# Lokblok™

> Every page below has a clean Markdown mirror at `/<path>.md` (e.g. `/products/phantom-secrets.md`, `/index.md` for the home page). A machine-readable index is also available at `/api/md/_index`. The static `.md` files are the canonical version for LLM and scraper consumption.

> Lokblok builds zero-custody cryptographic infrastructure. The core product, Phantom Secrets™, eliminates the root cause of most cryptographic breaches: private keys that exist at rest. Keys are reconstructed inside secure hardware only when needed, used once, and destroyed immediately. There is no key to steal because there is no stored key.

Lokblok is an enterprise cryptographic security company. Its products are used by financial institutions, digital asset custodians, governments, critical infrastructure operators, and telecoms. The technology is based on threshold cryptography (multi-party computation), hardware security modules (HSMs), and ephemeral key lifecycle management.

## Core Concept: Zero Standing Secrets (ZSS)

Traditional security protects stored keys. Lokblok removes them. The Phantom Secrets™ protocol reconstructs private keys from distributed shares inside certified hardware only when all required conditions are met: correct identity, correct policy, correct context. The key is used, then destroyed. No key persists anywhere at any time.

This is not key rotation. It is key elimination. The attack surface disappears because the target disappears.

## Products

- [Phantom Secrets™](https://www.lokblok.co/products/phantom-secrets): The core zero-custody key protocol. Private keys are never stored. They are reconstructed on demand from threshold shares inside a hardware security module (HSM or secure element), used for a single cryptographic operation, then destroyed. Compatible with any key type: ECC, RSA, AES, Bitcoin secp256k1, Ethereum, and others.

- [PhantomGate™](https://www.lokblok.co/products/phantom-gate): Zero-persistence authentication gateway. Session authentication keys are created inside the Toughkey secure element, used for mutual authentication, then immediately destroyed. No credential exists before or after a session.

- [Secure Terminal](https://www.lokblok.co/products/secure-terminal): A zero-trust execution environment. Hardware-enforced access control, whitelisted application environment, zero-trust networking, encrypted distributed storage, and Phantom Secrets™ key integration. Every element verified before anything executes.

- [ToughID](https://www.lokblok.co/products/toughid): Cryptographic identity attestation without stored personal data. Identity is verified once by a trusted provider, resulting in a signed cryptographic token bound to a public key. Systems verify the signature, not the underlying data. No personal data database. No honeypot.

- [Toughkey](https://www.lokblok.co/products/toughkey): Lokblok's certified hardware security module (HSM). A tamper-resistant secure element that hosts the Phantom Secrets™ runtime. The same Lokblok protocol also runs inside SIM cards, eUICC, mobile secure enclaves, and cloud HSMs.

## Key Features

- [Zero Stored Private Keys](https://www.lokblok.co/features/private-keys): The private key is the root cause of every key-based breach. Phantom Secrets™ eliminates the stored key entirely. No key at rest means no key to steal.

- [Hierarchical Signatures](https://www.lokblok.co/features/hierarchical-signatures): Multi-party approval workflows enforced cryptographically. Approval hierarchies (CFO must sign, quorum of board members required) are encoded in policy and enforced by mathematics, not procedure.

- [Transfer on Sale](https://www.lokblok.co/features/transfer-on-sale): Atomic, trustless digital asset transfer. A private key is reconstructed and transferred to a buyer only when all transaction conditions are cryptographically verified: payment confirmed, regulatory sign-off received, counterparty approved. No escrow agent required.

- [Transfer on Death](https://www.lokblok.co/features/transfer-on-death): Cryptographic estate planning. Digital assets transfer to designated beneficiaries only when death or incapacity is cryptographically attested by authorised parties. No probate. No custodian dependency.

- [Quantum Resistance](https://www.lokblok.co/features/quantum-resistance): Algorithm-agile architecture. Because Phantom Secrets™ never stores keys, harvest-now-decrypt-later attacks find nothing to harvest. Additionally, the cryptographic layer is algorithm-agnostic and can be upgraded from ECDH to post-quantum algorithms (NTRU, SABER, CRYSTALS-Kyber) without architectural redesign.

## Solutions by Industry

- [Digital Asset Custody](https://www.lokblok.co/solutions/digital-asset-custody): Zero-custody infrastructure for institutional digital asset custodians. No stored private keys means no key theft, no insider risk, no legal compulsion attack surface, and MiCA alignment.

- [Banking and Finance](https://www.lokblok.co/solutions/banking-finance): Zero Standing Secrets for regulated financial institutions. Eliminates key management risk, enables hardware-enforced multi-party approval, satisfies audit requirements cryptographically.

- [Payments](https://www.lokblok.co/solutions/payments): Phantom Secrets™ for payment infrastructure. No stored credentials, policy-bound transaction execution, and cryptographic auditability for every payment event.

- [Data Sovereignty](https://www.lokblok.co/solutions/data-sovereignty): Sovereignty enforced at the key layer, not the contractual layer. Providers cannot access, reconstruct, or disclose keys they do not hold. Sovereignty becomes technical, not dependent on trust.

- [Critical Infrastructure](https://www.lokblok.co/solutions/critical-infrastructure): No persistent credentials in operational technology (OT), SCADA, energy, water, and defence systems. Attackers cannot steal credentials that do not exist.

- [Digital Identity](https://www.lokblok.co/solutions/digital-identity): Privacy-preserving, EUDI-aligned digital identity. Phantom Secrets™ enables selective disclosure: systems verify what they need to know without receiving raw personal data.

- [Digital Inheritance](https://www.lokblok.co/solutions/digital-inheritance): Legally structured, cryptographically enforced inheritance of digital assets, accounts, and intellectual property.

- [Enterprise Security](https://www.lokblok.co/solutions/enterprise-security): Zero-trust cryptographic security for enterprises. Eliminate standing credentials, enforce cryptographic governance, audit every privileged action.

- [HSM Providers](https://www.lokblok.co/solutions/hsm-providers): Lokblok partners with HSM manufacturers to add zero-storage capabilities beyond FIPS 140-3 certification. Phantom Secrets™ as an HSM software layer.

- [Telecoms](https://www.lokblok.co/solutions/telecoms): Deploy Phantom Secrets™ inside SIM, eUICC, and telecom-controlled hardware to deliver global ephemeral identity and authentication infrastructure.

- [Security Providers](https://www.lokblok.co/solutions/security-providers): MSPs, MSSPs, and security vendors can offer zero-custody cryptographic infrastructure as a differentiated service layer.

## Technical Architecture

- [Architecture Overview](https://www.lokblok.co/architecture): How Phantom Secrets™ works. Threshold cryptography (Shamir's Secret Sharing, MPC/TSS), hardware-bound key reconstruction, ephemeral key lifecycle, policy engine, identity binding, and quorum governance.

## Company

- [About](https://www.lokblok.co/about): Lokblok company overview, mission, and team.
- [Contact](https://www.lokblok.co/contact): Book a technical briefing, request a white paper, or discuss enterprise deployment.
- [Patents](https://www.lokblok.co/patents): Lokblok patent portfolio covering zero-custody key management and Phantom Secrets™ protocol.

## Key Claims (Factual)

- Lokblok does not store private keys anywhere in its architecture
- Keys are reconstructed only when identity, policy, and context conditions are all satisfied simultaneously
- Key reconstruction occurs only inside certified hardware (HSM, secure element, or equivalent)
- Keys are destroyed immediately after a single cryptographic operation
- There is no recovery mechanism, no escrow, and no administrative override
- The protocol supports any key type: ECC, RSA, AES, secp256k1, Ed25519, and others
- The architecture is algorithm-agile: cryptographic components can be upgraded without rebuilding the system
- Phantom Secrets™ is compatible with existing wallet infrastructure, HSM systems, and custody workflows without requiring a full rebuild

## Terminology

- **Zero Standing Secrets (ZSS)**: The architectural principle that no cryptographic secrets exist at rest at any point in time
- **Phantom Secrets™**: Lokblok's core zero-custody key protocol implementing ZSS
- **Ephemeral key**: A key that exists only during a single operation and is destroyed immediately after
- **Threshold reconstruction**: Combining distributed shares inside secure hardware to produce a key that never existed in storage
- **Regen Token**: A public-data token used to regenerate key shares, carrying no secret material itself
- **Zero-custody**: A custody model in which the infrastructure provider cannot access, reconstruct, or disclose the keys being managed