pith. sign in

arxiv: 2512.20775 · v2 · submitted 2025-12-23 · 💻 cs.CR · cs.CY

Sark: Oblivious Integrity Without Global State

Alex Lynham , David Alesch , Ziyi Li , Geoff Goodell This is my paper

Pith reviewed 2026-05-16 20:14 UTC · model grok-4.3

classification 💻 cs.CR cs.CY
keywords SarkUSO assetsPortersSlooplocal centralityCIA triadoblivious transferspermissioned blockchain
0
0 comments X

The pith

Sark enables unforgeable, stateful, oblivious asset transfers without global state using local commitments and a permissioned blockchain.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces Sark as a reference architecture for handling assets that must stay unforgeable, keep their state across transfers, and remain oblivious to external observers. Porters collect and combine commitments from clients at a local level before rolling them up, while Sloop supplies the permissioned crash-fault-tolerant blockchain for coordination. The design is examined through the CIA triad to confirm it upholds confidentiality, integrity, and availability. Local centrality is defined as a concept to weigh decentralization options, and the paper notes directions for adding Byzantine fault tolerance and reducing dependence on central Porters.

Core claim

Sark uses Porters to accumulate and roll up commitments from clients locally, paired with Sloop as a permissioned CFT blockchain, to support transfers of assets that are unforgeable, stateful, and oblivious without maintaining a global state. The architecture is assessed using the CIA triad of confidentiality, integrity, and availability, and the concept of local centrality is introduced to address related decentralization trade-offs.

What carries the argument

Porters that accumulate and roll up client commitments locally, combined with Sloop as the permissioned crash-fault-tolerant blockchain that supplies coordination and integrity checks without global state.

If this is right

  • Asset transfers remain unforgeable, stateful, and oblivious.
  • The CIA properties of confidentiality, integrity, and availability hold under the architecture.
  • Local centrality provides a framework for evaluating decentralization trade-offs.
  • The system design can be extended to Byzantine fault tolerance in future iterations.
  • Reducing the local centrality of Porters can increase overall decentralization.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach could reduce overhead in large networks by avoiding full global state synchronization.
  • It points to a workable middle path for asset systems that do not require complete decentralization.
  • Real deployments might reveal whether local centrality creates practical bottlenecks under high client volume.

Load-bearing premise

Local commitment accumulation by Porters together with Sloop's permissioned crash-fault-tolerant blockchain can deliver unforgeable, stateful, oblivious transfers without global state while satisfying the CIA properties.

What would settle it

An observed case where an asset state is successfully forged or its oblivious property is violated without detection by the system, or where availability fails despite correct local accumulation and Sloop operation.

Figures

Figures reproduced from arXiv: 2512.20775 by Alex Lynham, David Alesch, Geoff Goodell, Ziyi Li.

Figure 1
Figure 1. Figure 1: Sark Architecture 3. Design, Implementation and Architecture A high-level overview of the Sark system demonstrates that it has a comparable stack to many other blockchain systems, with Porters performing a similar role to execu￾tion clients, and Validators handling consensus in a similar manner to consensus clients (see [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: Sark USO Asset 3.2. USO Assets USO assets are the transactable unit in the Sark system. Unlike tokens recorded on a shared ledger, USO assets maintain their internal state and (optionally) additional meta￾data about the history of their transactions ( [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Alice registers an update, giving Bob control first [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Sark Protocol Diagram Note: C represents completed Merkle trees at the Porter level, S represents snapshots of Merkle trees in production, which can be submitted at any given rate, and R represents the roots at the Validator level. Updating (i.e. transferring) the asset then follows the same schema ( [PITH_FULL_IMAGE:figures/full_fig_p004_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Architectural design trade-off analysis TABLE 2: Global Decentrality and Local Centrality in Blockchain Systems Blockchain System Nakamoto Consensus Cosmos SDK/Tendermint Chain Sark Example Network Bitcoin Cosmos Hub N/A Subsystem Under Examination Miners/Ledger Validators/Ledger Porters/USO Operative Threshold (Nakamoto Coefficient) 51% of hash power 33.4% of Voting Power 1 Porter Attack threshold for use… view at source ↗
Figure 9
Figure 9. Figure 9: A more decoupled architecture. This shows the [PITH_FULL_IMAGE:figures/full_fig_p006_9.png] view at source ↗
Figure 8
Figure 8. Figure 8: Nakamoto Coefficient of validators It is worth being clear about the implications of the MDT on these systems. Block reversions due to the combined hash power of a single mining pool have been seen on Bitcoin. This arguably means that the lowest seen number of entities required to control the network is 1, failing the MDT test. According to data collected from the Cosmos Ecosystem16 networks can on occasio… view at source ↗
Figure 10
Figure 10. Figure 10: Latency comparison between per-block JMT and [PITH_FULL_IMAGE:figures/full_fig_p007_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Throughput comparison between per-block JMT [PITH_FULL_IMAGE:figures/full_fig_p007_11.png] view at source ↗
read the original abstract

In this paper, we introduce Sark, a reference architecture for transferring unforgeable, stateful, oblivious (USO) assets. We describe the motivation, design, and implementation of the core subsystems of Sark, Porters, which accumulate and roll-up commitments from Clients, and Sloop, a permissioned, crash fault-tolerant (CFT) blockchain system. We analyse the operation of the system using the `CIA Triad': Confidentiality, Availability, and Integrity. We then introduce the concept of \textit{local centrality} and use it to address design trade-offs related to decentralization. Finally, we point to future work on Byzantine fault-tolerance (BFT), and mitigating the local centrality of Porters.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 1 minor

Summary. The paper introduces Sark, a reference architecture for transferring unforgeable, stateful, oblivious (USO) assets. Core subsystems are Porters, which accumulate and roll-up commitments from Clients, and Sloop, a permissioned crash fault-tolerant (CFT) blockchain. The design is analyzed via the CIA triad, the concept of local centrality is introduced to frame decentralization trade-offs, and future work on Byzantine fault tolerance is outlined.

Significance. If the architecture can be shown to satisfy the claimed properties, it would provide a novel reference design for oblivious asset transfers that avoids global state via local accumulation and permissioned CFT consensus. The local-centrality framing could usefully inform trade-off discussions in permissioned systems, but the absence of formal models, proofs, or evaluation data currently limits its contribution to the field.

major comments (3)
  1. [Abstract] Abstract: the central claim that Porters' local commitment accumulation plus Sloop's permissioned CFT blockchain delivers unforgeable, stateful, oblivious transfers is unsupported; CFT tolerates only crashes and the manuscript supplies no threat model, security definitions, or reduction showing that malicious Porters cannot forge or duplicate commitments.
  2. [CIA Triad analysis] CIA Triad analysis: the discussion of Confidentiality, Integrity, and Availability is informal and contains no formal security definitions, game-based models, or proofs, leaving the integrity and obliviousness guarantees ungrounded.
  3. [Local centrality] Local centrality section: the introduction of local centrality to address decentralization trade-offs is presented without quantitative metrics, comparison to global-state baselines, or evaluation of its effect on the USO properties.
minor comments (1)
  1. [Implementation description] The manuscript would benefit from pseudocode or a clear protocol diagram for commitment roll-up and Sloop block formation to improve clarity and reproducibility.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive review and for identifying areas where the manuscript's claims require stronger grounding. We agree that the current presentation is primarily architectural and informal, and we will revise the paper to qualify claims appropriately, expand the threat model, and clarify the scope of the analysis. Below we respond point by point to the major comments.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central claim that Porters' local commitment accumulation plus Sloop's permissioned CFT blockchain delivers unforgeable, stateful, oblivious transfers is unsupported; CFT tolerates only crashes and the manuscript supplies no threat model, security definitions, or reduction showing that malicious Porters cannot forge or duplicate commitments.

    Authors: We accept this criticism. The abstract states the intended properties of the reference architecture, but the manuscript does not supply a formal threat model or security reductions. In the revision we will rewrite the abstract to present the USO properties as design goals supported by the informal CIA analysis and the permissioned CFT assumption. We will add an explicit threat model section that states the assumptions on Porter honesty (or lack thereof) and notes that malicious Porters are outside the current CFT model; the text will cross-reference the future-work paragraph on BFT. This change will make the scope of the claims accurate without overstating what is proven. revision: yes

  2. Referee: [CIA Triad analysis] CIA Triad analysis: the discussion of Confidentiality, Integrity, and Availability is informal and contains no formal security definitions, game-based models, or proofs, leaving the integrity and obliviousness guarantees ungrounded.

    Authors: We agree that the CIA triad section is informal. The section was intended as a high-level mapping of architectural choices to the three properties rather than a formal security argument. In revision we will (1) insert concise definitions of each USO property in the context of the asset model, (2) add a short threat-model paragraph that lists the capabilities assumed for an adversary, and (3) explicitly link each CIA property to concrete mechanisms (local roll-ups for integrity, permissioned membership for availability). We will not add game-based proofs, as that would require a different paper; instead we will state that the current analysis is informal and that formal verification remains future work. revision: partial

  3. Referee: [Local centrality] Local centrality section: the introduction of local centrality to address decentralization trade-offs is presented without quantitative metrics, comparison to global-state baselines, or evaluation of its effect on the USO properties.

    Authors: The local-centrality concept is offered as a qualitative lens for discussing the decentralization trade-off between fully global state and the local accumulation used by Porters. We acknowledge the absence of quantitative support. In the revised manuscript we will expand the section with (a) a brief comparison table contrasting local centrality with global-state designs on dimensions such as consensus participant count and state size, and (b) a short discussion of how the degree of local centrality affects the integrity and obliviousness properties under the stated threat model. Because the paper contains no empirical evaluation, we will label these additions as illustrative rather than measured results and will flag the need for future quantitative study. revision: partial

Circularity Check

0 steps flagged

No circularity in Sark reference architecture proposal

full rationale

The paper introduces Sark as a new reference architecture for unforgeable stateful oblivious assets, describing Porters for local commitment accumulation and Sloop as a permissioned CFT blockchain. It analyzes the system using the CIA triad and introduces local centrality as a design concept. No equations, fitted parameters, or derivations are presented that reduce by construction to inputs. The work is framed as a design proposal with deferred future work on BFT rather than a closed-form derivation or prediction. No self-citations, ansatzes, or renamings of known results appear as load-bearing steps in the provided text.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 4 invented entities

The central claim rests on domain assumptions about the security properties of permissioned CFT blockchains and the sufficiency of local commitments for obliviousness, plus several newly introduced entities without independent evidence.

axioms (2)
  • domain assumption A permissioned crash fault-tolerant blockchain can provide the integrity and availability guarantees required for USO asset transfers.
    Sloop is presented as such without further justification or threat model in the abstract.
  • domain assumption Local commitment roll-ups can achieve obliviousness and statefulness without requiring global state visibility.
    Core design premise for avoiding global state.
invented entities (4)
  • USO assets no independent evidence
    purpose: Unforgeable, stateful, oblivious assets to be transferred securely.
    New category of assets defined for the Sark architecture.
  • Porters no independent evidence
    purpose: Accumulate and roll-up commitments from Clients.
    Core subsystem introduced to handle local commitments.
  • Sloop no independent evidence
    purpose: Permissioned CFT blockchain providing the system backbone.
    Core subsystem introduced for ordering and verification.
  • local centrality no independent evidence
    purpose: Concept for addressing decentralization trade-offs.
    New analytical lens introduced to discuss design choices.

pith-pipeline@v0.9.0 · 5417 in / 1592 out tokens · 42283 ms · 2026-05-16T20:14:20.040467+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

30 extracted references · 30 canonical work pages

  1. [1]

    Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events,

    National Cybersecurity Center of Excellence (NIST), “Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events,” https://www.nccoe.nist.gov/publication/1800-26/VolA/i ndex.html [Accessed: 28.11.2025]

    work page 2025

  2. [2]

    Blockchains and the eco- nomic institutions of capitalism,

    S. Davidson, P. De Filippi, and J. Potts, “Blockchains and the eco- nomic institutions of capitalism,”Journal of Institutional Economics, vol. 14, no. 4, p. 639–658, 2018

    work page 2018

  3. [3]

    Blockchain as a confidence machine: The problem of trust & challenges of governance,

    P. De Filippi, M. Mannan, and W. Reijers, “Blockchain as a confidence machine: The problem of trust & challenges of governance,”Technology in Society, vol. 62, p. 101284, 2020. [Online]. Available: https://www.sciencedirect.com/science/article/pi i/S0160791X20303067

    work page 2020

  4. [4]

    A scalable architec- ture for electronic payments,

    G. Goodell, D. R. Toliver, and H. D. Nakib, “A scalable architec- ture for electronic payments,” inFinancial Cryptography and Data Security. FC 2022 International Workshops, S. Matsuo, L. Gudgeon, A. Klages-Mundt, D. Perez Hernandez, S. Werner, T. Haines, A. Es- sex, A. Bracciali, and M. Sala, Eds. Cham: Springer International Publishing, 2023, pp. 645–678

    work page 2022

  5. [5]

    Blind signatures for untraceable payments,

    D. Chaum, “Blind signatures for untraceable payments,” inAdvances in Cryptology, D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Boston, MA: Springer US, 1983, pp. 199–203

    work page 1983

  6. [6]

    How to issue a central bank digital currency,

    D. Chaum, C. Grothoff, and T. Moser, “How to issue a central bank digital currency,” 2021. [Online]. Available: https: //arxiv.org/abs/2103.00254

    work page arXiv 2021

  7. [7]

    Penumbra Guides,

    Penumbra Foundation, “Penumbra Guides,” https://guide.penumbra.z one/ [Accessed: 28.11.2025]

    work page 2025

  8. [8]

    Decentralization: A Qualitative Survey of Node Operators,

    A. Lynham and G. Goodell, “Decentralization: A Qualitative Survey of Node Operators,” inTo appear, Journal of Mathematical Cryptology. FCiR 2025. De Gruyter, 2026. [Online]. Available: https://arxiv.org/abs/2503.17246

    work page arXiv 2025

  9. [9]

    Blockchain and distributed ledger technologies — V ocabulary,

    ISO, “Blockchain and distributed ledger technologies — V ocabulary,” https://www.iso.org/obp/ui/en/#iso:std:iso:22739:ed-2:v1:en [Accessed: 01.09.2024]

    work page 2024

  10. [10]

    Defining DLT Immutability: A Qualitative Survey of Node Operators,

    A. Lynham and G. Goodell, “Defining DLT Immutability: A Qualitative Survey of Node Operators,” inTo appear, Springer Communications in Computer and Information Science. SDLT

    work page

  11. [11]

    [Online]

    Springer International Publishing, 2026. [Online]. Available: https://arxiv.org/abs/2507.02413

    work page arXiv 2026

  12. [12]

    Calculativeness, trust, and economic organization,

    O. Williamson, “Calculativeness, trust, and economic organization,” Journal of Law and Economics, vol. 36, pp. 453–86, 02 1993

    work page 1993

  13. [13]

    What is Cosmos?

    Interchain Foundation, “What is Cosmos?” https://web.archive.org/ web/20250125090007/https://v1.cosmos.network/intro [Accessed: 25.01.2025]

    work page arXiv 2025

  14. [14]

    Nodes and Clients,

    Ethereum Foundation, “Nodes and Clients,” https://ethereum.org/en/ developers/docs/nodes-and-clients/ [Accessed: 01.09.2024]

    work page 2024

  15. [15]

    Tower ABCI - GitHub,

    Penumbra Labs, “Tower ABCI - GitHub,” https://github.com/penum bra-zone/tower-abci [Accessed: 28.11.2025]

    work page 2025

  16. [16]

    Malachite BFT Consensus Engine,

    I. Systems, “Malachite BFT Consensus Engine,” https://github.com /circlefin/malachite [Accessed: 18.12.2025]

    work page 2025

  17. [17]

    Privacy As Contextual Integrity,

    H. Nissenbaum, “Privacy As Contextual Integrity,”Washington Law Review, vol. 79, 05 2004

    work page 2004

  18. [19]

    Bybit finds 16 blockchains with power to freeze user funds,

    H. Partz, “Bybit finds 16 blockchains with power to freeze user funds,” https://cointelegraph.com/news/bybit-analysts-16-block chains-freeze-user-funds [Accessed: 28.11.2025]

    work page 2025

  19. [20]

    Bashir,Blockchain Age Protocols

    I. Bashir,Blockchain Age Protocols. Berkeley, CA: Apress, 2022, pp. 331–376. [Online]. Available: https://doi.org/10.1007/978-1-484 2-8179-6 8

    work page doi:10.1007/978-1-484 2022

  20. [21]

    Quantifying Decentralization,

    L. Srinivasan, B. & Lee, “Quantifying Decentralization,” https://ne ws.earn.com/quantifying-decentralization-e39db233c28e [Accessed: 01.09.2024]

    work page 2024

  21. [22]

    Sok: A stratified approach to blockchain decentralization,

    C. Ovezik, D. Karakostas, and A. Kiayias, “Sok: A stratified approach to blockchain decentralization,” 2024. [Online]. Available: https://arxiv.org/abs/2211.01291

    work page arXiv 2024

  22. [23]

    Edinburgh Decentralisation Index,

    University of Edinburgh, “Edinburgh Decentralisation Index,” https: //blockchainlab.inf.ed.ac.uk/edi-dashboard/ [Accessed: 14.05.2025]

    work page 2025

  23. [24]

    Account 0x1f131Cd4066e9D79153a08cd1D311B68eb9bc602,

    Monadvision Block Explorer, “Account 0x1f131Cd4066e9D79153a08cd1D311B68eb9bc602,” h t t p s : //monadvision.com/address/0x1f131Cd4066e9D79153a08cd 1D311B68eb9bc602?type=Transactions [Accessed: 28.11.2025]

    work page 2025

  24. [25]

    Account 0x6810126A16826718fA52DEaDA7eb979335405406,

    ——, “Account 0x6810126A16826718fA52DEaDA7eb979335405406,” https://monadvision.com/address/0x6810126A16826718fA52DEaD A7eb979335405406 [Accessed: 28.11.2025]

    work page 2025

  25. [26]

    Account 0x5e5cD561c772968D739824AD834aECcE78e878b4,

    ——, “Account 0x5e5cD561c772968D739824AD834aECcE78e878b4,” https://monadvision.com/address/0x5e5cD561c772968D739824AD 834aECcE78e878b4 [Accessed: 28.11.2025]

    work page 2025

  26. [27]

    Jellyfish Merkle Tree,

    Q. W. Zhenhuan Gao, Yuxuan Hu, “Jellyfish Merkle Tree,” https: //web.archive.org/web/20251202144723/https://diem-developers-c omponents.netlify.app/papers/jellyfish-merkle-tree/2021-01-14.pdf [Accessed: 28.11.2025]

    work page arXiv 2021

  27. [28]

    The istanbul bft consensus algorithm,

    H. Moniz, “The istanbul bft consensus algorithm,” 2020. [Online]. Available: https://arxiv.org/abs/2002.03613

    work page arXiv 2020

  28. [29]

    Horcrux - GitHub,

    Strangelove Ventures, “Horcrux - GitHub,” https://github.com/stran gelove-ventures/horcrux [Accessed: 28.11.2025]

    work page 2025

  29. [30]

    Web3 as Decentralization Theater? A Framework for Envisioning Decentralization Strategically,

    J.-P. Vergne, “Web3 as Decentralization Theater? A Framework for Envisioning Decentralization Strategically,”Research in the Sociology of Organizations, vol. 89, pp. 115–127, 07 2024

    work page 2024

  30. [31]

    The economic limits of permissionless consensus

    E. Budish, A. Lewis-Pye, and T. Roughgarden, “The Economic Limits of Permissionless Consensus,” 2024. [Online]. Available: https://arxiv.org/abs/2405.09173

    work page arXiv 2024