Summary
CPHAR — Commodity Proof with Hardware-Attested Reserves — is a protocol pattern, not a single product. It defines how to link a physical reserve unit (a sealed lot of fertilizer, metal, grain, or similar material) to a cryptographic identity that can answer verifier challenges as long as the seal remains intact.
CPHAR is composed of four layers:
- Physical inspection — an approved inspector verifies quantity and grade.
- Cryptographic sealing — a tamper-responsive device with a non-exportable signing key is attached to the reserve unit.
- Hardware attestation — verifiers send random challenges; the intact seal signs them.
- Reserve accounting — a registry maps live seal identities to declared reserve quantities. Optional zero-knowledge proofs aggregate claims without revealing lot identifiers.
What problem does this solve?
Existing reserve attestations rely heavily on trusted off-chain audits, which are infrequent, slow, and provide weak evidence of current physical integrity. CPHAR addresses the narrower question:
Given that a reserve was honestly inspected at some past time, can we produce cheap, continuous, cryptographic evidence that the sealed unit has not been physically tampered with since?
What CPHAR proves
A CPHAR system can produce evidence — under defined assumptions — that:
- A registered seal device remains responsive to verifier challenges.
- A reserve claim is backed by attestations from currently registered seals.
- Aggregate claims (e.g. "total reserves ≥ N") hold without revealing individual lot details.
What CPHAR does not prove
CPHAR does not prove honest inspection, accurate material measurement, perfect seal hardware, market liquidity, or legal ownership. See What CPHAR Does Not Prove for the full list.
Where to go next
- Terminology — vocabulary used in the rest of the docs
- What CPHAR Proves — claims, in detail
- Protocol lifecycle — the six states of a reserve unit
- Threat model — what each mechanism assumes and what can go wrong