Skip to main content

One-Time Access

Ghost Protocol enables access tokens that can be used exactly once and cannot be copied, shared, or revoked after issuance.

The Pattern

A one-time access token works as follows:

  1. Issuance. The issuer creates a commitment representing access rights. The commitment is recorded on-chain.

  2. Distribution. The issuer gives the secret to the intended recipient through any channel.

  3. Redemption. The recipient reveals the commitment. This proves they have the secret and consumes the access token in one atomic action.

  4. Completion. The access is granted. The token is gone. It cannot be used again.

What This Provides

One-time access tokens have properties that are difficult to achieve otherwise:

Irrevocability. Once the issuer gives out the secret, they cannot rescind the access. There is no "cancel" button. The recipient controls whether and when to use the token.

Non-duplicability. The token cannot be used twice. Even if the recipient shares the secret with others, only one reveal will succeed. The first to reveal gets the access.

Unlinkability. The issuer knows they issued a token. The system knows a token was revealed. Neither can connect the issuance to the revelation. The recipient's identity is not exposed.

Transferability. The recipient can transfer the token to someone else by sharing the secret. This transfer happens off-chain and leaves no trace.

Categories of Use

One-time access is a pattern, not a product. It enables many categories of applications:

Admission. A ticket to an event that can be used once and cannot be counterfeited or copied.

Authorization. Permission to perform a sensitive action exactly once, with proof that permission was granted.

Invitation. A referral or introduction that can be claimed by one person, with no way to trace who received it.

Unlocking. A key that opens something once, then ceases to function, preventing unauthorized re-entry.

Why Traditional Systems Struggle

Traditional one-time tokens face fundamental challenges:

Centralized revocation. Most tokens can be revoked by the issuer. This means access is never truly granted; it is merely promised.

Database correlation. Token issuance and redemption are typically logged in the same database, allowing correlation.

Copying risk. Digital tokens can be copied. Systems must either trust users not to copy or implement complex tracking.

Ghost Protocol solves these problems through cryptography rather than policy. The token cannot be revoked because there is no revocation mechanism. Correlation is impossible because no identifying data is recorded. Copying is useless because only one reveal succeeds.

The Trade-Off

The irrevocability of Ghost Protocol tokens is both a feature and a responsibility:

Once you give someone a one-time access token, you cannot take it back. If you give it to the wrong person, they have access. If they lose the secret, the access is lost forever.

This is appropriate for high-value, high-trust scenarios where access should not be controllable after grant. It is less appropriate for situations where revocation is a legitimate need.