| Access Proof | A zero-knowledge proof demonstrating that the prover controls a data commitment in the Merkle tree, without revealing the underlying secret or nullifier secret. Used for gated data access in the OpenGhostVault. |
| Access Tag | A session-bound identifier derived as Poseidon2(nullifierSecret, sessionNonce). Proves control of a commitment for a specific session without exposing the nullifier secret. |
| aghost | The smallest denomination of the GHOST token. 1 GHOST = 10^18 aghost. Analogous to wei in Ethereum. |
| BN254 | The elliptic curve (also called alt_bn128) used for Groth16 pairings. Its scalar field of ~254-bit prime order defines the arithmetic domain for all Specter circuits. Supported natively via EIP-197. |
| CometBFT | The Byzantine fault-tolerant consensus engine (formerly Tendermint Core) used by Specter. Provides instant deterministic finality with ~5-second block times. |
| Commit | The act of depositing a value or data into a Specter vault by publishing a cryptographic commitment to the Merkle tree. Also called "Vanish" in user-facing terminology. |
| Commitment | A Poseidon hash binding a secret, nullifier secret, and payload (data or token fields) into a single field element stored as a Merkle leaf. Hiding (reveals nothing about the preimage) and binding (cannot be opened to a different preimage). |
| CommitRevealVault | The main vault contract for private token transfers in Ghost Protocol. Accepts token deposits (burning them), stores commitments in the Poseidon Merkle tree, and processes zero-knowledge proof-verified withdrawals (minting tokens to recipients). Supports policy-bound commits and an optional quantum-safe keccak256 layer. |
| Dead Man's Switch | A reveal policy that automatically authorizes redemption if the original depositor fails to prove liveness within a configurable time window. Useful for inheritance and recovery scenarios. |
| DestinationRestriction | A reveal policy that restricts redemption to a predefined set of recipient addresses. The policy parameters hash encodes the allowed destinations, enforced at redemption time via staticcall. |
| Ghost Protocol | The core privacy primitive of Specter. A system of Poseidon commitments, Merkle trees, Groth16 proofs, and nullifiers that enables private token transfers and data access with programmable reveal conditions. |
| GHOST | The native token of the Specter network. Used for transaction fees, staking, and governance. Total supply: 1,000,000,000. |
| Groth16 | The zero-knowledge proof system used by Specter. Produces constant-size 256-byte proofs verifiable in ~220k gas via BN254 pairings. Requires a per-circuit trusted setup. |
| g-token | A GhostERC20 representation of an external token on Specter. Created when a user bridges tokens from an external chain; the bridged tokens can be vanished (committed) into the Ghost Protocol for privacy and later summoned (revealed) to withdraw. |
| Hyperlane | The cross-chain messaging protocol used by Specter for interoperability. Enables Warp Routes that bridge tokens and messages between Specter and external chains. |
| IRevealPolicy | The Solidity interface that all reveal policy contracts must implement. Defines a single validate function called via staticcall during redemption to enforce custom conditions. |
| Merkle Tree | A binary hash tree of depth 20 (~1M leaf capacity) using Poseidon2 for internal nodes. Stores all commitments for a vault. The root is published on-chain; proofs of membership are generated off-chain and verified inside ZK circuits. |
| Nullifier | A deterministic, unique value derived from a commitment's nullifier secret and leaf index: Poseidon2(Poseidon2(nullifierSecret, commitment), leafIndex). Published on-chain at redemption to prevent double-spending. |
| NullifierRegistry | The on-chain registry that records all spent nullifiers. A redemption transaction is rejected if its nullifier has already been registered. |
| OpenGhostVault | A vault contract for private data access control. Users commit data hashes and later prove access rights via Access Proofs, enabling privacy-preserving gated content, credentials, and permissions. |
| Persistent Phantom Key | A Phantom Key type that remains valid across multiple sessions and does not expire unless explicitly revoked. Suitable for long-lived credentials and access grants. |
| PersistentKeyVault | The vault contract that manages Persistent Phantom Keys. Supports issuance, access verification, and revocation of long-lived credentials via the Ghost Protocol. |
| Phantom Key | A privacy-preserving credential issued through the Ghost Protocol. Proves authorization or identity attributes without revealing the holder's on-chain address or transaction history. |
| Policy Binding | The mechanism by which a reveal policy is irrevocably bound to a commitment at deposit time. The policyId and policyParamsHash are embedded in the Poseidon7 preimage, making them tamper-proof and verifiable inside the ZK circuit. |
| PolicyRegistry | An informational on-chain registry of reveal policy contracts. Provides discoverability for available policies but is not enforced at the protocol level — any contract implementing IRevealPolicy can be referenced in commitments. |
| Poseidon | An algebraic hash function family optimized for arithmetic circuits over prime fields. Specter uses three variants: Poseidon2, Poseidon4, and Poseidon7. |
| Poseidon2 | The 2-input Poseidon variant (width-3 state). Used for Merkle nodes, nullifier derivation, access tags, and token IDs. The only variant deployed on-chain (as PoseidonT3, ~30k gas). |
| Poseidon4 | The 4-input Poseidon variant. Used for data commitments and Open Ghost commitments: Poseidon4(secret, nullifierSecret, dataHash, blinding). Computed off-chain only. |
| Poseidon7 | The 7-input Poseidon variant. Used for token commitments: Poseidon7(secret, nullifierSecret, tokenId, amount, blinding, policyId, policyParamsHash). Computed off-chain only. |
| Programmable Phantom Key | A Phantom Key type governed by a reveal policy. The policy contract can enforce expiry, destination restrictions, threshold witnesses, or arbitrary custom logic before the key can be used. |
| Quantum Commitment | The keccak256 hash of a quantum secret, stored on-chain at deposit time in the CommitRevealVault. Provides defense-in-depth against quantum adversaries who may break BN254 in the future. |
| Quantum Secret | A random value generated by the depositor and kept private until redemption. Its keccak256 hash forms the quantum commitment. Preimage resistance under Grover's algorithm requires ~2^128 operations. |
| Redemption Proof | A Groth16 proof generated by the GhostRedemption circuit. Proves Merkle membership, nullifier correctness, amount conservation, change commitment validity, and policy binding without revealing any private inputs. |
| Reveal | The act of satisfying the conditions required to redeem a commitment — submitting a valid ZK proof, passing the reveal policy check, and (in CommitRevealVault) revealing the quantum secret. Also called "Summon" in user-facing terminology. |
| Reveal Policy | A smart contract implementing IRevealPolicy that defines the conditions under which a commitment can be redeemed. Bound to the commitment at deposit time and enforced via staticcall at redemption. |
| Revels | The user-facing term for private data sharing built on the OpenGhostVault. A Revel is a piece of data — a message, a document hash, a secret, or credential — committed privately and revealed selectively using zero-knowledge proofs. |
| Session Nonce | A unique random value used in Access Proofs to bind the proof to a specific session. Prevents replay of access proofs across different sessions. |
| Specter | The privacy-first blockchain protocol combining CometBFT consensus, EVM execution, and the Ghost Protocol to enable private, programmable, and quantum-aware transactions and credentials. |
| Stealth Address | A one-time address derived using the ERC-5564 scheme, enabling a sender to create a payment destination that only the intended recipient can detect and spend from. |
| Summon | The user-facing term for revealing (withdrawing) tokens or data from the Ghost Protocol. Technically, the act of submitting a redemption proof and receiving minted tokens. |
| ThresholdWitness | A reveal policy requiring M-of-N designated witnesses to co-sign a redemption. Enables multisig-like governance over committed assets without revealing the commitment's owner. |
| TimelockExpiry | A reveal policy that prevents redemption until a specified block timestamp has passed. Useful for vesting schedules, time-locked escrows, and delayed execution. |
| Vanish | The user-facing term for depositing (committing) tokens into the Ghost Protocol. Technically, the act of burning tokens and inserting a commitment into the Merkle tree. |
| Warp Route | A Hyperlane-based bridge route that enables tokens to move between Specter and external chains. Warp Routes lock tokens on the source chain and mint corresponding g-tokens on the destination. |
| Zero-Knowledge Proof | A cryptographic proof that demonstrates knowledge of information (such as a commitment preimage) without revealing the information itself. Specter uses the Groth16 zk-SNARK system. |