Blockchain can deliver enormous value for enterprises. We are at the beginning of the journey and best practices need to be established. In this post, I talk about provenance, a problem that we might consider to solve with Proof of Existence, a popular blockchain-based primitive. I will also introduce a couple of alternative solutions to establishing provenance.

The language used for a problem statement might be misleading because it is formulated already from the point of view of a possible solution. As an example, I want to walk you through a problem that the regulator requires the supply chain of the pharmaceutical industry to solve. The goal of the regulation is to enable instant verification of provenance of items and to prevent counterfeits from entering the supply chain. This regulation is called the Drug Supply Chain Security Act (DSCSA), which outlines steps to build an electronic, interoperable system to identify and trace prescription drugs. You can read about the implementation milestones here (please, note that some milestones were postponed). One of the early milestones of the regulation required the drug manufacturer to implement “serialization”: all produced units have a unique identifier, a serial number. The industry is now actively working on the next milestone, which is described as follow:

“Verify the unique product identifier of returned products intended for resale.”

A large number of drugs are returned by pharmacies to distributors, which must verify the serial number of the drug before reselling it to another pharmacy or hospital. The industry has already identified solutions to this problem using technologies that do not require the blockchain. Such solutions involve the discovery of verification endpoints (e.g., an HTTP address) published by drug manufacturers that allow distributors to query a serial number to verify the existence of a serial number and its validity. However, the industry is struggling to bring all together on a common, standardized system. Many industry professionals shared the intuition that all the players can be brought together on a neutral blockchain-based ecosystem.

Reading again the problem statement together with the goal of finding a solution in the blockchain space, what really stands out is “serial number verification”. We have many players that need to collaborate, we need to establish truth and trust, and we need an integrated system accessible to the entire industry. The blockchain fits the bill. Further discussions with domain experts will reveal another important business requirement: the system cannot leak any business intelligence about the participants. Production volumes, transactions amongst trading partners, names of the trading partners and everything else must remain secret.

It is a pattern that we have already seen: we need to keep the serial numbers secret while we need to verify their existence. We just need to hash and store them on the blockchain. This is a use case for Proof of Existence!

Proof of Existence was one of the first blockchain use cases — if not the first — conceived after Bitcoin and built on top of the Bitcoin blockchain. This gave a glimpse of how the blockchain could have been used for use cases beyond Bitcoin. Proof of Existence (PoE) consists of hashing data (e.g., a computer file, a data string) and committing such hash on the blockchain in order to prove that such data existed without disclosing the actual data itself. The hash is a one-way function. There is no function to revert the hash value to the original value and the blockchain provides an immutable ledger which creates a tamper-proof timestamp of the hash. The hash and the blockchain timestamp combined together prove the existence of the data, data string, or document at a specific point in time.

Proof of Existence — Document hash recorded on blockchain

This solution solves a problem for many industries that need to verify the provenance of goods, such as meat, organic fruit, fish, luxury items, etc. Wait a moment… didn’t I just use the term ‘provenance’? The definition of ‘provenance’ from the dictionary delivers a powerful description of the solution that we want to deliver:

(a) The place of origin or earliest known history of something. (b) A record of ownership of a work of art or an antique, used as a guide to authenticity or quality.

If we go back at the beginning of this article and read again the objective of the regulator, we see how well above definitions lay out the foundational requirements. While definition (b) seems stronger and desirable, the 2019 “verification of saleable returns” milestone required by the regulator is more accurately depicted by definition (a). The purpose of verifying a serial number is not to verify only existence, but to verify “the place of origin”, i.e., who actually manufactured the drug. Those individuals who wrote the regulation would agree that definition (b) is a good summary to describe the system envisioned by the regulator for the final 2023 milestone of the law.

The non-blockchain, traditional technology based on a manufacturer-provided verification endpoint satisfies definition (a) because the source of information is the manufacturer, which is the ‘place of origin’ of the drug.

Does Proof of Existence satisfy definition (a)? Unfortunately not. In the search of the solution we lost sight of the actual reason for the system to exist. We focused on the existence of the serial number. The PoE does not provide any information about the ‘source’ of the information. It only tells us that the number exists. It does not help us to distinguish between counterfeits in the system from authorized serial numbers. The additional requirement of not leaking business intelligence prevents us from disclosing on the blockchain who is the creator, registrant or manufacturer of the serial number.

Now that we have a more precise problem statement and we understand why PoE is not the right solution to solve the problem, I would like to talk about two alternative uses of the blockchain for solving it.

Blockchain for provenance, definition (a)

An HTTP endpoint exposed by the manufacturer is an excellent solution to verify the “place of origin” of an asset. It provides a response to authorized parties requesting a verification while protecting the serial numbers in a private database of the manufacturer. However, how do we discover the legitimate endpoint that can tell us that the drug in our hands is good? The blockchain can deliver the immutable registry of “legit actors”. Manufacturers can register themselves on the blockchain and publish the address of the verification endpoint. This is substantially a blockchain-managed DNS. A trusted, public, peer-to-peer lookup directory. This simple application can resolve a headache for the industry: the formation of a central authority that manages this registry as a monopolistic system. Instead, we can have a smart contract supported by a blockchain to play this role.

Blockchain for provenance, definition (b)

The solution based on definition (a) does not prevent counterfeiters to duplicate serial numbers and circulate them in the supply chain. Serial numbers are printed on the package and this method of counterfeiting seems very plausible. Definition (b) is much stronger because implies the “Chain of Custody”. Imagine that any custodian of the drug in the supply chain is recorded on the blockchain. We transform the serial number into a unique, non-fungible token that is transferred from one trading partner to the next together with the physical asset. Similar registries already exist but they are used for very expensive assets, such as houses and cars. The blockchain allows us to build a registry for asset transfer of legal ownership tracking at a low marginal cost. The introduction of a duplicated serial number becomes very difficult and entirely impractical. For a counterfeit to be introduced with the same serial number of a legit drug requires the legit drug to be removed from the supply chain and replaced with a fake. Now the legit drug can be sold only in the black market making such effort worthless since the counterfeit could have been sold directly in the black market to begin with. While only law enforcement can deal with black markets, we can now clearly separate it from the white market as we can instantly check if a drug has proper provenance history.

This solution presented above does not yet solve the problem of leakage of business intelligence.

The blockchain is a public registry and any participants running a node will have access to the whole data set recorded on the blockchain node. Zero knowledge proof is the key component to complete the system.

A zero-knowledge proof or a zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true.

Instead of publishing the actual data on the blockchain, we can punch mathematical proofs on the blockchain and prove to the smart contract that our transaction respects the business rules of the ecosystem without revealing the actual content of the transaction. In our use case, we can change custody of the serial number by sending a confidential message to our trading partner. Our trading partner can now verify that the sender of the message is the actual custodian of the serial number using the mathematical proof. If the proof is verified, the trading partner can complete the transfer by proving to the blockchain that she is the intended recipient of the transfer. She is now the only custodian of the serial number and the only one that can generate a mathematical proof that can both demonstrate the new custody state and to designate another trading partner to take ownership.

Secure Chain of Custody — Confidential messages and zk proofs on blockchain

We can call the second solution Confidential Chain of Custody (3C). I believe that this is a new powerful primitive that the supply chain industry can use to create a trusted trading ecosystem. While Bitcoin allowed to transfer value from Bob to Alice, 3C allows to transfer custody or ownership of an asset from Bob to Alice in a trusted and confidential way. Such a trusted peer-to-peer ecosystem can now be used to automate other processes that are driven by the physical goods. For instance, invoicing and payments can now automatically be triggered upon receiving and accepting custody of goods.

Conclusions

While we learned the limitations of well known blockchain-based primitives such as PoE, we also introduced new concepts such as zero knowledge proof. We described how to use these concepts to solve actual problems. In fact, the solutions described here are part of the roadmap of the MediLedger Project, which aims to address the milestones established by the Drug Supply Chain Security Act (DSCSA).

For many, zero knowledge protocols — and more specifically non-interactive zero-knowledge proof — are probably new concepts. These cryptographic methods are finding their way into blockchain solutions for enterprises because they can help with establishing business rules for an ecosystem without leakage of business intelligence to competitors. Specifically, the 3C solution described here has the potential to streamline supply chain processes while eliminating counterfeits from the ‘green supply chain’ and establishing a safer trading ecosystem.