TL;DR
Ghost Protocol is a commit-once, reveal-once primitive that lets value and credentials leave the ledger entirely.
The chain enforces only existence and one-time use, not ownership, balances, or transfer history.
This enables offline transfers, bearer-style assets, sealed disclosures, and one-time credentials that ledger-based systems cannot safely support.
Overview
We’re introducing Ghost Protocol, a cryptographic primitive running on a Cosmos-based EVM execution layer called Umbraline.
Ghost enforces commit-once, reveal-once semantics to minimize on-chain state. Unlike encrypted storage or obfuscated graphs, the security property is non-existence: data is never stored in a recoverable form.
The chain only sees fixed-size commitments (hashes) and one-time nullifiers on reveal. It never stores payloads, secrets, ownership, balances, or transfer history.
This is not a replacement for accounts or DeFi. It is a narrow primitive designed for cases where persistent state is a liability.
The Always-Online Problem
Most blockchains enforce correctness through mutable shared state such as balances, ownership mappings, allowances, and transfer history.
Every transfer requires consulting and updating this state. That makes always-online access a structural dependency.
L2s, rollups, and channels relocate this dependency, but they don’t remove it. Ownership still has to be resolved against a live ledger or sequencer.
Ghost flips the model. Correctness is enforced at the moment of use, not by maintaining an evolving ownership record.
Commit-Once, Reveal-Once
Every commitment follows exactly one of two lifecycles.
Lifecycle A: Commit → Reveal
A user generates a secret s, computes a commitment hash, and records it in an on-chain Merkle tree.
Later, the user proves knowledge of s using a zk-SNARK.
A nullifier is recorded to prevent reuse, and the bound action executes exactly once.
Lifecycle B: Commit → Silence
The commitment is recorded.
The secret is never revealed.
The chain can never determine what was committed or whether it will be used.
There is no third path.
You cannot reveal twice.
You cannot partially reveal.
You cannot update a commitment.
What the Chain Records
Recorded on-chain
Commitments as 256-bit Poseidon hashes in a Merkle tree.
Nullifiers written only on reveal.
Never recorded
Payloads.
Secrets.
Ownership.
Balances.
Transfer history.
Identities.
The chain enforces existence and one-time use. Everything else is deliberately out of scope.
Phantom Keys and Off-Chain Control
Control over a commitment is determined by possession of an off-chain secret, called a Phantom Key.
The protocol does not track who holds a key, how it moves between parties, or whether it was copied or destroyed.
This is intentional. Circulation is invisible. Only commit (creation) and reveal (consumption) are observable events.
The model matches physical bearer instruments: possession is the only proof of control.
Why This Enables Offline Transfers
Because the asset is knowledge of a secret:
Alice commits value on-chain and stores the secret locally.
Alice transfers the secret to Bob offline using QR, NFC, encrypted message, or paper.
Bob reconnects later and reveals the commitment.
The chain never observes the transfer. Bob’s reveal is indistinguishable from Alice’s or anyone else’s.
This is fundamentally different from channels or rollups, which still depend on coordinated online state.
Implementation Sketch
Commit
secret = random()
dataHash = hash(payload)
commitment = Poseidon(secret, dataHash)
GhostVault.commit(commitment)
Reveal
proof = ZKProof(
knows secret
commitment exists in tree
nullifier unused
)
GhostVault.reveal(proof)
On-chain enforcement consists of Merkle membership, zk-SNARK validity, and nullifier uniqueness.
There is no ownership tracking and no balances.
Network and Deployment
Ghost Protocol currently runs on Umbraline, a Cosmos-based EVM L1 using CometBFT consensus.
Chain ID is 5446.
The native token is GHOST.
Core contracts are deployed on testnet, and the full commit to offline transfer to reveal flow is live.
Developer documentation and network access details are available on the Umbraline site.
What This Unlocks
Offline digital cash where value circulates off-chain as secrets and only creation and redemption touch the chain.
Irrevocable access tokens that are issued once and cannot be revoked or reused.
Sealed disclosures where data is committed now, proven to exist, and revealed later.
Private credentials where possession can be proven without revealing which credential is held.
These are difficult or impossible to implement safely with persistent state.
Discussion
Ghost Protocol is live on testnet and intentionally minimal by design.
From a Cosmos perspective, we’re especially interested in feedback on nullifier edge cases, long-lived unrevealed commitments, composability with IBC or app-chains, and where this model breaks down or should not be used.
We’d appreciate technical feedback from builders who have wrestled with state minimization before.