastructure

- [Lokbox](https://www.lokblok.co/glossary/lokbox)

### Core Principles

- [Middleware](https://www.lokblok.co/glossary/middleware)
- [Zero Trust](https://www.lokblok.co/glossary/zero-trust)