Gao Z, Xu L, Chen L et al. CoC: A unified distributed ledger based supply chain management system.

JOURNAL OF
COMPUTER SCIENCE AND TECHNOLOGY 33(2): 237–248 Mar. 2018. DOI 10.1007/s11390-018-1816-5

CoC: A Unified Distributed Ledger Based Supply Chain Management

System

Zhimin Gao1 , Member, IEEE, Lei Xu1 , Lin Chen1 , Xi Zhao2 , Member, IEEE, Yang Lu1
and Weidong Shi1 , Member, IEEE
1
Department of Computer Science, University of Houston, Houston, Texas 77204-3010, U.S.A.
2
School of Management, Xi’an Jiaotong University, Xi’an 710049, China

E-mail: [email protected]; {xuleimath, chenlin198662, zhaoxi1}@gmail.com; {ylu17, wshi3}@central.uh.edu

Received July 9, 2017; revised January 18, 2018.

Abstract Modern supply chain is a complex system and plays an important role for different sectors under the globaliza-
tion economic integration background. Supply chain management system is proposed to handle the increasing complexity
and improve the efficiency of flows of goods. It is also useful to prevent potential frauds and guarantee trade compliance.
Currently, most companies maintain their own IT systems for supply chain management. However, it is hard for these
isolated systems to work together and provide a global view of the status of the highly distributed supply chain system.
Using emerging decentralized ledger/blockchain technology, which is a special type of distributed system in essence, to build
supply chain management system is a promising direction to go. Decentralized ledger usually suffers from low performance
and lack of capability to protect information stored on the ledger. To overcome these challenges, we propose CoC (supply
chain on blockchain), a novel supply chain management system based on a hybrid decentralized ledger with a novel two-
step block construction mechanism. We also design an efficient storage scheme and information protection method that
satisfy requirements of supply chain management. These techniques can also be applied to other decentralized ledger based
applications with requirements similar to supply chain management.
Keywords blockchain, distributed system, supply chain management, security

1 Introduction and reducing the cost of international transportation,

modern supply chain system is becoming the center of
Modern economy heavily depends on global collabo- various business activities such as planning/forecasting,
ration. According to a World Trade Organization procurement, customer services, and performance mea-
(WTO) report, the international trade volume keeps surement. It becomes a challenge to manage modern
increasing at a high rate in the past decades and mer- supply chain efficiently due to its large scale and com-
chandise exports from WTO members achieved US$ plex functionalities. In response to such demands, the
18.0 trillion in 2014○
1
. Behind this explosive growth, concept of supply chain management system was in-
supply chain plays a critical role. Besides classical func- troduced by Oliver in 1982[1], and the market of sup-
tions such as making movements of goods smoother ply chain management software outpaced most software

Regular Paper
Special Section on Computer Networks and Distributed Computing
A preliminary version of the paper was published in the Proceedings of ICCCN 2017.
This material is based upon the work supported by the U.S. Department of Homeland Security (DHS) under Grant Award
No. 2015-ST-061-BSH001 and the National Nature Science Foundation of China under Grant No. 91746111. The grant from DHS
is awarded to the Borders, Trade, and Immigration (BTI) Institute: A DHS Center of Excellence led by the University of Houston,
and includes support for the project “Secure and Transparent Cargo Supply Chain: Enabling Chain-of-custody with Economical and
Privacy Respecting Biometrics, and Blockchain Technology” awarded to University of Houston. The views and conclusions contained
in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed
or implied, of the U.S. Department of Homeland Security.
○1
World Trade Organization. International trade statistics 2015. https://www.wto.org/english/res e/statis e/its2015 e/its20-
15 e.pdf, Jan. 2018.
©2018 Springer Science + Business Media, LLC & Science Press, China
238 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

markets to total US$ 9.9 billion in 2014○2

. A lot of work on the chain, usually the “longest-chain” principle is
has been done to improve the efficiency of supply chain used, i.e., users will follow the branch with more blocks
management system and add more features. For exam- and add new blocks on this branch. In order to alter
ple, researchers proposed to integrate sensors (e.g., GPS an existing block, an adversary has to compete with all
receiver[2] and radio-frequency identification/RFID[3] ) honest users to construct a longer branch[7-8] . There-
into the supply chain to provide more information to fore, DLT provides a collaboration mechanism that can
the end user, and bind the cyber world and the physical protect historical data.
world more tightly[4] . As cloud computing technology These features make decentralized ledger a promis-
emerges, cloud-based supply chain management system ing technology for global supply chain management sys-
is also developed to improve the reliability and reduce tem, which is in essence a distributed environment.
the cost[5] . Both technology startups and transnational corpora-
However, existing supply chain management sys- tions start to experiment supply chain management
tems suffer from some limitations that prevent users systems based on distributed ledger[9-10] ○ 6
. However,
from achieving most out of the value of supply chain in- most of the existing efforts on creating supply chain
formation. The two major issues are as follows. 1) Sup- management system with DLT are straightforward, i.e.,
ply chain in nature involves multiple parties and is a dis- they just use DLT as a decentralized storage system
tributed system. However, most companies and stake-
to store supply chain related information in blocks to
holders nowadays use their own supply chain mana-
replace traditional file system, but ignore downsides of
gement systems, which are difficult to be integrated
the technology listed as follows. 1) Decentralized ledger
together to provide a unified platform. Therefore, it
usually has performance issues such as limited through-
is not convenient to offer end-to-end tracking and share
put/long latency for adding new blocks and inefficient
information to enable new functionalities and services.
storage, which may not be sufficient to support applica-
Furthermore, supply chain information is sensitive and
tion scenarios with requirements to store high volume of
the companies may not be willing to disclose and share
supply chain operation records and support high tran-
with others. 2) As an IT system, supply chain mana-
saction throughput. 2) Information stored in decentra-
gement system faces all types of cyber threats, which
lized ledger is distributed to and maintained by different
may lead to breach of the integrity of supply chain in-
formation and cause fraud, losses of goods, and incom- nodes. There is a lack of mechanism to protect sup-
pliance in trading. The recent rising of ransomware at- ply chain related information stored in the distributed
tack also poses a significant risk to supply chain mana- ledger from unauthorized access.
gement system as losing access to historical data can To address these shortcomings, we propose CoC
cause financial damages[6]○ 3
. (supply chain on blockchain), a novel supply chain
Decentralized ledger technology (DLT) provides management system which leverages the decentralized
a way to organize records in a distributed manner ledger technology. CoC uses a hybrid model and two-
through consensus mechanism. It has been used in step block construction method for the underlying dis-
Bitcoin and other similar cryptocurrency systems for tributed ledger, which achieves a good balance between
recording and sharing transaction history○ 4 ○5
and is security and performance. In addition, CoC introduces
constructed by a group of users together, and each of a new storage scheme that reduces data redundancy
them maintains a local copy of the ledger. A group without affecting distributed ledger related operations.
of records are embedded into a block and blocks are Because supply chain management system plays a cen-
linked through hash values. A consensus mechanism tral role in business operations that involve sensitive
helps these users achieve agreement when a new block information, a protection mechanism is built on top of
is added to the system. If there is more than one branch the hybrid model and the storage scheme to guaran-

○2
Gartner says worldwide supply chain management and procurement software market grew 10.8 percent in 2014, May 2015.
http://www.gartner.com/newsroom/id/3050617, Jan. 2018.
○3
Ransomware: A growing menace. https://www.symantec.com/connect/blogs/ransomware-growing-menace, Jan. 2018.
○4
Nakamoto S. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf, Jan. 2018.
○5
King S. Primecoin: Cryptocurrency with prime number proof-of-work, 2013. http://primecoin.io/bin/primecoin-paper.pdf, Jan.
2018.
○6
Parker L. Blockchain tech companies focus on the $40 trillion supply chain market, 2016. https://bravenewcoin.com/news/bl-
ockchain-tech-companies-focus-on-the-40-trillion-supply-chain-market/, Jan. 2018.
Zhimin Gao et al.: CoC: A Unified Distributed Ledger Based Supply Chain Management System 239

tee that only authorized users can access corresponding

Cash Flow
data on the ledger.
Our contributions in this work are summarized as Material Flow

follows. Performance Customer

Supplier

Customer
• We propose a novel design of supply chain mana- Measurement Service

gement system based on public ledger that serves as Procurement Distribution

& Logistics
a unified platform for different parties and stakehold-
Planning
ers involved in the supply chain ecosystem to conduct Manufacturing
& Forecasting
transactions and share information. Information Flow
• We develop a two-step block generation method Fig.1. Role of supply chain in business operations. It manages
for the system which has low latency, and an efficient the information flow and provides the foundation for various
functions[12] .
storage scheme that alleviates the concern of storage
overhead of decentralized ledger technology. 2.2 Decentralized Ledger Technology
• We also provide the design of identity management
and data protection scheme that addresses security is- Decentralized ledger or blockchain technology was
sues for decentralized ledger based supply chain mana- first introduced by Bitcoin as a distributed book-
gement system. keeping system○ 7
. As each user keeps a local copy of
The remainder of this paper is organized as fol- the ledger, he/she has access to all historical transac-
lows. Section 2 briefly describes the supply chain mana- tion information and detects double-spending without
gement system and decentralized ledger technology. In relying on a trusted third party.
Section 3, we provide an overview of the proposed CoC Bitcoin uses proof-of-work to control the construc-
system and the hybrid model for ledger construction. tion of blocks, which is depicted in Fig.2. Information
Detailed design of critical components of CoC is given is embedded into a block, which also contains a hash
in Section 4, and we analyze the security/performance value from the previous block and a magic number.
of CoC in Section 5. Section 6 reviews related work and The magic number is found out through a brute-force
the work is concluded in Section 7. searching process, i.e., one searches all possible values of
magic number to make sure the hash value of the triple
(previous hash value, embedded information, and magic
2 Background
number) satisfies pre-defined condition (e.g., the hash
In this section, we briefly review the supply chain value has a certain number of leading zeros). Specifi-
management system and DLT. cally, in order to create a new block, one has to find a
magic number to make sure the hash value of the block
2.1 Supply Chain Management System satisfies the pre-defined condition (e.g., smaller than a
constant value). When more than one valid block is
Supply chain management is not a single extension added to the ledger that causes branches, users will fol-
of logistics management, but an integration of business low the “longest-chain” that contains more blocks. If an
processes from end users through original suppliers that attacker wants to replace or remove an existing block in
provides products, services, and information that add the ledger, he/she has to compete with all honest par-
value for customers[11] . Typical supply chain mana- ticipants of the system to generate more valid blocks to
gement functions include ordering/receipt of raw mate- make sure his/her branch is longer.
rials/products, supporting customer services, and per-
formance measurements. The coordination of multiple
functions across the enterprise is required to provide Hash Hash Hash
rapid and quality response to supply chain events[12] .
Information Information Information
Fig.1 depicts the functions of supply chain management
and its position in business operations. Besides han- Magic Magic Magic
dling physical cargos, supply chain system is now also Number Number Number

used for data transfer (e.g., Fedex is helping Amazon Fig.2. Basic working principles of decentralized ledger with
customers to move a giant amount of data). proof-of-work.

○
7
Nakamoto S. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf, Jan. 2018.
240 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

In summary, distributed ledger has three key fea- disagreements, and permissioned distributed ledger can
tures. leverage consensus protocols like Byzantine fault toler-
1) Public Accessibility. All information stored with ant protocol to avoid disagreements[15-16] .
blockchain is publicly accessible to everyone.
2) Immutability. It is impossible to modify, al- 3 Overview of CoC
ter, or remove information that has been added to the
blockchain. In this section, we give an overview of CoC and de-
3) Resilience. Each participant of the system keeps scribe the hybrid model that CoC leverages for block
a whole copy of the blockchain and no single point of construction.
failure can affect the availability of the stored informa-
tion. 3.1 Participants in CoC
One major issue of proof-of-work based distributed
ledger construction is the high latency of block gene- As a unified supply chain management platform,
ration, which is caused by the expensive mining process, CoC needs to support different types of participants
e.g., brute-force searching for pre-image of a hash func- including factories, supply chain operators, financial in-
tion. Different approaches have been proposed to im- stitutes, insurance companies, and customs. According
prove the performance, and proof-of-stake and permis- to their roles in the supply chain management, we di-
sioned distributed ledger are two major schemes. We vide all participants into three groups.
summarize these three methods as follows. • Ordinary Users. An ordinary user can use CoC for
• Proof-of-Work[7] . In order to construct a new different supply chain related operations, e.g., submit-
block and add it to the distributed ledger, a partici- ting new request for raw material, tracking transporta-
pant has to solve a computation intensive problem and tion information, processing bill of lading, and analyz-
attach the result to the new block as proof of his/her ing historical data related to the user. Supply chain is
work. a complex system and CoC supports multiple ordinary
Pros. The mechanism is simple and fair.
users to collaborate with each other. Ordinary users
Cons. It wastes a lot of computation resources and
are the major information contributors to CoC.
has relatively high latency.
• Third Party Users. Besides ordinary users, there
• Proof-of-Stake[13] . Participants accumulate stake
is another group of users, third party users, who mainly
according to the pre-defined accumulation scheme, and
monitoring supply chain information with CoC. Typi-
a certain amount of stake has to be used to create a
cal third party users include government entities such as
new block. Therefore, any participant who has enough
stake can generate a new block instantly. customs and insurance companies who need to monitor
Pros. This approach can generate blocks with very the status of the goods.
low latency when the system has enough stake availa- • Supporting Entities. CoC also includes some sup-
ble. porting entities for supply chain operations. Two of the
Cons. It is a challenge to design a stable stake ac- main supporting entities are identity management com-
cumulation scheme, and the system may go to two ex- ponent and financial institutions. Here identity mana-
treme statuses: no one has enough stake to generate a gement can be part of CoC, while financial institutions
block, or everyone has enough stake to generate a block. have their own IT system and only interact with CoC to
• Permissioned[14] . A set of trusted parties is re- provide required services such as payment processing.
sponsible for block generation. One party that belongs In the following of the paper, if not explicitly stated,
to the set can attach a signature to the block and the the term “user” stands for ordinary user, third party
block is recognized as a valid one. user, or both of them.
Pros. The mechanism is simple and new blocks can
be generated very fast. 3.2 Hybrid Model of CoC
Cons. This strategy requires a different security
model (e.g., some nodes are trusted and it is not public) Existing models of decentralized ledger do not fit the
and only fits certain scenarios like transactions between requirements of supply chain management very well.
financial institutes. • Proof-of-work involves heavy computation and is
Both proof-of-work and proof-of-stake based dis- usually slow, which may not be able to satisfy the de-
tributed ledger use the longest-chain strategy to resolve mands of supply chain management.
Zhimin Gao et al.: CoC: A Unified Distributed Ledger Based Supply Chain Management System 241

• Proof-of-stake is not stable for supply chain mana- In most cases, they just monitor information stored
gement system as it is hard to predict the demands of in CoC and do not add new information. Support
blocks. entities include financial institutions for payment ser-
• CoC aims at providing a unified supply chain vice and identity management component. The sys-
management platform that can serve multiple entities tem also involves a large number of helpers, who fa-
that do not need to fully trust each other, and it is hard cilitate the generation of blocks that are used to hold
to achieve an agreement on the nodes that compromise supply chain information. Helpers play the role similar
the permissioned network for block construction. to miners of cryptocurrency systems like Bitcoin○ 8
and
Considering all the limitations of existing models Ethereum○ . 9

and the special requirements of supply chain mana- Security Model. We assume supporting entities are
gement, CoC separates the right to submit records fully trusted, e.g., they will follow pre-defined proto-
and the right to build blocks by using a hybrid cols to collaborate with other parties and will not try
model to organize the underlying distributed ledger. to inject faked information into the system. Third party
Specifically, CoC allows only users, third party users, users are usually large companies and government agen-
and supporting entities to submit supply chain re- cies, and also trusted, and they will follow the policies
lated records to the system, but the block construc- to perform their tasks (e.g., generating certificate of
tion is open to the public and based on proof-of- compliance or insurance). Any individual helper is not
work. Those who contribute their computation re- trusted, and he/she may try to compromise the system
sources to help to build and maintain the distributed using different ways. However, the number of helpers is
ledger are called “helpers”. The number of helpers usually large, and the majority of them are honest and
is relatively large and driven by the demands. CoC will follow pre-defined protocols. The users are not fully
does not put much restriction on helpers. Anyone trusted. Although they have the incentive to keep ac-
with reasonable computation resources can join the curate information to support their business activities,
system to contribute to block construction, as de- it is hard to guarantee that all of the users have ade-
scribed in Subsection 4.1. They can also leave the quate cyber protection and they may be compromised
system freely. Fig.3 illustrates the system and diffe- (e.g., loss of private key, infected by Trojan or viruses).
rent types of entities involved. Users (e.g., factories, A compromised user may try to generate invalid sup-
transportation companies) use the system for supply ply chain information and/or try to modify historical
chain information management. Third party users in- data. We also assume communications between diffe-
clude insurance companies and government regulators. rent parties are secure, i.e., an attacker cannot tamper
or eavesdrop the exchanged messages between any two
Third parties, which can be achieved by using SSL (Security
Users Party
Users Socket Layer).

4 Detailed Design of Key Components of CoC

In this section, we describe the design of key com-

ponents of CoC, including ledger construction, storage
scheme, identity management, and information protec-
tion.

4.1 Block Construction in CoC

Supporting
Helpers As discussed earlier, one of the main challenges of
Entities
using decentralized ledger for supply chain management
Blockchain Communication Network system is to support a large number of operations in a
short time. According to the overview of CoC given in
Fig.3. Overview of CoC. Section 3, users are not fully trusted and permissioned

○
8
Nakamoto S. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf, Jan. 2018.
○
9
Wood G. Ethereum: A secure decentralised generalised transaction ledger. http://www.cryptopapers.net/papers/ethereum-ye-
llowpaper.pdf, Jan. 2018.
242 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

blockchain system cannot be used to reach low latency added, helpers wait for a certain number of new blocks
block construction. The proof-of-stake strategy does to be added after b. Satoshi proved that if six blocks
not work well either for supply chain management be- are added after b, it is very likely that b is on the longest
cause the amount of transactions is not fixed and it is chain○10
.
very likely that the stake system goes to two extreme
cases (i.e., no one has enough stake or everyone has Previous Hash
enough stake to create a valid block).
Requester ID
Two-Step Block Construction. To overcome the per-
formance obstacles of DLT while taking supply chain Creator ID
Previous Hash
management characters into consideration, we propose Reservation Time
Reservation ID
a novel two-step approach for block construction for Creation Time
CoC. The basic idea is to allow users to reserve blocks Request Sequence Supply Chain
for near future usage based on their prediction, and Number Record
then the users can use reserved blocks immediately Mining Proof
when they are needed (as depicted in Fig.4). Creator Signature Endorsement

(a) (b)
Reservation Fig.5. Two block structures for reservation and supply chain
Ă Ă Ledger data. For data block, the field “supply chain record” is used to
hold various kinds of information from order, payment, to bill of
lading. (a) Reservation block. (b) Data block.

Supply Chain • Step 2: Generation of Data Blocks. When a user

Ă Ă
Information Ledger
has one supply chain record that needs to be put into
user Data Block the distributed ledger holding real data, he/she first
user Reservation Block checks the reservation ledger to see whether he/she has
available reservations for block generation. If he/she
Fig.4. Two-step block generation. Before the user can put a
supply chain record into the chain, it has to make a reservation has an available reservation, a data block is constructed
in another chain. The reservation is confirmed by proof-of-work, for supply chain record and the proof of reservation is
i.e., someone has to complete a computation intensive task for
a reservation. As showed in the figure, user1 and user2 reserve
included in the block. Fig.5(b) shows the structure of a
two blocks for their supply chain information in the reservation data block. Putting this block in the data ledger does
ledger respectively. user1 uses one of his/her reservations and not require proof-of-work. When other peers receive
user2 uses both. If user2 wants to put more information to
the supply chain information chain, he/she has to make extra the new block, they first check its validity: whether
reservations. the block is properly constructed and whether attached
Specifically, the two-step block construction mecha- reservation information is valid. If the new block passes
nism works as follows. all the checks, it is accepted and added to the ledger.
• Step 1: Generation of Reservation Blocks. When The system also needs to achieve a consensus on all
a user submits his/her reservation request to the sys- accepted blocks and different consensus protocols such
tem, the request is distributed to all helpers through as Paxos[18] can be used for this purpose. Note that if
gossip protocol[17]. Helpers who receive the request try the record embedded in the new block involves multi-
to create a block through mining. Fig.5(a) depicts an ple users, all of them need to sign the record to prevent
example structure of the reservation block. For each faking information.
block included in the reservation ledger, it contains the The two-step block construction method does not
information of the user who wants to reserve the block, reduce the overall work load or latency compared with
the fee the user wants to pay for the block, the identity proof-of-work based approach. In fact, the work load
of the helper who creates it, and other essential infor- and latency for the first step are very similar to those of
mation. Note that all helpers have to reach a consensus classical proof-of-work based blockchain construction.
on the reservation chain. Specifically, everyone checks But it provides a mechanism to shift the latency: as
whether a block is on the current longest-chain to de- long as a user has enough reservation, the latency of
termine whether to accept it or not. For a block b just adding a new supply chain record can be very low.

○
10
Nakamoto S. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf, Jan. 2018.
Zhimin Gao et al.: CoC: A Unified Distributed Ledger Based Supply Chain Management System 243

For the reservation step, the latency is determined which branch to follow by using the longest-chain prin-
by both the demands (the number of reservation re- ciple, and check whether a given block is valid or not.
quests) and the supply (the number of reservations that But when a helper broadcasts a new block to be added
can be generated in a given period). This is a typi- to RL, he/she still needs to provide the complete block
cal supply-demand equilibrium problem. From supply and thus other helpers can verify its validity.
perspective, reservation blocks are generated through
mining, and by leveraging throughput scalable proof- Block Block Block
Header Header Header
of-work protocol○ 11 [19]
, the supply increases when more
helpers join the system. Because users pay for reserva- Block Block Block
Ă
tion, the market mechanism can automatically adjust Contents Contents Contents
the supply and demand of reservations.
Fig.6. Helpers can store headers of blocks in the dotted box to
The two-step block construction method can also be
reduce storage cost.
applied to other distributed ledger applications where
the requirements are similar to those of the supply chain For users, they need to access RL for two purposes:
1) obtaining blocks containing their own reservation
management system.
information to create new blocks in DL; 2) verifying
whether blocks submitted to DL have a valid reserva-
4.2 Storage Design of CoC
tion. Therefore, a user can keep blocks that contain
Supply chain management is in essence the mana- his/her own reservation and ignore other blocks on DL.
gement of corresponding information. Therefore, it is To determine whether to accept a new block on DL,
critical to have an efficient way to organize the infor- he/she can query helpers to check corresponding reser-
mation that is flexible enough to support various ope- vation block.
rations. Data Ledger Storage. DL is used to store real supply
According to the design of CoC, it needs to main- chain information, and its construction relies on RL. As
tain two decentralized ledgers: the reservation ledger supporting entities and helpers do not need track sup-
(RL) and the data ledger (DL). Although decentralized ply chain information, they do not store blocks on DL.
ledger technology brings many useful features, it is not Third party users usually need to monitor supply chain
information of different ordinary users, and thus they
easy to manage them efficiently. The simplest approach
keep a full copy of DL and can serve as full nodes like
to maintaining the two ledgers is to let everyone in CoC
in the Bitcoin system. For ordinary users, they only
keep full copies of both of them. However, this is a
care about supply chain information related to them
waste of storage resources as different players in the
and keep these blocks contain such information. In ad-
system need different information. We design a more
dition to these blocks, they also store all headers of DL
efficient storage scheme for CoC to manage the two
to facilitate adding new blocks to DL. Supporting en-
ledgers, which allows different players to store ledgers
tities can choose to store blocks related to them and
in different ways.
headers of DL to verify the validity of other blocks.
Reservation Ledger Storage. The construction of Table 1 summarizes storage strategies for different
reservation ledger involves users and helpers, where types of participants.
users submit reservation requests and helpers conduct
mining to build blocks. Table 1. CoC Storage Strategies for Different Parties
For helpers, they play a similar role as miners in Bit- Role RL DL
Helper Headers of RL NA
coin system. But unlike Bitcoin and other cryptocur-
Ordinary user His/her own Related blocks
rency systems, blocks stored in RL are independent, reservation blocks and headers of DL∗
i.e., when a new block is created, helpers do not need Third party user NA Complete ledger
to check previous blocks to verify its validity. There- Supporting NA Related blocks
entity and headers of DL∗
fore, a helper can keep headers of blocks instead of the
Note: ∗: if ordinary users and supporting entities want to fur-
whole blocks to reduce the storage cost, as depicted in ther reduce the storage cost, they can choose to trust third party
Fig.6. With block headers, a helper can still determine users and discard all local storage related to DL.

○
11
Luu L, Narayanan V, Baweja K, Zheng C D, Gilbert S, Saxena P. SCP: A computationally-scalable byzantine consensus protocol
for blockchains. https://www.weusecoins.com/assets/pdf/library/SCP%20-%20%20A%20Computationally-Scalable%20Byzantine.pdf,
Jan. 2018.
244 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

4.3 Identity Management of CoC • Record Encryption. The creator of a record selects
a random AES key dek to encrypt the record. It is the
Decentralized ledgers used in Bitcoin and other fully creator’s responsibility to select adequate attributes of
open systems do not have a centralized identity mana- the record to encrypt and keep other parts in plain-text.
gement component, and each participant can generate • Authorizing Access. The creator also creates a list
his/her own credential, e.g., public/private key pair. of users/supporting entities, e.g., involved companies,
However, the supply chain management scenario is not government agencies, and financial institutions. By
a complete open environment, and the participants are working together with the identity management com-
not equal and play different roles (as depicted in Fig.3). ponent, the creator further encrypts dek with public
Therefore, it is necessary to have an identity mana- keys of users/supporting entities in the list. Cipher-
gement mechanism, and CoC uses “supporting entity” texts of dek can be stored together with the encrypted
for this purpose. record on the distributed ledger as an evidence that the
“Helpers” are the largest group in CoC, and this creator has allowed these access.
group is usually quite dynamic and expensive to man- With this design, helpers and unrelated
age in a centralized way. Furthermore, helpers only con- users/supporting entities are not able to learn use-
tribute their computation resources to maintain CoC ful information by observing the distributed ledger
and there is no need to authenticate their identities. because they do not have access to the key dek. This
Therefore, CoC does not need to manage helpers, and approach is independent of the underlying decentra-
they can generate their own public/private key pairs lized ledger and can support flexible record level access
without notifying others. Their identities are used to control. If a group of records are shared with the same
receive rewards from users. set of users/supporting entities, the creator can also
“Users” generate supply chain information and thus use the same dek to avoid multiple time key distri-
it is necessary to bind information with its creator. CoC bution. Other encryption techniques that are used for
uses a centralized identity management component (as secure data distribution can also be used, e.g., attribute
part of supporting entities) to generate public/private encryption and proxy re-encryption[22-23] .
key pairs for users and they use the keys to generate
digital signatures for the information they submit to 5 Evaluation of CoC
CoC to guarantee the authenticity/integrity. There
are some on-going studies on building PKI with de- In this section, we analyze the security of CoC, i.e.,
centralized ledger[20-21] , which can be used to replace a whether an attacker can alter historical data or insert
centralized identity management system in the future. fake data to the ledgers used by CoC.
For finical institutions that work as supporting entities,
they maintain their own identity management system 5.1 Security Analysis
as they usually have their own standards and compli-
Security of RL. Since RL is built with proof-of-
ance requirements.
work, an attacker cannot alter historical data unless
A centralized identity management does not mean
he/she controls more computation power than all hon-
that it has to be operated by a single entity. Multi-
est helpers○12 [24]
. An attacker cannot insert reservations
ple identity management systems can be integrated as
to RL without authorization from a user either because
long as they can collaborate with others. Besides us-
digital signature is used to issue a reservation request.
ing public/private key pair to identify a user, CoC also
Security of DL. According to the design of CoC,
supports using biometrics for identity management.
only authorized users are allowed to add new blocks
4.4 Information Protection of CoC to RL, and it is more like permissioned ledger[25] . If a
malicious user wants to alter an existing block, he/she
When multiple companies are using CoC, their sup- needs to compete with all honest users for reservations.
ply chain management related records are mixed and As reservation requests are not free, this is equivalent
stored on the same distributed ledger. However, they to the case that the malicious user pays more than all
do not want to disclose information to unrelated parties. other users together.
To address this problem, encryption is used to protect Note that unlike cryptocurrency systems, it is eas-
supply chain management records on the ledger. ier for CoC to prevent invalid blocks because cryptocur-

○
12
Nakamoto S. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf, Jan. 2018.
Zhimin Gao et al.: CoC: A Unified Distributed Ledger Based Supply Chain Management System 245

rency system handles purely information in cyber space Note that the two-step block construction allows the
but CoC has connections with physical world. For ex- reservation ledger to focus on throughput improving
ample, if user A wants to add a block indicating that without considering latency too much. This is much
he/she has transferred a container to user B, the block easier than improving both of them.
must be signed by both of them and they do not need
to scan previous blocks to check whether this activity 5.3 Experimental Results
is valid.
As we discussed in above subsections, the perfor-
mance of CoC is determined by the second step of
5.2 Performance Analysis
block construction. Therefore, we focus on the per-
Latency. Fig.7 demonstrates the relationship be- formance of this step. We implement key compo-
tween latencies of making reservation and generating a nents of CoC using code base of Hyperledger Fabric[29] ,
data block. As long as t2 6 t3 , the latency of adding a and utilize practical BFT for the second step of block
new data block (t4 − t3 ) is independent of the latency construction[30] , where users (e.g., factories and trans-
of making a reservation (t2 − t1 ). portation companies) submit their records to the sys-
The major factors that affect the value of (t4 − t3 ) tem.
are as follows. Because helpers scatter around the globe, it is better
to conduct the experiments using machines in different
physical locations. Therefore, we use Amazon cloud as
First Step Latency Second Step Latency
the testbed and its machines are from multiple data
Reservation Request Supply Chain Operation
t t centers. Specifically, we use EC2 t2.micro instances
Time
t t running Ubuntu 14.04 and each instance has one CPU
Reservation Block Created Data Block Created core and 1 GB memory. All instances are evenly dis-
tributed in four data centers located in California,
Fig.7. Latency of two-step block generation.
Virginia, Ohio, and London respectively. Fig.8 shows
the latency of the second step of block construction
• Latency to Verify a Block. When receiving a data with different numbers of users in different locations,
block, the user needs to verify whether it is valid or not. and Fig.9 shows the throughput. The latency of the
The verification is further divided into two parts: veri- second step is roughly linear to the number of helpers
fying the block and verifying the reservation. The first in the system. When there are 100 helpers in the sys-
operation only involves the verification of digital signa- tem, we achieve a latency about 16 seconds, which is
tures, and is not a problem for modern computers. To much better than purely proof-of-work based system
verify the reservation, the user needs to query helpers like Bitcoin. It is unsurprisingly that the throughput is
who maintain headers of the reservation ledger, which in inverse proportion to the latency. When we have 100
is also very cheap.
16
• Latency to Achieve Consensus. Because the sec-
14
ond step uses classical consensus protocol such as BFT
12
protocol, the latency to achieve consensus is much lower
Latency (s)

than that to use use proof-of-work and longest-chain[24]. 10

Throughput. The throughput of CoC is determined 8

by the minimal throughput of the reservation ledger 6
and the data ledger. Because the data ledger uses BFT 4
protocol, it can achieve very high throughput[26-27] . For 2
the reservation ledger generated by proof-of-work, there 0
are many techniques available to improve its through- 0 10 20 30 40 50 60 70 80 90 100

put such as using larger block size to hold more reser- Number of Nodes
Fig.8. Latency of the second step of block construction with
vation requests[28] and divide-and-conquer strategy to different numbers of helpers. These helpers reside in different
make it scalable○ 13
. Amazon data centers.

○
13
Luu L, Narayanan V, Baweja K, Zheng C D, Gilbert S, Saxena P. SCP: A computationally-scalable byzantine consensus protocol
for blockchains. https://www.weusecoins.com/assets/pdf/library/SCP%20-%20%20A%20Computationally-Scalable%20Byzantine.pdf,
Jan. 2018.
246 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

300 This approach achieves high throughput and low la-

Number of Transactions

250 tency at the same time but requires special hardware

that supports trusted computing.
per Second

200

150 7 Conclusions
100
Supply chain management plays an important role
50 in the modern economy, especially when business enti-
0
ties are more dependent on each other. CoC leverages
0 10 20 30 40 50 60 70 80 90 100 the emerging distributed ledger technology to build a
Number of Nodes unified supply chain management system, and uses a
Fig.9. Throughput of the second step of block construction series of novel techniques to overcome the limitations
with different numbers of helpers. These helpers reside in diffe-
rent Amazon data centers. of distributed ledger, including the two-step block con-
struction method under hybrid model, efficient ledger
helpers, the system can process about 40 transactions storage, and information protection. Besides the ba-
in one second. Note that a transaction can be a block sic cargo tracing capability, CoC can support various
with multiple records, thereby if we put 10 records in a supply chain management tasks such as bill of lading,
single block, the system can process 400 records in one international trade compliance, and customs clearance.
second. Using a larger block size can further improve We also analyzed the security and performance of CoC
the throughput. to show that it satisfies the major requirements of sup-
ply chain management. For the next step, we plan to
6 Related Work keep improving the prototype and evaluate its effective-
ness in production environment.
In this section, we briefly review related work.
Using DLT for Supply Chain Management. Kor- References
pela et al. noticed that blockchain technology offers
[1] Laseter T, Oliver K. When will supply chain management
a public model to connect different stakeholders and grow up? Strategy + Business, 2003. https://www.stra-
provided a set of factors that affect the adoption of tegy-business.com/article/03304, Jan. 2018.
such system[31] . Tian[32] proposed a design of agri-food [2] Dai J, Ding Z M, Xu J J. Context-based moving object tra-
jectory uncertainty reduction and ranking in road network.
supply chain that combines RFID and decentralized
Journal of Computer Science and Technology, 2016, 31(1):
ledger. This work mentioned some performance limi- 167-184.
tations of blockchain but did not give any solution[32] . [3] Liu H L, Chen Q, Li Z H. Optimization techniques for
IBM also introduced its blockchain-based supply chain RFID complex event processing. Journal of Computer Sci-
ence and Technology, 2009, 24(4): 723-733.
management system and blockchain-based bill of lad-
[4] He W, Tan E L, Lee E W, Li T Y. A solution for integrated
ing system on top of the Hyperledger project, which is track and trace in supply chain based on RFID & GPS. In
a purely permissioned decentralized ledger platform[29] . Proc. IEEE Conf. Emerging Technologies & Factory Au-
There are other studies along this direction[9-10,33] ○14
. tomation, September 2009.
[5] Lindner M, Marquez F G, Chapman C, Clayman S, Hen-
However, most of these studies ignore the limitations
riksson D, Elmroth E. The cloud supply chain: A frame-
of distributed ledger and just use it as a storage mecha- work for information, monitoring, accounting and billing.
nism to replace existing file system/database. In Proc. the 2nd Int. ICST Conf. Cloud Computing, Octo-
DLT Performance. Distributed ledger technology ber 2010.
[6] Gazet A. Comparative analysis of various ransomware virii.
finds various applications in different sectors, and many
Journal in Computer Virology, 2010, 6(1): 77-90.
efforts have been spent on improving its performance. [7] Garay J, Kiayias A, Leonardos N. The Bitcoin backbone
One direction is to replace proof-of-work/longest-chain protocol: Analysis and applications. In Proc. the 34th An-
with Byzantine fault tolerant protocols[24], which works nual Int. Conf. the Theory and Applications of Crypto-
graphic Techniques, April 2015, pp.281-310.
well in a closed environment but not suitable for sup-
[8] Lemieux V L. Trusting records: Is blockchain technology
ply chain management. Trusted computing technology the answer? Records Management Journal, 2016, 26(2):
is also used for distributed ledger construction[34-35] . 110-139.

○
14
Parker L. Blockchain tech companies focus on the $40 trillion supply chain market, 2016. https://bravenewcoin.com/news/bl-
ockchain-tech-companies-focus-on-the-40-trillion-supply-chain-market/, Jan. 2018.
Zhimin Gao et al.: CoC: A Unified Distributed Ledger Based Supply Chain Management System 247

[9] Morabito V. Blockchain practices. In Business Innova- [27] Kotla R, Dahlin M. High throughput Byzantine fault tole-
tion Through Blockchain: The B3 Perspective, Morabito rance. In Proc. Int. Conf. Dependable Systems and Net-
V (ed.), Springer, 2017, pp.145-166. works, July 2004, pp.575-584.
[10] Lehmacher W. Global dynamics and key trends. In The [28] Croman K, Decker C, Eyal I, Gencer A E, Juels A, Kosba
Global Supply Chain: How Technology and Circular Think- A, Miller A, Saxena P, Shi E, Sirer E G, Song D, Watten-
ing Transform Our Future, Lehmacher W (ed.), Springer, hofer R. On scaling decentralized blockchains. In Proc. Int.
2017, pp.67-112. Conf. Financial Cryptography and Data Security, February
[11] Cooper M C, Lambert D M, Pagh J D. Supply chain mana- 2016, pp.106-125.
gement: More than a new name for logistics. The Interna- [29] Cachin C. Architecture of the hyperledger blockchain fab-
tional Journal of Logistics Management, 1997, 8(1): 1-14. ric. In Proc. the Workshop on Distributed Cryptocurrencies
[12] Fox M S, Chionglo J F, Barbuceanu M. The integrated sup- and Consensus Ledgers, July 2016.
ply chain management system. Technical Report, Depart- [30] Wood T, Singh R, Venkataramani A, Shenoy P, Cecchet E.
ment of Industrial Engineering, University of Toronto, 1993. ZZ and the art of practical BFT execution. In Proc. the 6th
[13] Buterin V. What proof of stake is and why it matters. Bit- Conf. Computer Systems, April 2011, pp.123-138.
coin Magazine, 2013. https://bitcoinmagazine.com/articl- [31] Korpela K, Hallikas J, Dahlberg T. Digital supply chain
es/what-proof-of-stake-is-and-why-it-matters-1377531463, transformation toward blockchain integration. In Proc.
Jan. 2018. the 50th Hawaii Int. Conf. System Sciences, Jan. 2017,
[14] Xu X W, Pautasso C, Zhu L M, Gramoli V, Ponomarev A, pp.4182-4191.
Tran A B, Chen S P. The blockchain as a software connec- [32] Tian F. An agri-food supply chain traceability system for
tor. In Proc the 13th Working IEEE/IFIP Conf. Software China based on RFID & blockchain technology. In Proc. the
Architecture, April 2016, pp.182-191. 13th Int. Conf. Service Systems and Service Management,
[15] Castro M, Liskov B. Practical Byzantine fault tolerance and June 2016, pp.1-6.
proactive recovery. ACM Trans. Computer Systems, 2002, [33] Abeyratne S A, Monfared R P. Blockchain ready manufac-
20(4): 398-461. turing supply chain using distributed ledger. International
[16] Lamport L, Shostak R, Pease M. The Byzantine Generals Journal of Research in Engineering and Technology, 2016,
Problem. ACM Trans. Programming Languages and Sys- 5(9): 1-10.
tems, 1982, 4(3): 382-401. [34] Milutinovic M, He W, Wu H, Kanwal M. Proof of luck:
[17] Kermarrec A M, van Steen M. Gossiping in distributed An efficient blockchain consensus protocol. In Proc. the 1st
systems. ACM SIGOPS Operating Systems Review, 2007, Workshop on System Software for Trusted Execution, Dec.
41(5): 2-7. 2016, Article No. 2.
[18] Lamport L. The part-time parliament. ACM Trans. Com- [35] Intel. Blockchain and its emerging role in healthcare
puter Systems, 1998, 16(2): 133-169. and health-related research. Technical Report 4150-45-P,
[19] Eyal I, Gencer A E, Sirer E G, van Renesse R. Bitcoin- 2016. https://s3.amazonaws.com/public-inspection.federa-
NG: A scalable blockchain protocol. In Proc. the 13th lregister.gov/2016-16133.pdf, Jan. 2018.
USENIX Conf. Networked Systems Design and Implemen-
tation, March 2016, pp.45-59.
[20] Lewison K, Corella F. Backing rich credentials with Zhimin Gao received his B.S.
a blockchain PKI. Technical Report, Pomcor, 2016. degree in software engineering from
https://pomcor.com/techreports/BlockchainPKI.pdf, Jan. South China Agricultural University,
2018.
Guangzhou, in 2009, and his Ph.D. de-
[21] Al-Bassam M. SCPKI: A smart contract-based PKI and
gree in computer science from University
identity system. In Proc. the ACM Workshop on Blockchain
Cryptocurrencies and Contracts, April 2017, pp.35-40.
of Houston, Houston, in 2017. He is cur-
[22] Xu L, Wu X X, Zhang X W. CL-PRE: A certificateless rently working as a post-doctoral fellow
proxy re-encryption scheme for secure data sharing with at University of Houston, Houston. His research interests
public cloud. In Proc. the 7th ACM Symp. Information include blockchain, high-performance computing and cloud
Computer and Communications Security, May 2012, pp.87- computing.
88.
[23] Bethencourt J, Sahai A, Waters B. Ciphertext-policy
Lei Xu received his B.S. degree
attribute-based encryption. In Proc. IEEE Symp. Security in applied mathematics from Hebei
and Privacy, May 2007, pp.321-334. University, Baoding, in 2004, and
[24] Vukolić M. The quest for scalable blockchain fabric: Proof- his Ph.D. degree in computer science
of-work vs. BFT replication. In Proc. the Int. Workshop on from Institute of Software, Chinese
Open Problems in Network Security, October 2015, pp.112- Academy of Sciences, Beijing, in 2011.
125. He is currently a research assistant
[25] Vukolić M. Rethinking permissioned blockchains. In Proc.
professor at University of Houston,
the ACM Workshop on Blockchain Cryptocurrencies and
Houston. From 2011 to 2013, he worked as a research
Contracts, April 2017, pp.3-7.
[26] Guerraoui R, Knežević N, Quéma V, Vukolić M. The next
engineer at the Central Research Institute, Huawei
700 BFT protocols. In Proc. the 5th European Conf. Com- Technologies Co. Ltd., Beijing. His research interests in-
puter Systems, April 2010, pp.363-376. clude blockchain, cloud security, and applied cryptography.
248 J. Comput. Sci. & Technol., Mar. 2018, Vol.33, No.2

Lin Chen received his Ph.D. degree Yang Lu received her M.S. degree in
in computer science from Zhejiang information technology from Southern
University, Hangzhou, in 2013. From Polytechnic State University, Atlanta.
2013 to 2016, he worked as a post- Her research is focused on computing
doctoral fellow at Technical University security and blockchain. She previously
of Berlin, Berlin, and then Hungarian worked as a software engineer at File-
Academy of Science, Budapest. He is Vison LLC. Currently, she works as
currently a research assistant professor project manager in the Department of
at University of Houston, Houston. His research interests Computer Science at the University of Houston, Houston.
include blockchain, stochastic optimization, parameterized
algorithms and complexity.
Weidong Shi received his Ph.D.
degree in computer science from Geor-
Xi Zhao received his Ph.D. (Hons.) gia Institute of Technology, Georgia,
degree in computer science from the where he did research in computer
Ecole Centrale de Lyon, France, in 2010. architecture and computer systems. He
After graduation, he conducted research was previously a senior research staff
in the fields of biometrics, face analysis, engineer at Motorola Research Lab,
and pattern recognition, as a research Nokia Research Center, and co-founder
assistant professor with the Department of a technology startup. Currently, he is employed as an
of Computer Science, University of associate professor by University of Houston, Houston.
Houston, Houston. He is currently an associate professor
in School of Management, Xi’an Jiaotong University,
Xi’an. His research interests include big data analytics,
mobile computing, and computational social science.