Mapping and Traceability: A Concrete Example
By mapping and traceability I don't mean a simple "object-identity" association, but the system's ability to recognize, verify, and correlate every single physical component over time, even when it is moved, replaced, or reused.
A practical example clarifies the concept better.
Phase 1 – PUF Creation
When I generate the PUF by reading the caliber of a mechanical watch, the system acquires millions of unique physical points.
hese points not only describe the caliber as a whole, but also include the micro-characteristics of individual components:
- watch balance wheel
- clock escapement
- wheels
- bridges
- other structural parts
Each component therefore contributes to an overall physical signature, but at the same time has its own recognizable fingerprint within the PUF.
Phase 2 – Replacing a component
Now suppose we replace the balance wheel with a different one.
At the next verification reading:
- all points relating to the rest of the gauge will continue to match;
- the dots identifying the barbell will not match the original ones.
The verification result will therefore be false: the system detects that the watch is no longer compliant with the original configuration.
Phase 3 – Component Traceability
This is where the most interesting aspect comes into play.
If that replaced balance wheel is mounted on another watch, during the PUF reading:
- the system will also compare the physical points of the barbell with the database;
- will recognize that those points do not belong to that caliber, but to another watch already mapped.
The system not only detects the anomaly, but:
- knows which watch the balance wheel comes from;
- knows the identity of that watch;
- and, consequently, knows who the owner of the original watch is (according to the associated information).
What does “traceability” really mean?
In this context, traceability does not only concern the final object, but every single physical component.
A piece cannot be moved without leaving a trace: its physical identity follows it.
This approach makes the following ineffective:
- unauthorized replacements of components,
- “invisible” cannibalizations,
- hybrid reconstructions with parts from different watches.
Conclusion
The combination of ultra-high-resolution physical PUF, component mapping, and time correlation enables a level of control that goes far beyond simple authentication.
It's not just whether a watch is authentic, but whether it's still itself — and, if not, where the parts that modified it came from.
Limitations of a PUF + Blockchain based solution without NFC
Storing the fingerprint/PUF also on an NFC chip embedded in the watch creates a physical-cryptographic link between the object and its digital identity, enabling offline verification, practical anti-cloning, and object-level anti-tampering; the on-chain token alone does not address the “object ↔ token” secure association or the use cases involving network-less or token substitution attacks.
Object-token binding
The key challenge is not just “tokenizing,” but ensuring that the token presented for verification actually comes from that exact physical specimen; a local PUF provides an uncopyable physical identity that can be challenged on-site, cryptographically tying the watch to its on-chain digital twin.
Without a hardware anchor in the asset, an attacker can associate the valid token with a false “twin” (token swapping), because the blockchain certifies the history of the token, not the physical object claiming it at that moment.
Offline testing and UX
PUF/NFC enables rapid verification at the point of sale, in service or customs even without connectivity, by issuing signed/PUF-derived responses that a local verifier can validate and then optionally reconcile with the on-chain hash when the network is available.
Many tag/IoT PUF architectures are designed to operate without persistent secrets in memory, generating ephemeral keys from the PUF on the fly and reducing deployment and maintenance costs and burdens, which is compatible with a low-power NFC chip in the watch.
Anti-cloning and anti-tamper resilience
PUFs provide intrinsic physical uniqueness and are difficult to model or copy, so tying PUF responses to an NFC challenge-response protocol hinders tag cloning and producing convincing replicas of the caliber’s identity.
IoT and supply chain studies show that combining PUF with RFID/NFC and blockchain reduces counterfeiting attacks because the object must physically “prove” its fingerprint in addition to presenting a registered identifier.
Why on-chain tokens alone aren't enough
A “PUF-based” token registered on the blockchain without a secure means in the asset to regenerate/sign proofs from the PUF leaves open to replay, relay, and token reassignment attacks, since the blockchain does not measure physicality at the time of verification; an object-authenticated channel (e.g., NFC) is needed to produce fresh proofs.
Storing the PUF hash on-chain alone does not allow for dynamic challenge-response; a verifier needs the clock to compute a PUF response or PUF key-derived signature in-place to demonstrate liveness and resist static copies of the hash.
Data security on the chip
Best practices do not require storing the PUF fingerprint in clear text; the PUF is used to derive the private key as needed, avoiding storing persistent secrets and reducing the risk of memory inspection of the NFC chip or microcontroller.
In modern architectures, the PUF can also protect additional keys or credentials by encrypting them bound to the PUF, increasing resistance to extraction and compromise compared to traditional static memories.
When it might be enough without NFC
If the only requirement is to certify digital ownership of the token in always-connected environments and with trusted verifiers who have access to the PUF "in the lab", integrated NFC could be avoided, but this would mean sacrificing field verification, user convenience, and protection against token swapping on the secondary market.
For premium brands and global supply chains, the marginal cost of an NFC element with PUF is often justified by the leap in end-to-end security and traceability, especially in post-sale operations and rapid authentication services.
The NFC chip in the watch serves not only to “store” the fingerprint, but also to provide a secure physical anchor and challenge-response channel that strongly links the PUF identity to the real asset, making the on-chain token truly untransferable to a fake; without this anchor, the on-chain alone cannot guarantee that the token is presented by the genuine asset in the user's hand.
In short: a physical NFC anchor with challenge-response protocol significantly reduces tag cloning, static proof replay, token swapping, and most “slow” relays, because it requires fresh proofs tied to the piece’s PUF and proximity/time checks that a remote attacker struggles to satisfy.
Risks mitigated with physical NFC
Tag cloning for memory copy: If the fingerprint/key is not in the clear but derived from the on-the-fly PUF, there is no secret material that can be copied from the tag's memory; simply reading and duplicating the NDEF/UID does not produce a valid challenge-response clone.
Static Response Replay: Using nonces and PUF signatures/computations for each session prevents reusing previous captures, as each verification requires a unique response tied to the challenge and the device's PUF.
Token swapping and object-token binding
Without a physical item on the watch, a counterfeiter can associate a valid on-chain token with a fake; with NFC+PUF, the verifier requires a local proof from the watch's PUF that disproves attempts to present identities “borrowed” from other objects or digital copies.
Issuing signatures/responses based on a PUF-derived key creates a non-transferable link between the object and the digital identity, which is difficult to move to another medium.
Relay attack and proximity
Relay attacks extend the range between reader and tag with a "mole" and a "proxy"; proximity check/distance-bounding protocols and tight frame-waiting times (e.g., a few ms) make it impractical to forward packets over distances without exceeding time limits.
The watch’s built-in NFC, combined with proprietary distance-bounding or “proximity check,” narrows the window for generic smartphone relays, which are otherwise surprisingly practical in standard setups.
Anti-tamper and physical attacks
PUF architectures for smart tags avoid storing CRPs or static keys, reducing the attack surface for memory inspection, glitching, or side-channel extraction of secrets from EEPROM/Flash.
Some schemes use robust temporal voting/“helper data” to stabilize the PUF without revealing useful information about it to the cloner, maintaining operational reliability in the field.
Limitations and best practices
“Fast” relay remains a threat unless strict FWT limits and distance-bounding protocols are enforced; standard contactless systems without such countermeasures are vulnerable even with encryption.
Using NFC Type‑4 with cryptographic capabilities, PUF-derived ECDSA signatures and app-side verification, plus proximity checks at the physical and ISO/14443 stack levels, offers concrete protection against cloning, replay, and most practical relays.
Risk assessment for relay attacks without PUF
The risk assessment for relay attacks without digital PUF highlights significant exposure to vulnerabilities that arise from the ease with which an attacker can intercept and relay signals between NFC devices or keyless systems, replicating authentication and taking control of the device or object (as in the case of contactless car keys).
In the absence of PUF, which provides unique and non-replicable hardware identification, relay attacks become more effective because they rely on the simple transfer of valid signals without the need to know codes or break encryptions. This means that an attacker can duplicate NFC communication between the digital certificate and the physical device, surpassing the security of traditional NFC and associated NFTs.
Immediate risks include:
- Unauthorized access via NFC signal relay
- Temporary cloning of digital identities
- Improper use without the physical presence of the legitimate user
Ultimately, the lack of a digital PUF makes the system more vulnerable to relay attacks because it lacks an intrinsic hardware mechanism to verify the uniqueness of the device, increasing the risk of fraud on high-value products such as luxury watches with integrated NFC and digital certificates. In the absence of a PUF, it is crucial to adopt additional multi-layered security strategies to mitigate these types of attacks.
Quantitative analysis of the probability of success of a relay attack
Quantitatively analyzing the probability of success of a relay attack, in the absence of protections such as digital PUFs, depends on several key factors: the distance between the attackers, the transmission latency, the system's response speed, and the number of possible attempts.
Statistically, the probability of success increases with the number of attempts and the quality of the attack setup, as the relay can exploit variability in signals and timing to be effective. Mathematical models based on normal distributions indicate that the probability of success increases with the square root of the number of messages sent by the attacker, so the more tests performed, the higher the probability of circumventing the system.
In general, without a PUF, which provides a unique and non-replicable hardware identification, the success probability for relay attacks in NFC or similar systems can become even high, empirically estimated in real-world contexts for some keyless attacks as high as 60-80% under favorable conditions, although this depends on the specific system configuration and countermeasures (e.g. timeouts, encryption, multiple authentications).
It is therefore essential to quantitatively assess the risk based on the operational context, the number of detectable attempts, and the presence of specific defenses. Without PUFs and with standard controls, the probability remains significant, recommending the introduction of additional security mechanisms to reduce this risk.
This quantitative assessment is based on statistical theory and empirical data from relay attacks in similar systems such as keyless car keys, which share similar vulnerabilities to NFC systems without a digital PUF.
Practical example of calculating the probability of success of a relay attack on a keyless smartwatch
Imagine a keyless smartwatch communicating via NFC with a car. Suppose the attacker must intercept and relay the NFC signal with a maximum allowed latency of 200 milliseconds to maintain valid communication.
Parameters:
- Number of possible attempts in 1 hour: 3600 (1 per second)
- Single relay attempt success probability (i.e. the ability to capture and relay the signal within 200 ms): 0.15 (15%)
- Number of attempts required for overall success: variable
- Calculate the probability of at least one success in 1 hour (many independent attempts with success at p = 0.15):
- Probability of failing on each attempt: 1 - 0.15 = 0.85
- Probability of failing all 3600 attempts = 0.85 ^3600 ≈ 10^ -254
- Probability of success at least once in 1 hour = 1 - 10^-254 ≈ 1 (virtually certain)
This example shows that if the relay attack has a non-negligible probability on each attempt, and the attacker can make many attempts in a short time, the probability of at least one attempt succeeding quickly approaches 100%.
In summary, in a realistic scenario of a keyless smartwatch without a digital PUF, a well-organized relay attack can almost certainly succeed if there are no stringent limits on communication and authentication attempts, thus confirming the importance of additional hardware mechanisms such as PUF for high robustness.
Mathematical model of the probability of success of a relay attack
A simple and common mathematical model to represent the success probability Ps of a relay attack, considering independent attempts, is based on the success probability p of a single attempt and the number of attempts n:
Ps=1−(1−p)n
Where:
- p is the probability of success in a single attempt (depends on latencies, response times and technical conditions)
- n is the number of attempts made by the attacker
This model assumes independent attempts, and the probability of failure over all attempts is (1 − p)n. Therefore, the higher n, the higher the cumulative probability that at least one attempt will succeed.
To further investigate, in literature and research on similar attacks (e.g. timing attacks, keyless relay attacks), probabilistic models with normal random variables are used to simulate times and latencies, with the probability of success growing proportionally to the square root of the number of attempted messages:
Ps ∝ √n
This reflects that the attacker, by increasing the number of requests, improves his estimate and therefore the probability of success, but with diminishing returns.
In summary, the probability of success of a relay attack can be calculated with:
Ps=1−(1−p)n
and the value of p depends on the technical aspects of the NFC system and the acceptable time window for signal re-broadcasting.
Limitations of an NFC + Blockchain-based solution without PUF
NFC chips (with Secure Element) and blockchain are very powerful authentication technologies, but alone they aren't sufficient to fully protect against counterfeiting. The key to understanding why lies in the nature of the threats and the intrinsic limitations of these technologies.
Limitations of a PUF-free blockchain-based NFC chip solution
NFC Chip (Secure Element): Each chip has a unique UID and can store secure data, but the chip itself can be duplicated, replaced, or attacked (e.g., chip cloning, side-channel attacks, physical replacement). Furthermore, the chip is not intrinsically physically linked to the authentic object: a counterfeiter could attach an original chip to a fake.
Blockchain: Ensures the traceability and immutability of transactions, but does not physically authenticate the object. If the initial data (e.g., the chip's UID) is fake or cloned, the blockchain will also register a fake as authentic. The blockchain only certifies the history of the recorded data, not its physical origin.
Scalability Risk:
If the authentication method relies only on the NFC chip, a counterfeiter can repeat the operation on multiple watches, especially if they manage to obtain multiple original chips or clone them (a technique known as “chip swapping” or “chip cloning”).
By cloning an NFC chip and placing it on multiple watches that share the same UID or chip hash, when an NFC reader reads the chip, retrieves the UID, and compares it with the blockchain ledger. If the chip's UID or hash is present in the blockchain, the system returns a positive result: the digital certificate is valid and appears authentic. Without a PUF, there is no physical link and no way to prove that the NFC chip is linked to the original physical object. The chip can be removed and mounted on a fake, or cloned and distributed across multiple fakes.
However, this doesn't mean that everyone is legitimately "real": here's what happens and why the system can detect fraud.
Limits and risks of cloning
All watches with the same UID will appear “real” during digital verification, but this creates an anomalous situation: multiple physical objects share the same digital identity.
If the system includes auditing or read tracking mechanisms, it can detect that the same UID is being read in multiple locations or at close intervals, flagging potential fraud.
Revocation Policy: If cloning is detected, the digital certificate can be revoked and reported as compromised.
Circumvention of the system and audit or reading tracking mechanisms
If the solution uses only NFC and blockchain, a counterfeiter can circumvent the system and the auditing and/or tracking mechanisms of the readings in several ways, such as:
- Obfuscating readings: A counterfeiter can use techniques to disguise the origin of readings, such as using untracked NFC readers or operating in geographic areas with poor connectivity.
- Read Limitation: A counterfeiter can limit the number of reads of the cloned chip, using it only in contexts where cross-checking or thorough auditing is not required.
- Use in isolated contexts: The cloned chip can be used in contexts where there are no cross-checks with other authentication sources, such as secondary markets or private sales.
This means that audit mechanisms and tracking are not an absolute protection against counterfeiting.
PUF is essential to close this vulnerability and ensure that only the original physical object can be successfully authenticated.
Fundamental role of the PUF (physical fingerprint)
The PUF (Physically Unclonable Function) is a unique and non-reproducible physical signature, derived from intrinsic and random characteristics of the material or geometry of the object (e.g., caliper microstructures).
This fingerprint is impossible to clone or replicate because it depends on stochastic physical processes and microscopic variations that cannot be controlled or reproduced artificially.
PUF creates an unbreakable physical-digital link: even if an NFC chip is cloned or replaced, the physical fingerprint cannot be duplicated on a counterfeit item. PUF adds unique, non-reproducible physical evidence, preventing cloning and making it impossible to pass an original chip onto a fake.
In short: the PUF is necessary because it's the only way to prove that the NFC chip and blockchain are connected to a genuine, non-counterfeit physical object. The PUF (physical fingerprint) is unique to each object and cannot be transferred. Even if the NFC chip is mounted on a fake, the physical fingerprint of the counterfeit watch will never match the original.
Multiple cloning protection
Physical authentication: Only the original object has the correct physical fingerprint. Even if the NFC chip is cloned, the fake will not pass the physical check.
Anti-cloning protection: PUF prevents a single NFC chip from being used to authenticate multiple physical objects, ensuring that only the original can be considered authentic.
PUF is essential because it provides unique and non-reproducible physical proof, closing the cloning vulnerability and ensuring that only the original object can be correctly authenticated.
In short: the PUF is necessary because it is the only way to prove that the NFC chip and the UID registered on the blockchain refer to a unique, authentic and non-counterfeit physical object.
Furthermore, if the system requires cross-verification with the physical fingerprint (PUF), only the original watch will have the correct fingerprint: the others, even with a cloned chip, will not pass the physical check.
Without a PUF, the system is vulnerable to NFC chip cloning and replacement, and auditing or reading tracking mechanisms can be circumvented. The PUF is essential to close this vulnerability and ensure that only the original physical object can be properly authenticated.
Conclusion
If the system relies solely on NFC chips and blockchain, without a PUF, the main risk is that the proof of authenticity will be purely digital and transferable. This means that security depends only on the impossibility of cloning the NFC chip, but not on physical proof that the object is original.
PUF adds additional protection that makes “chip swapping” as a counterfeiting strategy impossible, ensuring that only the original physical object can be successfully authenticated.
Stand-alone NFT vulnerabilities
In the following article published on ICT Security Magazine
https://www.ictsecuritymagazine.com/articoli/blockchain-forensics/
The intrinsic limitations of NFT technologies and the related regulatory framework are thoroughly analyzed. The analysis highlights how the adoption of NFTs, if not supported by additional technological layers, presents significant critical issues in terms of security, traceability, and forensic investigations.
Some passages are particularly significant.
"The immutable and transparent nature of blockchain, while theoretically allowing for indefinite traceability of transactions, does not automatically guarantee the identifiability of the actors involved. The transparency of the distributed ledger does not equate to the ability to reliably attribute transactions to natural or legal persons, and this distinction represents one of the main operational limitations in investigations into NFTs and DeFi protocols."
"In the context of NFTs, this issue is particularly evident. A non-fungible token is not a simple digital certificate of ownership, but a hybrid object that exists simultaneously on-chain and off-chain. The blockchain records the transfer of a cryptographic hash, while the underlying asset—image, video, or document—often resides on external infrastructures such as IPFS, cloud platforms, or centralized servers under the creator's control. This separation between verifiable ownership and actual control of the asset creates gray areas that complicate investigative activities and limit the effectiveness of traditional blockchain analysis tools."
"Even the smart contracts that govern NFT marketplaces, while accurately recording every transaction, are unable to determine whether multiple wallets involved in suspicious transactions—for example, price inflation mechanisms—belong to the same entity. On-chain data alone doesn't allow us to distinguish between legitimate activities and coordinated fraudulent schemes."
"According to the joint Eurojust–Europol 2024 report on cybercrime, fraud is the crime most frequently associated with the use of NFTs, while decentralized finance remains one of the main emerging channels for laundering criminal proceeds."
"Further critical issues arise from the use of advanced obfuscation techniques and the complexity of smart contracts. Potentially malicious functionality can be hidden through code obfuscation, distributing logic across multiple interconnected contracts, or conditioned activation by complex call sequences. Forensic analysis, in these cases, must not only reconstruct what happened on the blockchain, but also what the contract was designed to do. This requires reverse engineering skills on Solidity or Vyper code, knowledge of DeFi protocol design patterns, and the ability to identify deviations from established standards that could indicate fraudulent intent."
Conclusion
NFT technologies express their full potential only when integrated into larger, multi-layered systems. Using NFTs as an isolated component is not enough to guarantee security, authenticity, and resistance to attacks. Integration with complementary technologies—physical, cryptographic, and verification—enables the construction of truly robust systems capable of effectively combating cloning, fraud, and hacking.
Standalone PUF Vulnerability
The document at the address https://arxiv.org/html/2512.09150v1#S5 (Section V: “Toward Holistic Security: Strategy Space of Authentication Attacks”) systematically analyzes security vulnerabilities in surface PUF (Physically Unclonable Functions)-based authentication systems, showing how physical and digital attacks can compromise the system at different operational levels.
Section summary:
- The paper proposes a four-stage operational framework for the security of surface PUF-based systems (image acquisition, feature extraction, data storage, decision making).
- Each stage is examined to identify the most likely attack types (physical DoS, spoofing, modeling attacks, reverse engineering attacks, etc.).
- A set of desired security properties (confidentiality, integrity, revocability, replay resistance, availability) is defined and how each attack can compromise one or more of these properties is shown.
- The paper emphasizes that threat analysis must be comprehensive and systematic, considering both physical attacks (e.g., surface damage) and digital attacks (e.g., synthetic feature generation).
- It is highlighted that the absence of specific countermeasures (e.g., template protection, key revocability, resistance to modeling attacks) can leave the system vulnerable even if the PUF is intrinsically secure.
Conclusion
This section shows that the security of PUF-based systems depends not only on the physical uniqueness of the PUF, but also on the robustness of the individual modules and the ability to detect and counter attacks at all stages of the authentication process.
and again
From the publication "Ultra-Durable Embedded Unclonable Physical Functions"
https://pubs.acs.org/doi/10.1021/acsami.4c01726
It follows that embedded PUFs offer a key advantage: the physical identity is embedded in the substrate and is highly resistant to thermal and mechanical stress. The main risk is not so much "breaking the PUF" as bypassing the verification process (reading, database, replay, governance).
1) Threats to the physical-digital connection
- Threat: “PUF ≠ product”
- The authentic PUF can be moved, transplanted, or associated with a different object, if there is no physical/packaging constraint that makes the operation destructive or obvious.
- Mitigations
- Design an integration constraint: PUF in area that, if removed, irreversibly damages component/structure.
- Multi-anchoring: Multiple PUF points on different slices (or key components), so that transplanting requires “transplanting everything”.
- Component Registry: Associate physical identity not only with the object, but with its critical elements (component mapping).
2) Threats of “replay” and cloning of evidence
- Threat: Image or template replay
- If an attacker obtains a copy of the template (image or feature-set), they can attempt to pass it off as a real read, especially in “software-only” verification chains.
- Mitigations
- Session-based challenge–response: The reading must include a variable challenge (e.g., lighting pattern/angle/parameters controlled by the reader) that produces a non-reusable response.
Invia com - Reader attestation: The acquisition device must sign the results with a hardware key (secure element/TPM).
- Authenticated channel: encrypted upload + device-side signature; rejects unsigned input.
- Time-bound, backend-consumed anti-replay token (nonce).
3) Threats to reading quality (false reject / false accept)
- Threat: Environmental and operational variability
- Dust, oils, scratches, reflections, movement, focus, and lighting can degrade matching and introduce errors.
- Mitigations
- Reading specifications: define allowable ranges for distance, magnification, illumination, exposure.
- Robust normalization: A pipeline that handles rotation, scaling, lighting, and blur.
- Quality gate: before matching, calculate a quality index; if below the threshold → repeat acquisition.
- Redundancy: More acquisitions per verification (best-of / majority vote) and/or more ROIs (regions of interest).
4) Threats from a “fab-capable” (high budget) opponent
- Threat: Replication via microfab/advanced metrology
- An actor with access to microfab metrology and processes can attempt a topographic replication.
- Mitigations
- Increase multi-scale complexity: combine micro-features and nano-features (or different pattern levels) so that replication requires multiple, very expensive processes.
- Depth/Contrast Control: Optimize etching parameters to reduce surface stamping attack.
- Co-design with packaging: protect the PUF area and make its replication economically unsustainable given the attackable value.
5) Database, enrollment and insider threats
- Threat: Database compromise or fraudulent enrollment
- If the template database is compromised, or if the enrollment is manipulable (insider), the entire system loses credibility.
- Mitigations
- Secret separation: Don't store raw images unnecessarily; use non-invertible feature sets + hashing.
- Immutable audit trail: Write events (enrollments, verifications, transfers) to an append-only log (e.g., blockchain or WORM log).
- Dual control for enrollment: separate roles and multiple approvals (four-eyes principle).
- Revocation and re-enrollment: Formal procedures for managing anomalous events (theft, tampering, authorized substitutions).
6) Privacy and proprietary attributes
- Threat: Undue correlation (owner tracking)
- If you directly connect PUF → person, privacy and legal risks increase.
- Mitigations
- Pseudonymization: Only technical IDs are present on the public ledger; personal data remains off-chain, minimized, and accessible by role.
- Controlled disclosure: “proof of authenticity” without revealing identity (e.g., layered attestations).
- Policy and compliance: access logs, retention, right to deletion where applicable (without destroying the technical audit).
Technical positioning
The embedded PUF is the physical anchor of truth; end-to-end security depends on the read protocol, anti-replay, reader attestation, and data governance.
Stand-alone Blockchain Vulnerabilities
The paper "Blockchain-based methods for identifying counterfeit products" at
https://www.ijpe-online.com/EN/10.23940/ijpe.24.10.p5.631639
analyzes the use of blockchain as a tool for identifying counterfeit products, proposing a framework (FPI – Fake Product Identification) based on:
- product registration,
- supply chain tracking,
- verification by the consumer via QR code,
- smart contracts on Ethereum.
The goal is to improve security, transparency, and traceability compared to traditional centralized systems.
Basic idea
Blockchain is used as an immutable ledger to store:
- product data,
- transfers of ownership,
- authorized actors (producers, sellers, consumers).
Each product is associated with a digital identifier (QR code) that allows the end consumer to verify its authenticity by querying the blockchain.
Proposed architecture
The framework is structured on three main levels:
1. Manufacturer
- Register authorized products and sellers.
- Generate a QR code for each product.
- Record every transfer (producer → seller).
2. Seller
- You can only sell products registered by the manufacturer.
- Maintains inventory visibility through blockchain.
3. Consumer
- Scan the QR code.
- Check if the product is authentic or counterfeit.
All operations are managed via smart contracts, which automate verification and reduce human intervention.
Results and performance analysis
The article compares the FPI system with traditional portals:
Highlighted Benefits
- Data immutability: information cannot be altered.
- Decentralization: No single point of control or failure.
- Transparency and auditability.
- Query speed: Queries are faster because data is available locally on the nodes.
- Automation via smart contracts.
Limits detected
- Scalability: Increasing the number of records significantly increases write times and the volume of data transmitted (up to 10× compared to traditional systems).
- Consensus overhead: Write operations are slower than with centralized databases.
- Dependence on digital identifiers (QR codes), easily cloned if not associated with a strong physical anchor.
- Conceptual criticalities (implicit but relevant)
Although not explicitly addressed by the authors, the system:
- certifies the data, not the physical object;
- it assumes that the QR code always remains linked to the original product;
- It does not solve the problem of physical replacement of components or fraudulent reuse of identifiers.
In other words, blockchain guarantees the consistency of the ledger, but not the intrinsic physical authenticity of the product.
Conclusion of the article
The authors conclude that the FPI framework demonstrates the feasibility of a system:
- Safe,
- decentralized,
- transparent,
- interoperable,
to fight counterfeiting. Blockchain is presented as a key enabler, capable of significantly improving traditional authentication systems.
Final critical summary
The article represents a good example of a “blockchain-first” approach, effective for:
- supply chain visibility,
- audit,
- certification of commercial transactions.
However, the model remains digital-centric: the product identity is linked to a logical identifier (QR code), not to a non-clonable physical signature.
To combat sophisticated counterfeiting, the described framework requires complementary technologies that can connect the physical world to the blockchain ledger in a strong, non-replicable way.