# 9.2 Threats Eliminated by Design

The following attacks are **structurally eliminated**, not mitigated.

***

#### Phishing

**Why it works elsewhere:**\
Attackers steal credentials and replay them.

**Why it fails in PTERI:**

* There are no reusable secrets
* Signatures are bound to challenges
* Challenges are single-use and time-bound

> A phished signature cannot be reused.

***

#### SIM Swap Attacks

**Why it works elsewhere:**\
Identity is bound to phone numbers.

**Why it fails in PTERI:**

* No SMS-based identity
* No telecom dependency
* No recovery via phone number

***

#### Database Breaches

**Why it works elsewhere:**\
Databases store credentials or hashes.

**Why it fails in PTERI:**

* No passwords stored
* No credential databases
* No secrets at rest on servers

A breached database yields **nothing usable**.

***

#### API Key Leakage

**Why it works elsewhere:**\
Static keys grant ambient authority.

**Why it fails in PTERI:**

* API keys only access verification APIs
* Authority always requires a signature
* Keys cannot approve actions

Leaked API keys cannot move funds or authenticate users.

***

#### Replay Attacks

**Why it works elsewhere:**\
Tokens or sessions can be reused.

**Why it fails in PTERI:**

* Challenges are nonce-based
* Challenges expire
* Signatures are bound to a specific intent

Replays are rejected deterministically.

***

<figure><img src="/files/3OfUFzNsftcEPUFKQPLd" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kakrlabs.com/9.-threat-model-and-cryptography/9.2-threats-eliminated-by-design.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.