This paper addresses the design challenge of Untrusted-State, Unforgeable, Stateful, and client-Oblivious (USO) asset systems—i.e., systems lacking global state, ensuring asset unforgeability, maintaining local state, and preserving client obliviousness. We propose Sark, a reference architecture comprising two core components: Sloop, a permissioned CFT blockchain, and Porters, a commitment-aggregation subsystem. Sark introduces a novel *stealthy state-update protocol* that decouples state maintenance from privacy preservation. We formalize the *Integrity Locus* concept within the CIA security model to rigorously characterize decentralization trade-offs and achieve, for the first time, *verifiable asset integrity without global state*. Experimental evaluation confirms feasibility: Sark guarantees both client obliviousness and integrity, while quantitatively exposing an inherent trade-off between Porters’ localized centrality and overall system availability.

In this paper, we introduce Sark, a reference architecture implementing the Unforgeable, Stateful, and Oblivious (USO) asset system as described by Goodell, Toliver, and Nakib. We describe the motivation, design, and implementation of Sloop, a permissioned, crash fault-tolerant (CFT) blockchain that forms a subsystem of Sark, and the other core subsystems, Porters, which accumulate and roll-up commitments from Clients. We analyse the operation of the system using the 'CIA Triad': Confidentiality, Availability, and Integrity. We then introduce the concept of Integrity Locus and use it to address design trade-offs related to decentralization. Finally, we point to future work on Byzantine fault-tolerance (BFT), and mitigating the local centrality of Porters.