Skip to main content

What Exists Where

Understanding Ghost Protocol requires understanding where data lives at each stage of the lifecycle.

On-Chain Data

The blockchain stores exactly two types of information:

Commitments. Each commitment is a 256-bit hash. The blockchain records the hash value and its position in the commitment tree. Nothing else.

Nullifiers. When a commitment is revealed, its nullifier is recorded. The nullifier is also a 256-bit hash. Recording it prevents the commitment from being revealed again.

That is all. The blockchain does not store:

  • The data that was committed
  • The secrets used to create commitments
  • Any information about who created or revealed commitments
  • Any metadata about what commitments represent

The on-chain footprint is minimal and content-free.

Off-Chain Data (Your Responsibility)

Everything else exists off-chain, in your possession:

Your secrets. The random values you generated when creating the commitment. Without these, the commitment is forever inaccessible.

Your data. The actual information that was committed. This never touches the blockchain.

Your proof material. When you reveal, you generate a zero-knowledge proof locally. The proof is submitted on-chain, but the inputs to the proof stay with you.

This data is entirely your responsibility. Ghost Protocol does not back it up. No cloud service stores it. No recovery mechanism exists.

If you lose your secrets, your commitment is lost. This is by design.

The Privacy Boundary

The boundary between on-chain and off-chain is the privacy boundary:

On-Chain (Public)Off-Chain (Private)
Commitment hashOriginal data
Nullifier (after reveal)Secrets
Tree positionYour identity
TimestampYour intentions

Information never crosses this boundary without your explicit action. When you reveal, you choose to move the result of your commitment from private to public. The commitment itself remains private.

Why This Separation Matters

The strict separation between on-chain and off-chain data is what makes Ghost Protocol's privacy guarantees possible:

No central database. There is no server storing your data that could be breached, subpoenaed, or hacked.

No trust required. You do not need to trust any institution to protect your privacy. The privacy is mathematical, not institutional.

No linkability. Because the blockchain stores only hashes, there is no data to link. Commitments cannot be correlated with each other or with external information.

Full sovereignty. Your data is in your control. You decide when (or if) to reveal. No one else has the power to make that decision.

Practical Implications

This model requires you to take responsibility:

Backup your secrets. If you lose them, your commitment is lost. Store them securely, offline if possible.

Understand the risk. There is no "forgot password" flow. No support team can help you recover lost secrets.

Plan for transfer. If you want someone else to be able to reveal your commitment, you must give them your secrets. This is how value moves in Ghost Protocol.

The trade-off is clear: you get privacy that cannot be violated, but you accept responsibility that cannot be delegated.