Phantom Keys
A Phantom Key is how you access your private data on Specter. When you commit something through Ghost Protocol — whether it is tokens, a document, or a credential — a Phantom Key is generated. It is the only thing you need to later prove that the commitment is yours.
Think of it like a coat check ticket. You hand over your coat (commit your data), and you get a ticket (the Phantom Key). When you come back, you show the ticket, and you get your coat. Nobody needs to know your name. Nobody checks your ID. The ticket is the proof.
Over three generations, Phantom Keys have evolved from simple one-time credentials into a powerful, programmable identity system.
Generation 1: Basic One-Time Keys
The original Phantom Key. A bearer credential — whoever holds it can claim the commitment. Commit once, reveal once, and the key is spent. Simple, elegant, and sufficient for basic private transfers.
This is the foundation that Vanish and Summon are built on. You Vanish tokens, receive a Phantom Key, and later use that key to Summon the tokens to any address. The key contains the cryptographic secrets needed to generate the zero-knowledge proof that unlocks your commitment.
One-time keys are maximally private: they are used once, produce a nullifier that permanently marks them as spent, and leave no reusable trace.
Generation 2: Programmable Keys (v4.4)
Generation 2 introduced embedded policies — rules that are cryptographically bound to the Phantom Key and enforced automatically at reveal time. The key does not just prove you own a commitment; it also carries the conditions under which that commitment can be claimed.
Three policy types ship at launch:
TimelockExpiry
The commitment cannot be revealed until a specific time has passed (or must be revealed before a deadline). Use cases include vesting schedules, embargoed information, and time-delayed transfers.
DestinationRestriction
The commitment can only be revealed to a specific address or set of addresses. This enables KYC-gated transfers, where tokens can only flow to verified wallets — privacy and compliance coexisting in the same transaction.
ThresholdWitness
The reveal requires approval from one or more additional parties (witnesses). This enables multi-party authorization: board approvals, institutional controls, or joint custody arrangements — all while keeping the underlying commitment private.
What makes these policies special is that they are tamper-proof. The policy address and parameter hash are included as inputs to the Poseidon7 commitment hash. Attempting to change the policy would change the commitment hash, which would invalidate the ZK proof. There is no way to remove or modify a policy after commitment — it is as permanent as the cryptography that binds it.
Generation 3: Persistent Keys (v4.5)
Persistent Phantom Keys are the breakthrough that turns Ghost Protocol from a privacy tool into a privacy identity system.
Unlike one-time keys, a persistent key is reusable. It can be verified an unlimited number of times using the Access Proof circuit, and it is never consumed. It stays valid until it is explicitly revoked by its creator.
This changes everything. A persistent Phantom Key is not just a receipt for a single commitment — it is a credential that proves ongoing access to something.
Use Cases
- API Keys: Issue a persistent Phantom Key as an API credential. The holder can authenticate as many times as they want, and the key can be revoked instantly if compromised. No passwords, no tokens stored in databases — just a cryptographic proof of access.
- Software Licenses: A persistent key proves that someone has purchased a license. It can be verified on every launch without being "used up." Revoke it to end the subscription.
- Team Credentials: Issue persistent keys to team members for access to shared resources. When someone leaves the team, revoke their key. No need to rotate shared secrets.
- AI Chat Sessions: A persistent key can represent an ongoing conversation or session. Each interaction verifies the key without consuming it, maintaining continuity and privacy.
- Subscription Access: Media paywalls, gated communities, premium features — all can be unlocked with a persistent Phantom Key that stays valid as long as the subscription is active.
How Revocation Works
Persistent keys are stored in the PersistentKeyVault and support two revocation policies:
- BEARER (default): Anyone who holds the Phantom Key can revoke it — true bearer instrument behavior.
- ISSUER_ONLY: Only the wallet that originally sealed the key can call revoke — giving issuers full control over the credentials they create.
In both cases, revocation is permanent and immediately invalidates the key for all future Access Proof verifications.
Export Formats
Phantom Keys are just data — cryptographic secrets encoded in a portable format. Specter supports multiple ways to share and store them:
| Format | Description | Best For |
|---|---|---|
| Numeric Code | A human-readable number that can be typed or dictated | Phone calls, manual entry |
| QR Code | A scannable image | In-person transfers, mobile wallets |
| PNG Image | A downloadable image file | Messaging apps, email |
| PDF Document | A printable document with the key and instructions | Paper backup, formal transfers |
| NFC Card | An NTAG 424 DNA card with the key written to its secure memory | Physical access cards, gift cards, collectibles |
The NFC format is worth highlighting. An NTAG 424 DNA card is a tamper-resistant hardware chip that can store a Phantom Key and present it via near-field communication — tap your card to a reader, and the key is transmitted. This brings blockchain privacy into the physical world: imagine a keycard that grants access to a building, where the access credential is a zero-knowledge proof on Specter. No central database. No admin who can see who entered when. Just cryptographic proof of authorization.