DECOUPLES: A Privacy-Preserving Solution for Traceability in Supply Chains
Mourad El Maouchi (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Zekeriya Erkin – Mentor
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Traceability is an increasingly important aspect of the supply chain with several highlights throughout the last few decades. Parties, such as consumers and government agencies, have shown an increase in demand for information regarding their products and materials. Studies throughout the last few years have proposed approaches for a traceability system for supply chains. These systems employ either a centralized or decentralized network to overcome the trust concern present in supply chains.Although there exist numerous frameworks for traceability solutions, these frameworks failed to address the concerns with regards to privacy-sensitive information, certificate verifiability, and auditability.
In this research, we aim to improve the existing solutions and address the aforementioned concerns, where we decompose the concerns into four aspects. First, we analyze the appliance of blockchain technology for a decentralized traceability system. Next, we analyze possible anonymization techniques to preserve the privacy concerning the identity and the corresponding relationships of actors. Then, cryptographic primitives are examined to prove the ownership of a certificate, in a privacy-preserving manner. Finally, a technique is required to realize product-specific auditability for supply chains.
We propose two systems to the concerns mentioned above. For the former, we propose TRADE, a fully transparent and decentralized traceability system. The system shows that blockchain technology can be successfully incorporated to achieve traceability in supply chains. Moreover, consumers and other parties can view all the data in the system and verify the claims of actors on the products. Positive brand-image is gained by the latter. The second system, DECOUPLES, is the first decentralized, unlinkable and privacy-preserving traceability system for supply chains. The system incorporates cryptographic techniques to address the privacy, certificate verifiability, and auditability concerns. In addition, we propose the PASTA protocol, which allows unique tracking keys per product, per actor. The protocol also anonymizes the receiver of a transaction. Moreover, cryptographic primitives are used for actors to prove the ownership of a certificate without revealing privacy-sensitive and linkable information. Our complexity analysis and proof-of-concept implementation results show that DECOUPLES is a feasible and practical traceability system for supply chains, that benefits both the included business as well as the end-client.