Using the Free-trust Machine to Solve Transparency and Provide Customer-Assurance

Co-authored by Gavin Wood

This post describes a prototype that uses blockchain technology — an instance of new-wave free-trust technology — to enable secure transparency and traceability by creating an auditable record of the journeys of physical or digital assets as well as data provenance. The auditable record is akin to a secure digital passport that proofs

• authenticity (“Is this the asset/good/piece of information that it claims to be?”) and
• origin (“Where does this asset/piece of information come from?”).

Digital passports will allow secure traceability in various settings ranging from physical supply chains to the trusted sharing of personal data. It provides a technological solution using trust machines instead of traditional organizational solutions, i.e. third parties, to solve the problem of the lack of trust between collaborating parties. We are repeatedly let down by the failures of the organizational approach.

This article started with passionate discussions about the dismal state of product supply chains with Jessi Baker and continued with Gavin Wood and I designing a blockchain based architecture for certification in supply chains that could be implemented using the Ethereum blockchain stack. Jessi, Gavin and I described the benefits that such an approach could bring to opaque global supply chains in a white paper by start-up company Project Provenance.

In this post, we focus on the general advantages that come with the use of free-trust machines when different economic actors with potentially disparate interests want to reap benefits from collaborating with each other compared to employing the conventional approach of entrusting a third party operator with creating and keeping records. Collaboration here means reaping and distributing the benefits from a sequence of (economic) transactions.

The benefits of free-trust machines derive from three key differences to conventional systems that we will discuss in detail:

• Non-localization
• Security
• Auditability.

Thanks to Aeron Buchanan, Christopher Brewster, Hugh Laughlin, Nicole Green, Patrick Mallet and Raul Romanutti, for their invaluable contributions.

Demand for transparency is rising

From complex global supply chains to consumer loyalty programs to services “in the cloud” — more and more consumers are demanding genuine transparency about the systems they buy into.

Sustainability standards and certification (e.g. Fairtrade, Forest Stewardship Council (FSC)) have been an important tool to enable choice differentiation for consumer products. But guaranteeing the integrity of certificates is a costly process that, despite laborious audits, still struggles to assure the validity of the claims being made. In addition, recent regulation in the EU and UK requires companies to publish more information about their supply chains, with measures to ensure adequate punishment for those who do not. In another direction, the US FDA has started work on a national track and trace system for pharmaceuticals.

Likewise, consumers call for more assurance on how their productified selves, the usage of the data that they feed in and that is collected through their devices, are monetized.

Trusted third parties cannot power transparency

The key to transparency is a method to cross the trust boundaries between different economic actors. Trust boundaries are a manifestation of the different interests of the actors not aligned. So far, we have long tried to solve this problem by trusting third parties with the running of systems, tracking and overseeing . Usually, these trusted third parties implement costly processes executing costly audits and delivering reports eventually providing little assurance. Having one party or a small collection of cooperating parties overseeing, creates an inherent bias and potential for corruption in the system. If that party is the most powerful actor in the system, there is a major conflict of interest. This could lead to selective disclosure since the party monitoring the information is also responsible for its bottom line. If data were gathered by a third party, this party would have to be totally disinterested, yet incentivised enough to maintain the system, making them and their operations a vulnerable target for bribery, social engineering or targeted hacking. The truth is, no single third party can make systems truly more transparent.

The truth is, no single third party can make systems truly more transparent.

How the blockchain trust machine changes everything

The blockchain is a recent development in the field of computer science, which uses a global peer-to-peer network to provide an open platform that can deliver neutrality, reliability and security eliminating the need for a trusted third party. The basic mechanism was originally proposed as part of a solution for administering the shared accounting ledger underlying Bitcoin. Beyond this initial financial application, blockchains can be generalized and used to implement an arbitrary set of rules that no one, neither the users nor the operators of the system, can break. They rely on a completely different system architecture that makes them a unique platform for applications involving multiple parties with little trust in each other, like fragmented supply chains. The underlying technology guarantees the integrity of the system even in the face of dishonesty or idleness. It provides a technological solution instead (or in addition) to traditional organizational solutions to the problem of trust.

There are three key differences between blockchain computers and (most) existing computer designs.

Non-localization: A truly global computer running by consensus

Personal computers (e.g., desktop PCs, laptops, and mobile phones) are limited by the physical world. Even though it may seem that modern applications run on several devices, to keep consistency an application’s core program is in fact executed on a single, centralized server, with the client device serving merely as a powerful display.

In contrast, there is no single machine that governs the business logic or the data on which a blockchain operates. Instead, the data on a blockchain is determined by consensus, which is a defined convention for how to execute and administer the business logic (e.g., to update the stock of a certain good). The magic of the blockchain and its surrounding incentive structure is such that users can then unambiguously discover the state of the system (e.g., the current level of stock or the origin of a particular certificate), not from a single particular authority but rather by independently applying common rules and publishing data openly.

A machine of unparalleled digital security

Recent years have seen a surge in attacks undermining the protection mechanisms erected around centralized systems. While many attacks exist that directly target the hardware itself, the easiest way to circumvent the strongest security component is social engineering, which targets the weakest human component. By leveraging those with the most elevated access rights, an attack that targets IT and operational support administrators could eventually lead to the system being fully compromised.

With the blockchain, security is different: it does not matter who or where the user is, all information provided to the blockchain is accepted only if it is authenticated. This authentication is provided in the form of an unforgeable digital signature, a cryptographic mechanism that — in a manner analogous to a physical signature but significantly more secure — allows someone to prove their identity without enabling someone else to impersonate them in the future. It is not possible to interact with the blockchain unless this digital “key” (see paragraph on Public-Private Key Infrastructure below) required for the interaction is provided (unless you cryptographically prove the ownership of your account, there is no way for anybody else to change its balance). This means that elevated privilege levels are curbed or removed entirely, and the security risk of the weakest link — in the form of operators and IT administrators — is drastically reduced.

A perfectly auditable system

In any deterministic system, it is possible to strictly verify and audit the actions within the system as correct: the inputs and outputs of the system serve as a record of the various interactions (e.g., automated bank transfers in the case of a payroll system or ordering additional components in the case of a stock control system) that have led the system into its present state. While this is true in theory, to perform this audit in practice comes with one proviso: all information concerning all inputs must be provided. In traditional systems this is expensive, impractical, or impossible. The inputs to a business system include heterogenous types of data coming from a wide variety of sources, and the auditing itself would be technically challenging. Furthermore, auditing may require strong knowledge and assurance of operator identity, which can often be compromised or flawed in a system with many actors.

A blockchain is different, as by design it is perfectly auditable: each individual operation or interaction, such as the provision of a new employee or the recording of outgoing stock, is perfectly recorded and archived. Auditing is thus as simple as joining the blockchain network, as this allows one to “replay” the operations of the past in order to build a correct model of the present. Combined with the absolute guarantees of authenticity for every interaction, strong and agile data systems, that are at their core resilient to coercion and human factors, can be facilitated.

A primer in public-private key infrastructure

Public/private key infrastructure allows us to mimic a physical signature by way of provably registering our identity with a digital document or instruction without at any time giving others the ability to further produce such signatures for other instructions or documents.

Notionally, physical signatures are difficult to reproduce, especially on demand, leading to their common usage as a way of proving that a counterparty is engaged under a particular agreement. In the digital age where facsimiles are trivial to create and face-to-face engagement no longer the norm for most transactions, they no longer serve their purpose: access to a signature generally leads to ability to reproduce the signature.

Mathematics, however, has provided a fully digital alternative by way of cryptography. Through the use of functions with special properties, it is possible to hold a small piece of data known as a secret (or private key), and use it to demonstrate that you have explicitly sanctioned a particular piece of information (a document, image, order or other such digital item) without ever uncovering that secret to another party. To do so, the secret is combined with the document in question (using a special mathematical function) to produce a signature. This may be freely distributed (usually, but not necessarily, with the document). All secrets have a counterpart public key, which may be published by the secret holder as their identity. When a third party recombines the document with the signature, they are able to retrieve not the secret, but rather the secret’s public counterpart, the public key and the secret holder’s published identity. This allows them to be sure that the document was sanctioned by the secret holder without ever knowing their secret and thus compromising the fidelity of future signatures.

Implementing supply chain certification and designing and information architecture for traceability on the blockchain

In the following, we discuss the use case of traceability in supply chains in more detail to exemplify how a free-trust system could be implemented on the Ethereum blockchain.

The use of blockchain technology provides a number of breakthroughs for certain public-interest information, such as the one in supply chains. By using blockchains, a system that allows an incremental, piecemeal adoption model, gracefully building in utility as adoption increases, can be created. Like any datasystem, it takes inputs and carries out actions based upon these, changing the database in a manner perfectly determined according to its program. Unlike any traditional datasystem, the outcome of these alterations may be transparently inspected and decisions can be taken accordingly.

Following this logic, an alternative approach to the certification and chain-of-custody challenge in sustainable supply chains can be proposed: a system to assign and verify certifications of certain properties of physical products; e.g., organic or fair trade. At each point in time, the prototype of the model would detail four key properties concerning all materials and consumables it covers: the nature (what it is), the quality (how it is), the quantity (how much of it there is) and the ownership (whose it is at any moment). Key attributes may be read and linked from pre-existing datasets such as barcodes, or newly ascribed along the way.

The blockchain removes the need for a trusted central organization that operates and maintains this system. By using blockchains as a shared and secure platform, it is possible to see not only the final state (which mimics the real world in assigning the materials for a given product under the ownership of the final customer), but crucially to overcome the weaknesses of current systems by allowing one to securely audit all transactions that brought this state of being into effect; i.e. to inspect the uninterrupted chain-of-custody from the raw materials to the end sale.

The blockchain also allows an unprecedented level of certainty over the fidelity of the information. It can be assured that all transfers of ownership were explicitly authorized by their relevant controllers without having to trust the behavior or competence of an incumbent processor. Interested parties may also audit the production and manufacturing avatars and verify that their “on-chain” persona accurately reflects reality.

Information architecture for a certification and chain-of-custody system on the blockchain

There are six different types of actors involved in the exemplar set-up:

1. Producers (e.g., a cotton grower);
2. Manufacturers (e.g., a maker of fabric or jeans);
3. Registrars, which are organizations that provide credentials and a unique identity to actors (e.g., an accreditation service);
4. Standards organizations, which define the rules of a certain scheme (e.g., Fairtrade);
5. Certifiers and auditors, which are agents — usually separate agents, to maximize security — that inspect producers and manufacturers and verify certain standards, like annual production capacity; and
6. Customers, the buyers of products all along a supply chains, including the end consumer.

Below the main architecture of the process is provided. The architecture consists of a number of modular programs. Each program is deployed on the blockchain and controlled independently, but because they work within the same blockchain system they are able to interact without friction.

Registration program

It is this program alone that forms the fundamental trust relationship between the customer and the system as a whole. All other programs derive their “trustability” through their own reputation (which may be imported through their real-world name). This program will initially be deployed by the registrar, who implements a process for the registration of named participants (i.e. certifiers, auditors, producers, and manufacturers). Such participants may request registration of their digital identity, which links their real-world identity with their blockchain-based digital identity, thus allowing them to interact with the blockchain using their real-world identity. Upon request, the registration authority verifies their identity and records the result in the blockchain, available for all to inspect.

Importantly, the system could allow participants to remain anonymous, at the cost of opacity at the stage of the supply chain at which that actor operates (although information about earlier stages can remain retrievable). The exception is certifiers, who need to register and identify themselves in order to make the system work.

Standards programs

These programs represent the implementation of schemas for proper recognition of a standard (e.g. no animal testing, biodynamic, fair labor). Through these programs, standards organizations provide for the creation of compliant production or manufacturing programs, allowing instances or batches of goods and materials to be added to or processed on the blockchain. Such producers or manufacturers may require inspection by a certifier or auditor of their facilities and processes to be able to obtain and operate a certified program. Successful verification results in the deployment of a production or manufacturing program that is both registered with the certification program and authenticated by an auditor, and allows a producer to create the digitally tradeable equivalent of a good (i.e., a token that shadows the real-world material or product), which acts as its blockchain-based avatar.

Production programs

Deployed following successful certification, these programs are used by producers to prove the creation of materials or primary goods. The program specifies and implements the parameters for each production facility, including:

• the certification of the production capacity for the production of the good (e.g., 500t of cotton/year);
• a taxonomical description of the good, which would include a detailed description of the output, together with any additional “tags” to help identify specific attributes (e.g., fair trade, fair labor, organic);
• the production accounting; i.e., the registration of created produce up to the maximum annual capacity, as well as the registration of their sales.

These parameters can be adjusted according to desired guidelines by certifiers or following the inspection by an auditor, and in case of an unsuccessful audit, the program can be easily (temporarily) revoked if necessary. Since they are principally responsible for the creation of goods, producer programs are the root for the traceability of finished goods, which then link back to the identity provided by the registrar.

Manufacturing programs

These programs implement the transformation of input goods from production into output goods. Much as with production programs, once deployed by the certifier the programs are operated by manufacturers, but with one additional constraint: input goods must be “used” for any output to be created, just as in the physical world. For example, the registration of a certain amount of organic cotton fabric requires as input the appropriate amount of raw organic cotton, and after this usage the raw organic cotton should no longer be usable. Because of its auditability, the blockchain provides the same cast-iron guarantee as in the physical world; namely, that creation of an output good can happen if and only if the required input is used.

Tagging : establishing secure links between the digital and the physical world

Beyond the implementation of the fundamental business logic on the blockchain as described above, a method to securely link physical goods to their digital counterparts is also necessary, as well as a user interface that enables informed purchases both along the supply chain and for the customer.

The technologies by which the physical goods and materials are identified and linked with their digital representation on the blockchain (e.g., serial numbers, bar codes, digital tags like RFID and NFC, genetic tags) is crucial in uniquely identifying a physical good with its digital counterpart. Identities are recorded in production and manufacturing programs, and for simplicity and easy adoption it is expected from them to take the form of existing barcodes and serial numbers which are linked to blockchain identifiers using a secure hash.

User-facing applications (DApps) facilitate access to the blockchain

By design, every transaction along a supply chain on the blockchain is fully auditable. By inspecting the blockchain, smartphone applications can aggregate and display information to customers in a real-time manner; furthermore, due to the strong integrity properties of the blockchain, this information can be genuinely trusted. A thoughtful user interface that sheds light on the digital journey of a product can empower better purchases by giving users a true choice that they can exercise.

There are substantial broad effects of bringing near-frictionless transparency to consumer purchase decisions and product identity; clearly there is likely to be an additional “virtuous” component in purchase decisions, especially among mid-level purchases where a marginal increase of 20% to the price does not affect the willingness to buy. Additional levels of guarantee over genuine articles is a high-value use case. While an initial introduction of this technology may be in the form of a discrete and removable label, easily verified through a smartphone-readable QR-code, a more progressive possibility would be a conspicuous hologramatic or RFID tag, embedded in the brand label, allowing the owner to prove the authenticity of the product at any time by accessing the data on the blockchain through the tag.

Extensions of the proposed certification system

Interoperability allowing arbitrary schemes to interact with each other could massively reduce the level of trust required for the implementation of a joint system as well as help against concerns regarding adverse cost–benefit trade-offs and privacy. Additional features could securely provide crowd-sourced scrutiny as a complement to the formal certification process; e.g., workers themselves could report from farms and factories about the operational processes if they obtain a secure identity in the system.

Anonymity and protection of sensitive business information

The success of the proposed systems relies on the registration of identities and recording of transactions and information. This enables actors in the supply chain to carry and prove the defining attributes of their material products to any actor further along the chain. Certain users, however, might be concerned about their privacy or the privacy of their suppliers further up the chain. Pseudo-anonymity, i.e. assuming a new identity for each transaction, is already available for current blockchain architectures but does not provide sufficient privacy protection in all cases. Mixing services, zero-knowledge proofs or witness algorithms are under development to overcome the weaknesses of the early approaches.

Summary of key benefits

• Interoperable: a modular, interoperable platform that eliminates the possibility of double spending;
• Auditable: an auditable record that can be inspected and used by companies, standards organizations, regulators, and customers alike;
• Cost-efficient: a solution to drastically reduce costs by eliminating the need for “handling companies” to be audited;
• Real-time and agile: a toolbox to quickly alter and deploy improvements to the system in an agile fashion;
• Public: an open platform that enables innovation and could achieve bottom-up transparency in supply chains instead of burdensome top-down audits;
• Guaranteed continuity: the elimination of any central operator ensures inclusiveness and longevity.

Conclusion

By design, the blockchain enforces security, authenticity, and auditability. Implementing systems for transparency on the blockchain dramatically reduces the high initial cost/benefit ratio for participants, and its naturally distributed design frees a central organization from costly and error-prone operational duties. In the system we have described, the role of the anchoring core organization has been reduced to providing registration and linkage between.

The logging of chain-of-custody on the blockchain, touched on above, can be applied to prevent all kinds of fraud by proving the origins and ownership history of any physical object and the afterlife of goods can be dramatically changed through the existence of a full lifetime record. n “blockchain” and “real-world” identities.

There are many settings where this blockchain-based system can be applied to provide new benefits. Demanding the free-trust recording of the usage of (fingerprinted) personal data could in the future enable micro-rewarding consumers for their contributions.