Blockchain FAQs for Certifiers, Auditors and Assurance Organisations

Based on a collaboration with ISEAL members (above), Provenance answers some of the questions that often come up when discussing blockchain technology with certifiers, auditors and assurance providers.

When it comes to providing trust in supply chains, whether it is about sustainability or safety, current organisations face significant challenges: supply chains are becoming more complex, audits are becoming more costly, and relevance of some organisations is being questioned by corporates which launch their own schemes. Mike Coupe, CEO of Sainsbury’s, in describing one scheme recently, said it “might have been fit for purpose 25 years ago, but we’re in a new world with new technology”. Although technology is certainly not the cure for all ills, it is certainly part of the way forward for the certification industry. Here are some clues to understand how blockchain can be useful. Any unanswered questions? Let us know and we’ll add them in.

Blockchain basics: what are we talking about?

What is a blockchain?

A blockchain is a ledger in which new transactions refer to previous ones. Why? It guarantees one can only add transactions at the end of the ledger. Contrary to centralised systems, anyone can write transactions to the ledger, which then has a way for all participants to come to consensus on which transactions were added. The system thus does not belong to anyone in particular, but is rather some kind of public utility.

For a more in-depth introduction, check out this article on the Provenance blog.

Why are blockchains relevant to certification and assurance organisations?

We believe that the unique value in certification and assurance organisations lies in the trusted data that only they are able to provide. By adopting blockchain technology as a way to outsource the proving of that data to public blockchains, those organisations can benefit in several ways, including:

  • Reduction in system operation costs
  • Transparency along the supply chains they focus on
  • Credibility to regulators and the public
  • Inclusiveness of smaller sized actors of supply chains

Blockchain internals: how are transactions validated?

What is a concise definition of a miner?

Someone who is willing to invest in hardware and spend money on electricity to earn cryptocurrency.

What is a more in-depth definition of a miner?

Someone who’s willing to take part in a public blockchain’s distributed consensus. The way they do this is by buying virtual lottery tickets. The more tickets they buy, the more likely they will win the lottery, which picks a winner and resets every 10 minutes.

Lottery tickets? Really?

Under the hood, miners all run the same special program on their computer. It requires a lot of resources, which impacts their electricity bill. This program does something similar to trying to crack a password. Miners with more powerful computers will be able to make more tries each second, so are more likely to find the solution. They will also need to spend more money on electricity. When a miner finds the solution, she gets a reward, 12.5 bitcoin on the Bitcoin blockchain, and the process starts over.

Is this mining program the same for everyone?

On the same blockchain, pretty much. This comes from the fact that there is no better strategy to crack a password than trying all possibilities. Mining software is thus usually incredibly simple.

Is a block the same as a bitcoin?

No. A bitcoin is a unit of the currency in the Bitcoin payment system. A block is a bundle of transactions that transfer bitcoins between users. A bitcoin is to a block what a pound of coffee is to a spreadsheet of all transfers of coffee in a day.ee.

Transactions, certification, verification: what can and can’t blockchains do?

When talking about “verifying” a transaction, what are miners verifying? Do they look at the transaction manually?

No. In the context of blockchains, the word “verify” has a different meaning that what you are used to in a certification context. It does not involve checking documents or identities. The only thing miners care about is for the transaction to be valid according to the rules of the blockchain. On Bitcoin, the only thing they would check is that a transaction does not “double-spend” a coin. This does not require human scrutiny.

When talking about a “transaction”, does any action on a blockchain represent a transfer of value?

No. In the context of blockchains, the word “transaction” is much more general than a transfer of value. It is used to describe any interaction of a user with the system. For example, a certifier would make a transaction in order to deliver a certificate. Some transactions do represent a transfer of value.

What guarantees that a supply chain transaction is “valid” if there is no one checking that the delivered mass equals what the system says?

In general, nothing. A blockchain can only enforce the rules that can be understood by a computer. A blockchain is more useful to enforce rules on information inside the system (e.g prevent double spending) than controlling what information enters the system (e.g linking digital products to physical products).

So on a blockchain, auditors cannot verify transactions?

They can. First, they have access to a certain level of transparency about the transactions that are being submitted to the network by the supply chain actors. Then, depending on the use case, the rules of the system could also give auditing bodies power in the system itself. For example, a certifier could be enabled to stop a producer from issuing more digital assets that carry a certification if audits have failed.

What guarantees that the data on the blockchain is accurate?

By providing higher levels of transparency as well as ways to set up certification schemes and reputation systems, blockchains can incentivise users to submit good data. Other technologies can be useful, such as secure tagging and hardware.

Private blockchains: what are the tradeoffs?

What are private blockchains?

Private (or consortium) blockchains are blockchains on which the consensus is not determined by an open community of anonymous, financially incentivised validators (the miners) but rather by a small, closed set of actors that have some interest in sharing data and processes. For example, a consortium of banks or actors in a supply chain.

How do they differ from public blockchains?

In terms of trust, private blockchains stand between centralised systems and public blockchains. One actor can usually not take control of the system, but a small set of colluding validators could. Private blockchains are closer to centralised systems when it comes to scalability and privacy, as they do not have the same transparency and openness requirements as public blockchains. The same way, they are closer to centralised systems when it comes to lack of interoperability, as they can still be considered as data silos.

Does all my data need to be public on a public blockchain?

The “public” aspect of public blockchains applies to the consensus community that anyone can join. It does not necessarily apply to the data those blockchains store. There are many strategies to hide the meaning of the data and only expose the minimum of information necessary. For example, it could be possible for an actor at the end of the chain to get a proof that a certain product comes from a specific producer, and keep the actors in between anonymous.

Blockchains in supply chains: what are some use cases?

Can blockchain help with accounting for product quantities and conversion factors in a supply chain?

There are different ways this could be done. The easiest one would be to rely on transparency and external scrutiny. Real conversion factors can be determined from product quantities, so unrealistic factors could be spotted and eventually prevented. The harder one would be to come to consensus on conversion factors and force users to use them.

How does the blockchain help reduce double counting and double auditing where multiple certification bodies certify the same product?

Blockchains provide a shared infrastructure where different auditors can come together and collaborate. Since it isn’t run by any of them, it arguably makes collaboration easier by removing political aspects. If coupled with a shared identity framework, it can reduce overhead due to double auditing as well as fraud due to double counting.

Could blockchains enable to triangulate new data sources?

Just as they enable reusing the same source for different claims, blockchains can reinforce a claim using different sources. For example, an auditor, an IoT device and a fisherman could all submit transactions proving a certain location.

Can blockchains help with large scale impact reporting?

Blockchains don’t really care about the meaning of the data, so specific schemes that work for one certification on one product or business can be reused in other situations. However, it is good to keep in mind that blockchains do not help with the lack of reliable information.

Are you a certifier or work in ensuring positive impact in supply chains? Let us know if you have further questions here and subscribe to our newsletter at the bottom of this page for our latest work and projects.