zkTrace

Blockchain native supply chain management SDK that uses NFTs, zero knowledge and merkle proofs for privacy on public blockchains.

Comment 2

Inspiration

Over the past couple of years, managing the supply chain has been challenging for both small and large corporations. Furthermore, many companies that have delved into the blockchain arena in recent years are hesitant to adopt it due to the potential for sensitive data leaks and the need for significant management expertise, given the complexity of public blockchains.

  • Privacy concerns

  • Bureaucratic hurdles

  • Gas fees between system levels, and

  • Challenges in customizing a supply chain management solution to fit a common network, are some of the difficulties and obstacles that contribute to these issues. Additionally, advanced setups are often necessary, further complicating matters.

Alternative solutions have been provided like:

Creating individualized solutions for each exchanging party.

Drawback: This approach can be quite costly to create and expand as new participants enter the market, prompting them to develop their own customized solutions to participate.

• Storing records and agreements between companies in a centralized system is preferred due to its ease of use. However, a disadvantage of this approach is that it can result in one-sided control and restricted access to data.

While introducing a neutral party can help address this issue, it can be a costly solution and may still result in granting more systems access to sensitive data

• Utilizing enterprise blockchain networks can provide benefits such as restricted access, decentralization, and integration.

However, a drawback of this approach is that it may not meet the necessary standards for security, privacy, and performance.

To address these concerns, we developed zkTrace, which is a blockchain-based supply chain management protocol designed to enable companies to conduct secure and private business operations while ensuring traceability.

What it does

zkTrace is a protocol that merges the advantages of blockchain for ensuring trust, zero-knowledge & merkle tree for maintaining privacy. It offers secure and private business processes, organizes events correctly, and improves work efficiency, all without incurring any additional costs (gasless).

The protocol allows businesses to implement their agreements without revealing any sensitive data. It is built to ensure easy and trustless transactions between manufacturers/suppliers and buyers in supply chain. Through our utilization of smart contracts, buyers can tailor and track their supply chain processes to their exact specifications, no matter how intricate they may be.

How we built it

We built zkTrace as a Software Development Kit (SDK), that can be easily integrated into supply chain platforms to ensure traceability and privacy using blockchain. The fact that it is developed as an SDK simplifies the process of retrieving business logic (Trace Agreement data) from the smart contract and IPFS, particularly for the merkle tree, zero knowledge, and nullifier utilized for privacy.

Unlike other systems, zkTrace is built to have a state agreement, immutable and resistant to tamper once the state (handshake) has been established between the Buyer and the Supplier.

First, we make reference to our selected Buyer and Supplier which activates the generation of the Trace Agreement (with ID) from our smart contract factory, the Trace Factory (ERC 1155 standard). The Trace Agreement is a smart contract that contains the overall data or details of the transaction and the number of levels within a particular supply chain management. Overall data of the supply chain process will be kept private (encrypted) or public, according to choice, using IPLD and IPFS.

The Buyer requests for a quotation from a specific supplier, detailing the items needed, quantity, dates, etc). The supplier receives and reviews the request. They then send back their proposed terms including prices, discounts, availabilities of products etc. (overall details and logic)

The buyer then receives the proposal and either agrees or declines, requesting for adjustments. Agreement between the Buyer and the Supplier is called a "handshake", in literal representation of an agreement (state).

After the handshake, a cryptographic proof (zero knowledge proof & nullifier) that confirms the proper business logic and commercial data application, is generated and sent to the Supplier and the Buyer consecutively. The cryptographic proof is created using, a random number circuit to generate a nullifier (after hashing) and zero knowledge engine to generate zero knowledge proof.

Every supply chain is a unique transaction and the Trace Agreement represents each. The Trace Agreement helps with verification for the different stages of the supply chain.

When the Buyer is ready to begin the process, they initialize the order after updating the supply chain stages with supposed addresses and input the cryptographic proof generated for verification.

The Supplier is then notified to confirm the execution of the order by verifying his cryptographic proof. Each stage and state of the transaction is seen on chain since the verifier addresses for each stage of the transaction have to sign consecutively, confirming the state of the transaction before going to the next. This makes traceability possible.

After, the final stage of the supply chain has been verified, a check is performed on the Trace Agreement contract and the ID is retrieved and passed to the Trace Factory that creates an invoice of transaction completed and details as an ERC 1155 token (Trace Invoice) minted to the supplier and the buyer or Trace admin (who can be a smart contract).

The verifier addresses are used to create a merkle tree and the merkle root is saved on the smart contract.

Tools Used

• Smart contracts: verifier addresses for each supply chain stage

Merkle tree: used to save the list of verifier addresses for easy verification

IPLD (inter planetary link data): used to save the meta data of the Trace agreement the list of verifier addresses (data persistence).

web3storage: used to pin the meta data on IPFS.

IPFS: used to store data privately (encrypted) or publicly.

Challenges we ran into

• Figuring out on chain zero knowledge verification using the custom zkproof smart contract.

• Understanding how zero knowledge engine works and implementing it in the protocol

• Building our own random generator and zero knowledge circuit.

Accomplishments that we're proud of

• Building our own zero knowledge engine and random number generator.

• Effectively bringing privacy through blockchain and merkle tree to supply chain management

What we learned

• We learnt how to convert our protocol into an SDK

• How zero knowledge works effectively in supply chain

• create a privacy mechanism for supply chain management and agreement between corporation on a public blockchain.

• work with zero knowledge, zokrates, zk SNARK and Merkle Tree.

What's next for zkTrace

We are working to built our own self proprietary dApp for supply chain management

Further looking into building our own efficient private E2EE on-chain messaging protocol

SDK DEMO USAGE IN ZIP FILE

Built With

Share this project:

Updates