The cryptographic core. Build zero-persistence into anything.
The PhantomKey SDK is the foundation every product in the PhantomKey family is built on.
Now available to partners and integrators.
PhantomKey replaces persistent credential storage with anchor-bound, session-scoped reconstruction. The model eliminates vault exfiltration by design: cryptographic material exists only for the minimum time required to complete an operation, then is wiped from protected memory.
Credentials and session keys are never written to durable storage in recoverable form. Reconstruction occurs on demand from user-supplied anchors and policy-bound derivation inputs. When a session ends, no key material, encrypted blobs, or derivation state remain on the client or integration host. Security follows from absence, not from stronger encryption of stored secrets.
Dual-path derivation binds operational keys to cryptographically verifiable external anchor values. The construction combines Argon2id for memory-hard passphrase stretching with HMAC-SHA256 for domain-separated subkey expansion. Anchors are validated before derivation; invalid or stale anchors fail closed with no fallback to persisted material.
Derived keys exist inside a bounded exposure window of approximately 150 milliseconds per reconstruction cycle. Material is allocated in protected memory, used for the requested operation, then overwritten and released. The window is short enough to defeat bulk exfiltration and long enough to complete network-authenticated operations without persistent vault latency.
A private, append-only hash chain records session and access events without storing recoverable credentials. Each append is hash-linked to its predecessor, producing a tamper-evident audit trail suitable for regulated environments. Chain genesis can be anchored to public blockchain state for independent verification of sequence integrity.
Variable-density collision geometry decorrelates session identifiers across concurrent and sequential sessions. Empirical validation across 4,000 sessions reports zero identifier collisions under production load profiles. Decorrelation prevents cross-session linkage attacks that plague static token and vault-based designs.
Public blockchain timestamps and headers provide external anchors for Hawking Chain State and high-value derivation events. Anchoring does not place secrets on-chain; only non-reversible commitments and chain pointers are published. Integrators gain independent proof of sequence ordering without exposing credential payloads.
PhantomKey capabilities across deployment tiers. SDK tier exposes API access and custom integration paths for qualified integrators.
| Features |
Personal
Individual users
|
Team
Organizations
|
SDK
Developers
|
|---|---|---|---|
| Password Management | |||
| Zero-persistence storage | ✓ | ✓ | ✓ |
| Unlimited credentials | ✓ | ✓ | ✓ |
| Multiple isolated vaults | ✓ | ✓ | ✓ |
| Team credential sharing | — | ✓ | ✓ |
| Secure Communications | |||
| Blockchain-verified messaging | ✓ | ✓ | ✓ |
| Tokenized encryption | ✓ | ✓ | ✓ |
| Quantum-resistant security | ✓ | ✓ | ✓ |
| Enterprise compliance (HIPAA/SOC2) | — | ✓ | ✓ |
| Platform Features | |||
| Zero local attack surface | ✓ | ✓ | ✓ |
| Admin controls & audit logs | — | ✓ | ✓ |
| API access | — | — | ✓ |
| Custom integration & white labeling | — | — | Advanced |
HMAC-SHA256 tokenization engine with 128-bit truncation. Generates session-scoped tokens that bind operations to the active reconstruction window without persisting raw key material.
Private append-only hash chain with Bitcoin genesis anchoring. Produces a tamper-evident audit trail for session events and high-assurance access logging in regulated deployments.
Session decorrelation primitive validated across 4,000 empirical sessions with zero collisions. Prevents cross-session linkage while preserving deterministic reconstruction within a single session scope.
Dual-path KDF incorporating cryptographically verifiable external anchor values. Patent-pending construction under US Provisional Patent #63/946,273.
Core SDK primitives are protected under US Provisional Patent #63/946,273. Non-provisional filing in progress. View Patent Details →
Replace stored credential systems with anchor-derived, session-bound authentication. Eliminate vault databases from your threat model.
Implement the DVT architecture in your own products. Team access with no shared secrets and per-session reconstruction.
Hawking Chain State provides tamper-evident logging for HIPAA, SOC2, and other regulated environments without persisting recoverable secrets.
The SDK is in active development. Partner access will be available to qualified integrators.