These terms appear throughout the PhantomLayer essay series. Each definition is precise rather than colloquial. The architectural distinctions matter and loose usage loses them.
A credential that must exist in readable or harvestable form to prove control. A private key is one. A validator set is one. An admin account with long-lived signing access is one. The term describes an operational property, not a judgment on the cryptography. Any credential that must be present and readable to authorize an action is an exposed authority artifact, regardless of how well it is protected.
The hidden controller identity in PhantomLayer’s architecture. Private, off-chain, never revealed to the system verifying control. The Phantom Identity authorizes a Commitment. The system sees the Commitment. It never sees the identity behind it.
A high-entropy extract of a Phantom Identity — for example, SPKI bytes. The Descriptor is the input to the Commitment function. It is not the identity itself.
Cᵢ = Commit(Dᵢ). The only public representation of control in PhantomLayer’s architecture. The Commitment is anchored on-chain or in-system. It can be verified without revealing the Phantom Identity or Descriptor behind it.
The public-facing address associated with a controlled asset. Stores Commitments, not keys. Does not expose the controller identity.
The on-chain state machine that validates proofs over Commitments and governs what authorized transitions can change about the system. Vault Logic enforces the protocol. It does not hold or reveal authority.
Cryptographic evidence that a rotation or recovery event is legitimate. Produced by the Phantom Identity holder. Verified by Vault Logic without revealing the identity behind it.
A proof-backed transition from one Phantom Identity to the next. The asset does not move. The Commitment updates. The prior identity is retired without being revealed.
A proof-backed override transition using a Recovery Identity Bᴿ. Distinct from the primary rotation path. Recovery authority is a first-class architectural property, not a contingency.
The act of checking whether a proof satisfies a rule. A signature check is verification. A quorum check is verification. Verification evaluates whether a proof is valid. It does not evaluate whether the action being authorized is appropriate given the current state of the system. Verification and authority are not the same thing.
The right to take a consequential action given the current state of the system. Not just the credential that enables it. A valid credential does not always represent intact authority. The distinction between verification and authority is where most institutional security analysis stops short.
The set of actions a valid authorization can take within a system. A system that does not bound authority scope permits valid credentials to authorize actions the system should never permit — including changes to the mechanism that governs future authorizations.
Changes to the mechanism of control itself, as distinct from ordinary authorized actions. A transaction that replaces a wallet’s implementation contract is a meta-control event. A transaction that transfers funds is not. Systems that do not distinguish between these permit meta-control events to be authorized through the same path as routine operations.
The dominant control architecture for digital systems. Authorization depends on credentials that must exist in readable or harvestable form. Includes implementations using private keys, validator sets, admin accounts, and threshold signature schemes. MPC, multisig, HSMs, and PQ schemes are all implementations within the exposed key model. They address real problems within it. They do not change the structural property that authorization depends on an exposed artifact.
PhantomLayer’s control architecture. Authorization is proven through a commitment scheme rather than through an exposed credential. The Phantom Identity authorizing the Commitment never enters the system verifying it. This removes key exposure from the authorization path, which changes the threat surface for both classical and quantum attack classes.
The root distinction in PhantomLayer’s architectural argument. Control is the ability to authorize consequential actions. Exposure is the degree to which the artifact enabling control is observable or harvestable. In the exposed key model, control and exposure are coupled — the controlling artifact must be exposed to be used. PhantomLayer’s architecture decouples them.
This glossary reflects PhantomLayer's architectural terminology. Terms are defined as used in the essay series, not as general industry definitions.