The attestation gap
Physical commodity reserves — fertilizer, metals, pharmaceuticals, warehouse inventory — are typically verified through periodic audits. An inspector visits the site, measures the material, checks seals or locks, and issues a report. That report becomes the evidence of what exists and in what quantity.
The problem is that the evidence ages immediately.
An audit report is a snapshot of a single point in the past. Between audits — which may be months apart — there is no cryptographic assurance that the reserve has remained intact. Material could be removed, swapped, diluted, or contaminated. Seals could be broken and replaced. Inventory records could be altered. By the next audit, the trail is cold.
This is the attestation gap: the window of time during which no verifiable evidence exists that the reserve is still what it was claimed to be.
Why the gap matters
For regulated commodities, the attestation gap creates real risk:
- Counterparty risk: a buyer or lender cannot verify that pledged reserves still exist between audit cycles.
- Regulatory risk: an operator may be non-compliant for months before the next inspection catches it.
- Fraud surface: an operator with physical access can exploit the gap to manipulate inventory without immediate detection.
- Inefficiency: auditors must re-verify from scratch each cycle, repeating work that could be reduced with continuous evidence.
Existing approaches — paper seals, CCTV, access logs, custody chains — provide weak or non-cryptographic evidence. They are vulnerable to forgery, collusion, or simply go unexamined for long periods.
The question CPHAR addresses
CPHAR zooms in on one narrow claim that, if solved cryptographically, shrinks the attestation gap dramatically:
Given that a reserve lot was honestly inspected and sealed at time t₀, can we produce cheap, continuous, cryptographic evidence at time t₁ that the seal has not been physically tampered with since?
If an intact seal implies the material has not been accessed, then a live attestation at t₁ is evidence — under the seal's threat model — that the reserve is in the same state as it was at t₀. The gap between verifications collapses from months to seconds.
How CPHAR bridges the gap
A CPHAR-compatible system does not replace the initial inspection. It preserves and extends its evidentiary value:
At inspection time: an inspector verifies quantity and grade, then attaches a tamper-responsive cryptographic seal to the lot. The seal's public identity is registered alongside the inspection record.
Between inspections: any verifier — regulator, auditor, counterparty, automated monitor — can send a random challenge to the seal. An intact seal signs the challenge with its non-exportable private key. A broken seal cannot.
At any time: the verifier checks the signature against the registered public key and confirms the seal has not been revoked. A valid response is cryptographic evidence that the seal — and therefore the lot — has not been tampered with since the last honest inspection.
The result is a shift from periodic, point-in-time assurance to continuous, verifiable evidence.
What this enables
- Fresher evidence: a verifier can check a seal seconds before a transaction rather than relying on a report that is weeks or months old.
- Lower audit overhead: auditors can target exceptions and risk signals rather than re-inspecting every lot.
- Privacy-preserving disclosure: with optional zero-knowledge proofs, an operator can prove aggregate reserve thresholds without revealing individual lot locations or identifiers.
- Cross-jurisdiction verification: a regulator on another continent can challenge a seal remotely without a physical site visit.
Where to go next
- What CPHAR Proves — the specific claims the protocol supports
- Threat model — adversary capabilities and residual risks
- Protocol lifecycle — the six states of a reserve unit
- Fertilizer example — a worked scenario