CPHAR separates physical-state evidence from reserve accounting.
At the physical layer, a cryptographic seal can prove that it still controls an internal signing key. If the seal is designed so that tampering destroys the key, successful challenge-response attestation becomes evidence that the seal has not been broken under the device's threat model.
At the accounting layer, a verifier can check whether currently attested seals correspond to registered reserve lots.
At the privacy layer, a zero-knowledge proof can optionally prove aggregate statements about those lots without revealing each lot identity.
Example claim
This claim may reveal the threshold amount while hiding individual lot identifiers, warehouse locations, or supplier relationships.
Assumptions this proof relies on
Non-goals
What data is public
- Seal public keys
- Lot commitments and registry status (subject to disclosure policy)
- Revocation lists
- Aggregate reserve claims, when the prover chooses to publish them
What data can remain private
- Individual lot identifiers
- Warehouse locations
- Supplier and counterparty identities
- Detailed material composition reports
Zero-knowledge proofs and commitment schemes give the prover fine-grained control over which fields appear in each verifier-facing claim. See ZK integration.