The PhantomKey Roadmap

What exists today is the foundation.
What follows is the architecture that makes the current model look like a starting point.

The products in market today — DVP, DVT, DVE — implement zero-persistence architecture at the credential layer. They solve the vault problem. What follows solves everything else.

The constructs below range from active development to early research. Some will become standalone products. Some will be absorbed into the PhantomKey SDK. All of them share a single design principle: if it persists, it’s a liability.

Constructs in Development & Research

Project Sargent

Hardware-Bound Authentication & Multi-Site Credential Storage

Active Research

Sargent extends the PhantomKey Private authentication model to a physical hardware device — a standard USB flash drive. Authentication is derived from a double hash of a user-selected image, with a remote hash chain stored on the device itself.

The result is a two-factor authentication model that requires both knowledge (the selected image) and possession (the physical device). No credentials are stored on any server. No PKI. No CA. The chain on the device is the authority.

Multi-site password storage operates on the same zero-persistence principle — credentials are derived on demand, never written to the device or any external system.

Schrödinger

Quantum-Resistant Secure Group Messaging

Active Research

Schrödinger applies the Hawking Chain State architecture to secure group communications. Group membership is managed via a private append-only hash chain — the same construct that provides tamper-evident audit trails in the PhantomKey SDK.

Messages exist only in transit. Group membership is cryptographically verifiable without a central directory. A member added or removed from the chain cannot retroactively access prior communications or future ones after removal — the chain enforces this mathematically, not by policy.

There is no server holding group state. The chain is the group.

QuantumShift

Session Tokenization Engine — SDK Integration

SDK Integration Planned

QuantumShift is the HMAC-SHA256 tokenization engine at the core of PhantomKey’s session decorrelation architecture. Each session token is independently derived, 128-bit truncated, and mathematically disconnected from every other session token in the system.

QuantumShift will be exposed as a first-class primitive in the PhantomKey SDK, enabling integrators to build zero-correlation session architectures into their own products.

Zero collisions observed across 4,000 empirical sessions.

QuantumRotation

Session Decorrelation Primitive — SDK Integration

SDK Integration Planned

QuantumRotation is the session-frame rotation primitive that works in conjunction with QuantumShift. Where QuantumShift generates independent tokens, QuantumRotation manages the reference frame for each session — ensuring that session metadata, timing patterns, and access sequences cannot be correlated across sessions.

Combined with Variable-Density Collision Geometry, QuantumRotation makes traffic analysis structurally ineffective against PhantomKey-protected systems.

RRFT (Rotating Reference Frame Tokenization)

Session-Bound Symmetric Encryption

Early Research

RRFT is a symmetric encryption construct built on a closed-loop word chain dictionary. Words maintain fixed relative positions to each other permanently — the dictionary itself never changes. Instead, the session origin (link zero) is determined by hash(salt + timestamp), rotating the entire reference frame for each session. A message is encoded as a series of pointers where each pointer is an offset from that session’s origin to the word’s chain position.

The result: two identical messages encoded in different sessions produce entirely different ciphertext with no shared structure. Pattern analysis yields nothing — there is no consistent relationship between input and output across sessions. The Enigma machine was trying to hide the message. RRFT makes the message structurally unrecognizable.

The Design Principle

Every construct above shares the same architectural foundation as the products in market today. Persistence is a liability. Correlation is an attack surface. Third-party trust is a failure mode. The PhantomKey roadmap is not a list of features. It is a systematic elimination of everything that can be stolen, harvested, or compromised — at every layer of the stack.

The vault era is over. We are building what comes next.

Interested in the roadmap?

Partnership inquiries, SDK integration discussions, and research collaboration welcome.

Contact PhantomKey