Commodity Proof with Hardware-Attested Reserves
Hardware-attested proof of physical commodity reserves
CPHAR defines a cryptographic attestation pattern for sealed physical reserves, enabling verifiable custody, material integrity, and privacy-preserving reserve claims.
- Hardware-backed
- Tamper-evident
- Commodity-neutral
- ZK-compatible
- Audit-friendly
Commodity Proof with Hardware-Attested Reserves
CPHAR is a protocol pattern for proving claims about physical commodity reserves using cryptographic seals, hardware-backed attestation, and verifiable reserve accounting.
A CPHAR-compatible system links a physical reserve unit, such as a sealed fertilizer lot, to a cryptographic identity. While the seal remains intact, the device can answer verifier challenges. If the seal is broken or tampered with, the device destroys or disables its signing key.
CPHAR does not magically prove the chemical composition or economic value of a commodity. Instead, it creates a verifiable chain between inspection, sealing, custody, and reserve claims.
What CPHAR can support
- Proof that registered sealed lots remain cryptographically responsive
- Proof that reserve claims are backed by currently attested lots
- Audit trails for seal provisioning, inspection, custody, and breakage
- Privacy-preserving aggregate claims using zero-knowledge proofs
What CPHAR does not prove by itself
- That the initial inspection was honest
- That the material grade was measured correctly
- That the seal hardware is impossible to compromise
- That a reserve has market liquidity
- That legal ownership is uncontested
How the attestation flow works
sequenceDiagram
participant V as Verifier
participant R as Registry
participant S as Cryptographic Seal
participant A as Auditor
V->>R: Request active reserve claim
R->>V: Seal public keys + lot commitments
V->>S: Random challenge
S->>V: Signature over challenge
V->>R: Check status and revocation
A->>V: Optional audit evidence
V->>V: Verify reserve claim
Example: fertilizer reserve lots
A nitrogen-fertilizer reserve operator can attach a CPHAR-compatible seal to each storage container after an inspector confirms quantity and grade. A verifier — a regulator, customer, or counterparty — can later challenge each seal and prove that the registered lots are still cryptographically responsive. A zero-knowledge proof can then attest that the total registered reserves exceed a threshold without revealing individual lot identifiers.
See the fertilizer example for the full scenario, actors, and failure cases.
Protocol layers
- Physical inspection establishes the initial fact about the commodity.
- Cryptographic sealing preserves evidence of physical integrity.
- Hardware attestation proves the seal is still alive.
- Reserve accounting maps live seals to declared claims.
- Zero-knowledge proofs optionally hide sensitive reserve details.
Threat model
CPHAR pages document what each mechanism proves under defined assumptions, what it does not prove, what can go wrong, and how it is verified. Read the threat model before relying on CPHAR for any production system.
Reference architecture
The reference architecture describes the seal device, registry, verifier, oracle layer, and audit interface, plus the trust boundaries between them.
FAQ
The FAQ collects common questions about what CPHAR is, what it is not, and how it compares to other reserve-proof approaches.