p15.docs

Auditability

Privacy that cannot be opened on purpose is a liability. Protocol15 is private by default and auditable when needed: the holder can give a specific party a specific view, without weakening privacy for anyone else. There are two tiers.

Selective disclosure

This is the preferred path. A disclosure is a signed, chain-verifiable statement about a chosen set of transactions, encrypted to a named auditor's meta-address. It is scoped to exactly the transactions you pick, it is not a live key, and it can be revoked.

The auditor verifies the statement is genuine and decrypts only what you handed over. They cannot wander beyond the chosen set, and they cannot follow your future activity.

An optional one-time mode adds a public, single-open guarantee. The statement carries an id, and opening it burns a one-time on-chain marker. A second open is blocked, and the open leaves a public record, with no server or custom program in the loop. The marker is implemented as a compression nullifier, a compressed account at a deterministic address, so it does not carry the rent cost of a full account. The one irreducible limit is human: you cannot unsee what the first opener already decrypted.

Viewing keys

The second tier is the open-the-books escape hatch. A viewing key bundles the secrets needed to read activity: the decryption key and the scan secret. It is a read-only god key for one epoch. It reveals everything in that epoch and nothing in any other.

A viewing key never risks funds. The spend authority is a separate secret that never leaves the client. Handing over a viewing key lets someone watch; it does not let them move anything.

Compromise containment

Because both tiers are scoped to an epoch, exposure is contained by rotation. If a viewing key leaks, you bump to a new epoch. The leaked key keeps working for the epoch it belonged to, which is already in the past, and the new epoch is untouched. You do not have to move funds to recover privacy.

This is the same epoch mechanism described in Stealth & announce: one rotation primitive serves both delivery and audit.