Abstract
As a vital segment of the textile and apparel sector, the down and feather industry features product quality and traceability authenticity that are directly correlated with consumer rights and interests, standardized industrial development, and enterprises’ international trade competitiveness. Nevertheless, the dilemmas of trust deficiency, information fragmentation, and data out-of-control inherent in the traditional operation model have severely restricted the high-quality development of the down manufacturing industry. To address the aforementioned issues, this paper proposes a trusted traceability model for down and feather products based on blockchain technology. Leveraging the authority management architecture of the Hyperledger Fabric consortium blockchain, this model integrates Role-Based Access Control and Attribute-Based Access Control to design a hybrid access control strategy tailored to the down supply chain; meanwhile, it introduces InterPlanetary File System distributed storage and an identity-bound encryption mechanism to realize privacy protection for sensitive data. Experimental results demonstrate that the proposed traceability model presents remarkable performance advantages in terms of transaction latency, system throughput, CPU utilization, and security. As the number of transactions increases from 1,000 to 5,000, the latency of each functional module of the system exhibits a reasonable upward trend. Among these, the IPFS-based smart contract invocation function achieves comprehensive optimization in latency performance compared with the conventional direct on-chain invocation function: under the scenario of 3,000 transactions, the average latency drops from 1.39s to 1.13s, and the maximum latency decreases from 3.33s to 2.94s, which effectively alleviates the computing and storage pressure of blockchain nodes under high concurrency. The read-only traceability query function features a lightweight process without modifying the blockchain ledger, with the lowest latency and minimal fluctuation, and its throughput and CPU utilization performance is far superior to the two types of write invocation functions, realizing optimal resource consumption control. This model provides a feasible technical solution for trusted traceability in the down and feather industry.
1 Introduction
The down and feather industry is a distinctive segmented sector within the textile and apparel industry. In 2025, the total export value of China’s down and down products reached approximately 2.18 billion US dollars (). With the industry’s large-scale expansion and the continuous rise of consumers’ demand for product authenticity and quality, credible traceability of down products has evolved into a core imperative for the industry’s standardized upgrading and international competitiveness enhancement.
Similar to many industrial supply chains, the current down supply chain relies on a centralized data management model, where core data (such as breeding origins, processing parameters, logistics records, and quality inspection reports) is dispersedly stored in the local systems of individual stakeholders—including breeding bases, processing enterprises, logistics providers, and third-party inspectors. This model inherently lacks a unified trusted evidence repository and cross-entity verification mechanism, leading to long-standing industry dilemmas: unquantifiable trust among multi-party collaborators, disrupted end-to-end traceability across the entire industrial chain, and insufficient closed-loop control over data permissions and security. These challenges not only foster product counterfeiting, false quality labeling, and data tampering incidents but also hinder the industry’s ability to meet international quality standards, thereby restricting the improvement of its global trade competitiveness ().
Blockchain technology, with its core characteristics of decentralization, immutability and full-process traceability, has been widely implemented in supply chain traceability sectors such as agricultural products, food, pharmaceuticals and finance, offering a feasible technical pathway to resolve the trust dilemma in multi-party collaborative operations (; ; ; ; ; ; ; ; ). Among various blockchain architectures, the Hyperledger Fabric consortium blockchain has emerged as the dominant underlying framework for supply chain traceability scenarios, owing to its strengths in controllable permission management, multi-node consensus mechanism and strong adaptability to enterprise-level applications. Existing studies have mostly focused on the integrated application of blockchain technology with distributed storage and access control mechanisms (; ). Nevertheless, there are scarcely any customized traceability models that cover the entire industrial chain of the down and feather industry, including breeding, processing, logistics and quality inspection links.
In response to the gaps in existing research and the practical pain points of the down and feather industry, this paper proposes a blockchain traceability model tailored for the whole process of down manufacturing, with the core innovations listed as follows:
A hybrid access control model integrating Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) is designed to realize multi-role hierarchical and fine-grained permission control in the down supply chain, solving the problem of chaotic access permissions among multi-stakeholders.
An identity-bound dynamic key separation encryption mechanism is proposed, aiming to address the challenges of privacy protection and access control of sensitive data in distributed environments within the down supply chain.
A collaborative storage architecture combining Hyperledger Fabric and InterPlanetary File System (IPFS) is constructed to realize on-chain credential storage and off-chain massive data storage, optimizing system latency and throughput performance.
The rest of this paper is organized as follows: Section 2 summarizes related research in the field of blockchain traceability; Section 3 introduces down traceability data classification and the overall model architecture; Section 4 elaborates on the design and execution flow of the RBAC + ABAC hybrid access control model; Section 5 describes the identity-bound dynamic key-separated encryption mechanism; Section 6 conducts system performance testing and analysis; and Section 7 concludes the whole paper and prospects future research directions.
2 Related work
adjusted the demand function based on the characteristics of blockchain technology, and transferred the product loss risks of channel members through a Stackelberg game-based supply chain composed of agricultural product suppliers and retailers. Meanwhile, they introduced two core features of blockchain—quality trust and product information tracking—and explored the willingness of each supply chain member to adopt blockchain for product traceability. Sotiris P. innovatively proposed a traceability system based on the wine supply chain, realizing global product traceability through the Ethereum network. elaborated on the relationship between blockchain technology and fresh food, expounded fresh food traceability technology and dynamic monitoring technology based on blockchain, and summarized the dilemmas and advantages of blockchain technology in fresh food applications.
designed an agricultural product traceability system by combining blockchain technology and RFID tags. The system aims to ensure the traceability of agricultural products by retaining detailed traceability information, guaranteeing the immutability of summary information of on-chain agricultural products, and optimizing the SM3 algorithm to effectively aggregate traceability data and improve system efficiency. proposed a blockchain-based seafood traceability system. The study first analyzed the problems existing in traditional seafood traceability, such as opaque product circulation and centralized management, then introduced the data structure and smart contract technology of blockchain, adopted Hyperledger Fabric as the underlying framework, and integrated the decentralized storage of the InterPlanetary File System (IPFS) to alleviate the problems of high storage costs and low efficiency caused by excessive data. designed a comprehensive medical device supply chain management process that supports user traceability queries and transaction evidence storage. Meanwhile, they developed a private data storage and sharing mechanism, combining Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and SM4 hybrid encryption technologies to ensure effective access control. In addition, smart contracts were designed to automate functions such as information management, traceability queries, and access control, thereby improving the operational efficiency and flexibility of the system. elaborated on a prototype degree verification system that utilizes blockchain technology to ensure academic integrity. By designing a hybrid blockchain network consisting of six Docker nodes, the paper realized the authentication and traceability of academic qualifications. The system includes processes such as initial data registration, node configuration, credential generation based on Byzantine consensus, and QR code-associated signatures. Experimental tests verified the system’s performance and resource consumption, and demonstrated how to verify the authenticity of degrees through QR codes, thereby reducing academic fraud.
innovatively combined homomorphic encryption algorithms, the IPFS file system, and blockchain technology to design an efficient and privacy-preserving online medical pre-diagnosis scheme. By improving the homomorphic encryption algorithm, diagnosis of medical data in an encrypted state was achieved, while blockchain technology ensured the openness, transparency, and traceability of data. proposed a secure and efficient blockchain-based access control scheme that supports attribute updates. Addressing the data access control issue for consumer rights protection in Cyber-Physical Systems (CPSs), the paper designed a new revocation mechanism to ensure forward/backward security of attribute updates, proposed a lightweight ciphertext update protocol to optimize computational costs, and designed an on-chain/off-chain separated storage model as well as a traceability-based attribute set generation and verification algorithm. proposed a blockchain-based decentralized coordination method to enhance the resilience and reliability of federated learning. This method utilizes smart contracts and decentralized storage technologies, addressing the single point of failure and potential security vulnerabilities in traditional federated learning caused by reliance on a central coordinator. The paper details the system architecture, the scheme for smart contracts to manage node failures and elect aggregator nodes, as well as the method to promote cooperation through an incentive mechanism. proposed a hybrid access control scheme based on Hyperledger Fabric and IPFS, addressing the needs of data privacy protection and fine-grained access in the pharmaceutical supply chain. In terms of data security, AES-256 is adopted to encrypt sensitive data, while RSA is used to assign independent private keys to different users. The encrypted data is stored in IPFS, and only the data hash is saved in the blockchain to enhance scalability. Performance evaluation was conducted using Hyperledger Caliper, and the results verified the feasibility of the scheme in high-concurrency scenarios. This hybrid access control and distributed storage scheme has formed a complete traceability closed-loop for the pharmaceutical supply chain, which can directly provide a mature technical framework for pharmaceutical anti-counterfeiting and logistics traceability. proposed a blockchain-based secure data storage scheme integrating identity and self-encryption, with the core goal of addressing the sensitive data protection and data ownership traceability issues of Hyperledger Fabric smart contracts.
To facilitate a clear comparison and intuitive understanding of the above-related work, this paper systematically categorizes the existing studies by their respective research fields and presents a comprehensive summary in Table 1.
TABLE 1
| Research category | Core technologies/Methods | Key common contributions |
|---|---|---|
| Agricultural/Food Supply Chain Traceability; - | Blockchain (Ethereum/Fabric), IPFS, RFID, SM3 algorithm optimization, Stackelberg game | Realized blockchain-based traceability for agricultural/food/seafood/wine supply chains; solved pain points such as information opacity and high storage cost; optimized partial algorithms for data efficiency |
| Pharmaceutical/Medical Blockchain Applications; , , | Blockchain (Fabric), IPFS, CP-ABE/SM4/AES-256/RSA encryption, homomorphic encryption, hybrid access control | Realized privacy protection and traceability for medical devices/pharmaceutical supply chains; realized encrypted medical data processing; verified scheme feasibility in high-concurrency scenarios |
| Other Blockchain-Related Research; , , , | Hybrid blockchain network, attribute-based access control, decentralized storage, identity-based self-encryption, Byzantine consensus | Solved specific security/efficiency problems in academic verification, CPSs, federated learning and Fabric smart contracts; designed lightweight protocols and incentive mechanisms |
Summary of blockchain-based related research by application field.
In summary, as shown in Table 1, existing research has extensively applied blockchain technology to the development of traceability systems and management mechanisms across various fields. Nevertheless, most of these studies focus on sectors such as agricultural products, food, healthcare and pharmaceuticals. In addition, blockchain technology has also been applied in scenarios including academic degree verification, online medical pre-diagnosis and federated learning coordination, which ensures the credibility and traceability of data as well as the resilience and reliability of systems. To date, no dedicated blockchain traceability model tailored to the characteristics of the down and feather manufacturing industry has been developed yet. Building on the achievements and limitations of existing research, this paper focuses on the whole-chain characteristics and traceability requirements of production, processing, quality inspection and finished product manufacturing in the down and feather manufacturing industry, and conducts research on a blockchain traceability model suitable for this industry.
3 Establishment of down and feather traceability model based on Hyperledger Fabric
This chapter systematically constructs a blockchain trusted traceability model for the down manufacturing industry based on the Hyperledger Fabric consortium chain. First, according to the sensitivity and business requirements of traceability data, the full life-cycle data of down is divided into two categories: public data and private data. On this basis, a complete operational framework is designed that integrates user identity management, access control, data classification, on-chain and off-chain collaborative storage, and privacy encryption. With distributed trust as the core, the model realizes trusted recording and tamper-proof storage of data in all links including breeding, processing, logistics, quality inspection, and finished products. It provides stable, secure and scalable underlying support for the entire traceability system, and lays a foundation for the subsequent design of the hybrid access control model and the identity-bound encryption mechanism.
3.1 Classification of down and feather quality data and analysis of key information
In the down and feather traceability management system, participating entities include animal husbandry farmers (duck/goose breeding), logistics and transportation personnel, down and feather processing enterprises, quality inspection institutions, and down and feather product manufacturers. The types of traceability data generated in each link are diverse with significant differences in application scenarios, including quality information for consumers and core operational data related to enterprise competition. To achieve the dual goals of full-lifecycle quality traceability of down and feather, full-chain supervision by regulatory authorities, and protection of commercial secrets of supply chain entities, scientific classification and differentiated management of traceability data are required.
For this purpose, this study divides the down and feather traceability supply chain into five main links: animal husbandry breeding, logistics and transportation, down and feather processing, quality inspection, and down and feather product manufacturing. Key traceability data are extracted from each link. Based on the sharing requirements of traceability data (e.g., whether consumers need to know, whether cross-entity collaboration is required) and security levels (e.g., whether commercial secrets/personal privacy are involved), the data are classified into public data and private data. Public data can meet the demand for sharing core quality information of down and feather among various supply chain entities, while private traceability data are managed through encryption to effectively ensure the security of sensitive data such as farmers’ personal information, enterprise processing parameters, and procurement costs. As shown in Figure 1.
FIGURE 1
3.2 Construction of down and feather quality traceability model
Based on blockchain technology (featuring decentralized evidence storage and immutability), and in accordance with the multi-dimensional, highly sensitive, and strongly correlated characteristics of down and feather traceability data, this study proposes a down and feather traceability model combined with the practical compliance requirements of down and feather production, as shown in Figure 2.
FIGURE 2
Stakeholders in the down and feather supply chain send registration requests to the Fabric SDK through the down and feather traceability system. Administrators generate and manage users’ digital identities (public keys, private keys, user certificates) via the Admin Fabric CA, assign identity identifiers to users through the Membership Service Provider (MSP) simultaneously, and store these credentials in corresponding wallets to complete the binding of user roles and identities. When a user logs in to the down and feather traceability system, the system transmits the identity credentials entered by the user to the Client of the Fabric SDK. The SDK Client invokes the blockchain’s MSP to verify the legitimacy of the user’s credentials; upon successful verification, it enters the request parsing phase. The SDK Client parses the operational intent of the user’s request and associates the corresponding smart contract functions. It encapsulates information such as the user’s operational intent, identity identifier, and timestamp into a transaction proposal. If the data uploaded by the user is public data, it is uploaded directly; if the information uploaded by the user is private data, the smart contract invokes the encryption module to encrypt sensitive fields before uploading.
The core of the Fabric SDK submitting transaction proposals to the blockchain lies in judging user permissions through the “RBAC + ABAC integrated strategy” and executing smart contract logic. RBAC verification determines whether the user’s role matches the basic permissions required for the operation, while ABAC verification further validates whether the user’s attributes meet fine-grained rules. For private data, the encryption module is invoked for encryption, and the encrypted data is uploaded to the IPFS distributed file storage. IPFS generates a unique “data hash” and returns the IPFSHash to the Peer nodes; only the hash value is written into the blockchain, whereas public data does not require the data encryption step.
The down and feather traceability system model is centered on “distributed trust” and focuses on the five core links of the down and feather supply chain: breeding, logistics and transportation, processing, inspection, and product manufacturing. Through a multi-technology system comprising “decentralized node architecture + multi-node consensus mechanism + hybrid access control strategy + private data encryption + collaborative storage of IPFS and Hyperledger Fabric”, it addresses the pain points of traditional centralized systems, including information silos, untrustworthy data, and high storage pressure, ultimately achieving trustworthy traceability of full-chain data.
4 Role-based and attribute-based hybrid access control model
This chapter proposes a hybrid access control model combining RBAC and ABAC to meet the multi-role, dynamic, and fine-grained permission management requirements of the down supply chain. We introduce the core components of Hyperledger Fabric, define formal policy formulas and symbols, and clarify the three-step verification process consisting of identity authentication, RBAC coarse-grained verification, and ABAC fine-grained verification. We also explain the synergy mechanism between access control and blockchain transaction execution. The hybrid model effectively balances management efficiency and control precision, supports dynamic and refined permission adjustment, and provides reliable security access support for sensitive data in the distributed traceability system.
4.1 Model design concept and objectives
The down and feather traceability supply chain has core demands including multi-participant permission stratification, dynamic data access requirements, and precise control of sensitive data. A single access control strategy is difficult to meet the dual requirements of management efficiency and control precision simultaneously. Therefore, this study designs an RBAC + ABAC hybrid access control model. Its core objectives are to achieve manageability, fine-grained precision, and dynamic adaptability of data access in the down and feather traceability supply chain. Meanwhile, the access control strategy can seamlessly adapt to IPFS distributed storage and encryption modules, constructing a secure, controllable, and scalable permission management system for the decentralized down and feather traceability system.
Role-Based Access Control (RBAC) is the default strategy adopted by Hyperledger Fabric. It assigns permissions through predefined static roles, but fixed roles result in insufficient dynamism and coarse granularity, failing to meet the differentiated access needs of different entities for various down and feather data in traceability scenarios. Attribute-Based Access Control (ABAC) supports fine-grained control based on attributes such as subject, object, and environment. However, direct application leads to complex strategies and time-consuming verification due to excessive attributes, making it difficult to adapt to the multi-participant, multi-data type scenarios of down and feather traceability as well as subsequent production scale expansion.
The RBAC + ABAC hybrid access control scheme leverages the collaborative logic of RBAC simplifying permission management and ABAC refining access scope. It retains the efficiency of RBAC’s role-aggregated permissions, avoiding the role explosion problem, while utilizing the flexibility of ABAC’s attribute matching to realize differentiated authorization for the same role based on attributes. This effectively addresses the multi-participant and multi-level permission challenges in the down and feather traceability supply chain.
4.2 Core components of fabric and policy definition
The hybrid access control model is constructed based on the core components of Hyperledger Fabric. These components work collaboratively to provide stable, secure and scalable operational support for the supply chain traceability system in the down industry:
Peer Node: The Peer node is the basic execution node of the Fabric network, which mainly undertakes three core tasks: storing the complete blockchain ledger data; executing chaincode (smart contracts) to process transaction logic; and signing and verifying the validity of transactions to ensure that transactions comply with system rules and access control policies. In this traceability system, Peer nodes are separately operated and maintained by various participants in the down supply chain (including breeding, processing, transportation, inspection and other institutions), who jointly maintain ledger consistency.
Orderer Node: The Orderer node is responsible for the global ordering, batch packaging and block generation of numerous transactions collected in the network, without participating in transaction execution or state modification. Its core role is to provide a unified and trusted transaction sequence for the whole network, ensuring consistent block structures among distributed nodes and preventing double-spending and transaction conflicts. It is a key component for realizing distributed consensus in blockchain.
Certificate Authority (CA): As the core of identity trust, the CA receives and verifies registration requests from users (participants), generating unique digital identity credentials (including certificates, private keys, and public keys) for node organizations and users. These credentials serve as the foundation for subsequent identity authentication and permission verification.
Membership Service Provider (MSP): Undertakes identity management and signature verification responsibilities. It verifies the legitimacy of user certificates (whether issued by a trusted CA of the system) and the validity of request signatures (verifying private key signatures through user public keys), ensuring the authenticity and credibility of the accessing subject’s identity.
Access Control Lists (ACLs): Fabric’s default resource-policy binding mechanism. It associates access control policies with core resources such as chaincodes and channels, providing basic constraints for underlying resource access for the hybrid strategy.
Smart Contracts: Act as both Policy Decision Points (PDP) and Policy Execution Points (PEP) simultaneously. They encapsulate the core logic of RBAC role verification and ABAC attribute matching, serving as the core carrier for the implementation of permission control rules. All access requests must pass the permission verification of smart contracts before subsequent business operations can be executed.
Distributed Ledger: The Fabric ledger consists of two parts: the blockchain and the world state. The former stores all historical transaction logs in a blockchain structure, which is tamper-proof and traceable. The latter maintains the latest system data state in the form of a key-value database, supporting fast read/write and query operations.
In this study, the quantitative expression of permission decision logic is realized through customized policy formulas. Table 2 shows the symbols and their meanings used in the policy formulas. Table 3 describes the specific function implemented by each formula.
TABLE 2
| Satisfaction | Meaning |
|---|---|
| Unique User Identity (UUID) | |
| User Certificate | |
| Transaction Signature | |
| Set of subject attributes, including user identifier and role information | |
| Object identifier, such as data ID or chaincode function name | |
| Operation type, whose value set is {READ, WRITE, UPDATE, DELETE} | |
| Role Set | |
| Extract the role from the subject attribute set PS | |
| Return the permission set owned by role r | |
| Return the attribute set of the subject PS | |
| Return the attribute set of the object PO | |
| Return the set of subject attributes required to perform operation PR | |
| Return the set of object attribute constraints that allow subject PS to access | |
| True if certificate c is issued by a trusted CA | |
| True if the signature σ is successfully verified using certificate c |
Symbols and their meanings in the policy formulas.
TABLE 3
| Function | Input parameters | Output | Description |
|---|---|---|---|
| Verify the legitimacy of the user certificate and signature | |||
| Verify whether the role has the basic permission for the operation | |||
| Verify the three-dimensional attribute matching of subject-object-operation | |||
| Make the final decision by integrating the results of the three-layer verification | |||
| Output the final authorization result |
Specific functions implemented by each policy formula.
When a user initiates a data access request via the down traceability client, the system first constructs a transaction proposal , which consists of the user identity, certificate, signature, subject attributes, object identifier, and operation type. The formal definition of the transaction proposal is given as Equation 1:
Once the transaction proposal is submitted to the Peer node, the Membership Service Provider (MSP) first performs identity authentication. In this step, it verifies whether the user certificate is issued by the system’s trusted Certificate Authority (CA) and checks the validity of the transaction signature to ensure that the request source is authentic and untampered. The identity authentication process is formally defined as Equation 2
After successful identity authentication, the smart contract enters the RBAC verification phase. In this phase, coarse-grained permission judgment is performed based on user roles to rapidly filter out unauthorized access requests with obvious inconsistency between the user role and the operation type. The RBAC verification is formally defined as Equation 3:
Upon the passing of RBAC verification, the system further performs ABAC fine-grained verification. In this stage, accurate matching is conducted based on the three-dimensional attributes of subject-object-operation, so as to achieve dynamic and fine-grained access control as shown in Equation 4
Identity authentication, RBAC verification, and ABAC verification are integrated via the logical AND operation to form a complete hybrid strategy decision as shown in Equation 5:
According to the output of the hybrid strategy decision function, the system returns the final authorization result as shown in Equation 6:
4.3 Core execution flow of access control
The permission verification process for down and feather traceability participants follows the three-tier architecture of “identity authentication → RBAC rough screening → ABAC fine screening”, as shown in Figure 3. The entire verification process is collaboratively executed by the MSP and smart contracts.
FIGURE 3
Users log in through the down and feather traceability client, enter their UserID and user certificate (Uc), and initiate a request to interact with the distributed ledger. The Fabric SDK signs the request using the user’s private key to generate a transaction proposal. The core parameters of the proposal include: subject attributes (PS: UserID + bound role), object attributes (PO: target down and feather data ID or chaincode function name), and permission attributes (PR: specific operation type).
After the transaction proposal is sent to the Peer nodes of the Hyperledger Fabric network, the built-in MSP of the nodes first performs identity verification. It verifies whether the user certificate (Uc) is issued by the system’s trusted CA and validates the signature of the transaction proposal through the user’s public key to confirm the request has not been tampered with. If identity verification fails, the request is directly rejected; if passed, it enters the permission verification phase.
The smart contract extracts the subject attributes (PS) from the transaction proposal and verifies whether the role has the basic permission to execute the target operation (PR). For example, the consumer role only has the basic permission to “read traceability data”; if it initiates a “write quality inspection data” operation, the RBAC verification directly returns False and terminates the process. This step quickly filters obvious unauthorized requests, improves overall verification efficiency, and completes the first layer of RBAC coarse-grained role verification.
After RBAC verification passes, the smart contract activates the ABAC attribute matching logic, performing precision matching based on the three-dimensional attributes of “subject - object - permission”. It returns True only when the three-dimensional attributes are fully matched (e.g., a transporter can only update the temperature control data of the down and feather batches corresponding to their own routes).
The smart contract executes the hybrid strategy formula . If any one of the MSP identity verification, RBAC verification, or ABAC verification fails, the algorithm exits directly and returns a “permission denied” response. Only when all three verifications pass and the hybrid strategy decision returns True is the subsequent business logic permitted to be executed.
4.4 Synergy mechanism with blockchain
Access control verification is a prerequisite for the execution of down and feather traceability blockchain transactions. The two achieve in-depth synergy through the process of “permission verification → transaction endorsement → ordering and packaging → ledger update”, ensuring the security and immutability of down and feather traceability data. The specific synergy logic is as follows:
After passing the permission verification, the Peer node forwards the transaction proposal to the designated endorsing nodes (defined by the chaincode endorsement policy). The endorsing nodes simulate the execution of chaincode functions in their local copy of the world state (note: only logical calculations are performed at this time, without updating the ledger), record the data read-write set, and generate an endorsement response containing the execution result, read-write set, and the digital signature of the endorsing nodes.
The down and feather traceability client collects responses from all endorsing nodes and verifies whether they meet the preconfigured endorsement policy of the chaincode. If the endorsement policy is not satisfied, the transaction is terminated; if satisfied, it enters the transaction submission phase. The client packages the transaction proposal, execution result, and all valid endorsement signatures into a complete transaction and submits it to the Ordering Service of Hyperledger Fabric. The Ordering Service does not participate in the verification of transaction content, but only undertakes receiving all concurrent transactions in the network, sorting them in chronological order, and packaging them into blocks. The Ordering Service broadcasts the packaged blocks to all Peer nodes in the network. After receiving the blocks, each node performs dual verification: ① Transaction structure verification (data format, signature validity); ② Secondary verification of endorsement policies and access control policies (ensuring the transaction has passed permission verification and endorsement requirements). Only transactions that pass all verifications are permanently written into the local ledger of the node (including the blockchain ledger and historical database); invalid transactions are marked as “invalid” and do not change the world state, ensuring the authenticity and consistency of down and feather traceability ledger data.
5 Privacy-preserving encryption module
This chapter designs an identity-bound dynamic key-separated encryption mechanism to protect the privacy of sensitive traceability data. We elaborate the complete encryption and decryption processes, including key derivation based on user public key hash and data hash, initialization vector extraction, AES encryption, physical separation of ciphertext and metadata, and on-chain storage of CID indexes. The mechanism realizes strong binding between the key and user identity, ensures data confidentiality and integrity, and supports secure storage and controllable sharing under the IPFS distributed architecture. It effectively solves the privacy leakage and unauthorized access risks in the multi-party collaborative environment of the down supply chain.
5.1 Encryption process of private data
The down and feather traceability system verifies the access control policy through smart contracts to confirm that the requester has data upload permissions. Upon successful verification, the system invokes the encryption processing module. The encryption module retrieves the user’s asymmetric cryptography public key from the secure credential storage—this public key serves as the user’s unique digital identity identifier. It encapsulates the down and feather traceability business data into a standard JSON format according to a predefined data schema, and the data structure is formally defined as Equation 7, which includes complete full-lifecycle information of down and feather products.
DT, GE, GT, CB, and SF correspond to DataType, GeneratingEntity, GenerationTimestamp, CoreBusinessInformation, and SignatureInformation, respectively. Among them, CoreBusinessInformation is dynamically adjusted according to the data type (e.g., breeding data includes breed, breeding environment parameters; quality inspection data includes indicators such as loftiness and down content).
The encryption module adopts an encryption scheme integrating identity and data characteristics. It calculates the data fingerprint using a hash function, and performs an XOR operation on the hash value of the user’s public key and the data hash to derive a unique AES encryption key as shown in Equation 8.
Wherein, refers to the hash value of the user’s public key (PubKu denotes the user’s public key); refers to the hash value of the structured down and feather traceability data (Data denotes the JSON-structured full-lifecycle business data).
Meanwhile, the initialization vector (IV) parameter is extracted from the data hash. The extraction process of the initialization vector (IV) is formally defined as Equation 9:
Wherein, denotes extracting 128 bits from the 256-bit hash value as the initialization vector (IV).
The complete encryption process is formally described as Equation 10:
As shown in Figure 4.
FIGURE 4
After the encryption is completed, the module synchronously generates an independent data mapping table that details key decryption information such as the key derivation method and encryption parameters, ensuring the reproducibility of the decryption process. Subsequently, the encrypted data file and the data mapping table are separately uploaded to the IPFS distributed storage system, obtaining two independent content identifiers (CID_data and CID_map) to achieve the physical separation of encrypted data and decryption metadata. Eventually, the system creates a complete digital asset record on the blockchain ledger, performing associated storage of the two content identifiers, user identity public key, and globally unique identifier (GUID). This constructs a traceable and verifiable encrypted data management system, laying the foundation for subsequent decryption and access.
5.2 Decryption process of private data
The decryption process is the inverse operation of the encryption process, with “successful permission verification” as a prerequisite. After the user’s identity and request pass the permission verification of the smart contract, the system immediately invokes the decryption processing module. Based on the authorization credentials obtained during the access control phase, the decryption module first queries the target asset record from the blockchain ledger to acquire the encrypted data content identifier (CID_data) and the data mapping table content identifier (CID_map).
Upon successfully obtaining the distributed storage address information, the module downloads the data mapping table file from the IPFS network via CID_map—this file contains complete decryption parameter metadata. Subsequently, the system retrieves the corresponding encrypted data file from IPFS using CID_data, preparing the necessary input materials for the decryption operation.
Based on the key derivation method recorded in the data mapping table, the module recalculates the critical parameters required for decryption. By performing the same hash operations as in the encryption process, it executes an XOR operation on the user’s public key hash and the data hash stored in the data mapping table to accurately reconstruct the original AES decryption key. Simultaneously, the corresponding initialization vector (IV) is extracted from the data hash.
Using the reconstructed key parameters, the system performs AES algorithm decryption on the encrypted data to recover the original structured JSON data. To ensure evidence integrity, the system recalculates the hash value of the decrypted data and conducts a rigorous comparison and verification against the original hash recorded in the data mapping table.
After passing the integrity verification, the system returns the successfully decrypted structured data to the down and feather traceability system, completing the entire decryption process. Through a rigorous cryptographic verification mechanism, this process ensures that only authorized users can access the data while guaranteeing the integrity and authenticity of the data during transmission and decryption, as shown in Figure 5.
FIGURE 5
6 Performance analysis
This chapter tests and analyzes the performance of the proposed traceability system from three dimensions: transaction latency, throughput, and CPU load. Experimental results show that the IPFS-integrated scheme significantly reduces system latency and resource consumption compared with the traditional direct on-chain storage method. Read-only query functions exhibit the optimal performance with low latency, high throughput, and low CPU load. Security analysis further proves that the identity-bound encryption and key separation design enhance data tamper-proof capability and privacy protection. Overall, the proposed model achieves excellent performance in efficiency, security, and scalability, and is suitable for practical application scenarios of the down and feather supply chain.
The down and feather traceability system is built on the Hyperledger Fabric v2.5 platform and runs on the Ubuntu 22.04.5 LTS operating system. The hardware configuration includes 16 GB of RAM, an AMD Ryzen 7 6800 H S processor, and a 512 GB hard disk. During the entire operation of the down and feather traceability system, the operation, testing of the Hyperledger Fabric network, and deployment of smart contracts are all implemented through Docker containers (Docker version: 28.3.1; Docker-compose version: 1.29.2). Golang is adopted for chaincode writing and front-end/back-end development: the front-end of the system is developed using JavaScript and the Vue framework, the back-end is built on the Gin framework of Go, and the IPFS version is ipfs v0.35.0. Hyperledger Caliper 0.6.0 is used as the blockchain performance testing tool in this study.
Test cases were defined via Hyperledger Caliper to measure core evaluation metrics of the down and feather traceability system, including latency, throughput, and CPU load. We focused on measuring the execution time of query-based and invoke-based transactions under different scenarios. Specifically, the query-based smart contract functions include quality inspectors retrieving processed quality inspection private data; the IPFS-based smart contract invoke functions cover breeding entities uploading encrypted breeding logs and logistics and transportation personnel updating encrypted temperature-controlled trajectories. To verify the optimization effect of IPFS through comparative analysis, an additional control group of “ordinary invoke function without IPFS synergy” was set up: the IPFS distributed storage link was removed from the aforementioned IPFS-based invoke functions, and raw data was directly written into the blockchain instead, while the remaining business logic remained unchanged.
Figures 6A,B illustrate the average latency and maximum latency values when executing query-based smart contract functions, invoke-based smart contract functions, and IPFS-based invoke smart contract functions in the down and feather traceability system by varying the number of transactions.
FIGURE 6
Figure 7 depicts the throughput of three types of core smart contract functions in the down and feather traceability system under scenarios with different numbers of transactions. These three types of functions exhibit significant differences in throughput: the query-based smart contract functions have the highest throughput, followed by the IPFS-based invoke smart contract functions, while the ordinary invoke-based smart contract functions have relatively lower throughput. Notably, the throughput of invoke-based smart contract functions is much lower than that of query-based ones under the same conditions. The core reasons for this throughput difference lie in the variations in business process complexity, blockchain interaction depth, and resource consumption intensity among the three types of functions. Query-based functions are essentially “read-only operations” that do not involve modifications to the blockchain ledger, requiring only a lightweight process of “identity verification → blockchain index query → IPFS data reading”. IPFS-based invoke functions are essentially “write operations” that need to modify the blockchain world state, but the collaborative design of IPFS significantly reduces the overhead of write operations, making their throughput higher than that of ordinary invoke functions. In contrast, the ordinary invoke functions (where IPFS is removed and raw data is directly written to the blockchain) have the lowest throughput, with the core bottleneck being the high overhead of blockchain writing.
FIGURE 7
As shown in Figures 8A,B, the query-based smart contract functions have the lowest average load and maximum load. The load of IPFS-based invoke smart contract functions is lower than that of ordinary invoke-based ones, while the ordinary invoke-based smart contract functions have the highest average load and significantly prominent maximum load peaks. The query-based functions exhibit the smallest CPU load with stable peak fluctuations. The core logic lies in their lightweight process and low resource consumption: chaincode execution only involves basic verification, and query operations merely require reading encrypted raw data from IPFS without other heavy-load tasks. The CPU load of IPFS-based invoke functions is higher than that of query-based ones but lower than ordinary invoke-based ones. The key reason is that the lightweight design of IPFS offsets part of the write operation overhead. Under high concurrency scenarios, the main CPU pressure is concentrated on encryption and hash computation, but IPFS’s distributed storage eliminates the need for blockchain nodes to synchronously process large volumes of data, avoiding CPU running at full load for a long time.
FIGURE 8
Security Analysis: The encryption method proposed in the down and feather traceability model of this paper generates the encryption key by performing an XOR operation on the user’s public key hash and the structured data hash. Meanwhile, a 128-bit initialization vector (IV) is extracted from the data hash, which not only ensures the key is strongly bound to the user’s identity but also enhances key security through the irreversibility of hash operations—outperforming traditional single key generation schemes. The encrypted data files and the data mapping table recording keys and algorithm parameters are separately uploaded to IPFS, generating independent CIDs (CID_data and CID_map). Only the CIDs, user public keys, and globally unique identifiers (GUIDs) are stored in association on the blockchain, realizing a lightweight architecture of “on-chain credential storage and off-chain data storage” while separating encrypted data from metadata. Decryption is premised on the successful permission verification of the smart contract; only authorized users can query the blockchain CIDs through authorization credentials, ensuring the legitimacy of decryption operations and resolving the permission chaos in multi-role access of the traceability system.
7 Conclusion and future work
Aiming at the problems of lack of trust, information fragmentation and data out-of-control in the traditional operation mode of the down industry, this paper proposes a blockchain-based down traceability model. The model proposes an identity-bound full-chain encryption mechanism, constructs a fine-grained access control method, and introduces the IPFS distributed storage architecture. Finally, simulation experiments verify the technical feasibility and industry adaptability of the proposed scheme, which fills the research and industry-customized innovation value in this vertical field.
However, restricted by objective conditions such as research cycle and experimental funding, this study still has many shortcomings. In the future, this research will continuously track the research progress of blockchain traceability in the down industry, and conduct fair and objective horizontal comparative analysis with existing traceability frameworks after benchmark achievements emerge. The key-separated encryption mechanism proposed in this paper will be subjected to standardized cryptographic verification, rigorous security proof and comprehensive security experimental testing will be completed to eliminate potential security risks. The performance evaluation dimensions will be expanded by supplementing tests of key indicators such as storage overhead, system scalability and network overhead, so as to improve the performance evaluation system. A distributed multi-node blockchain network experimental environment will be built to replace the existing single-machine environment, making the experimental scenario more in line with the real supply chain network.
Statements
Data availability statement
The original contributions presented in the study are included in the article/Supplementary Material, further inquiries can be directed to the corresponding author.
Author contributions
SJ: Conceptualization, Formal Analysis, Methodology, Software, Visualization, Writing – original draft, Writing – review and editing. RM: Supervision, Writing – review and editing. XG: Visualization, Writing – review and editing. ZF: Conceptualization, Formal Analysis, Software, Writing – review and editing.
Funding
The author(s) declared that financial support was received for this work and/or its publication. This work was supported by the Henan Institute of Logistics and Transportation Big Data Industry Technology, the Key Research and Development Program of Henan Province (Project No. 252102211082), and the Key Scientific Research Project of Institutions of Higher Education in Henan Province (Project No. 24B630008).
Conflict of interest
The author(s) declared that this work was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.
Generative AI statement
The author(s) declared that generative AI was not used in the creation of this manuscript.
Any alternative text (alt text) provided alongside figures in this article has been generated by Frontiers with the support of artificial intelligence and reasonable efforts have been made to ensure accuracy, including review by the authors wherever possible. If you identify any issues, please contact us.
Publisher’s note
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.
Supplementary material
The Supplementary Material for this article can be found online at: https://www.frontiersin.org/articles/10.3389/fbloc.2026.1773761/full#supplementary-material
References
1
AgrawalT. K.AngelisJ.KhiljiW. A.KalaiarasanR.WiktorssonM. (2023). Demonstration of a blockchain-based framework using smart contracts for supply chain collaboration. Int. J. Prod. Res.61, 1497–1516. 10.1080/00207543.2022.2039413
2
AgrawalS.TiwariS. K.SinghR. K. (2024). Empowering agriculture and food industry supply chains: a comprehensive study on blockchain technology enablers. Environ. Dev. Sustain.28, 1–25. 10.1007/s10668-024-05315-9
3
ChandrasekaranS. (2022). Isogency hosmer–lemeshow logistic regression-based secured information sharing for pharma supply chain. Electronics11 (19), 3170. 10.3390/electronics11193170
4
ChenC. L.ZhanW. B.HuangD. C.LiuL. C.DengY. Y.KuoC. G. (2023). Hyperledger fabric-based tea supply chain production data traceable scheme. Sustainability15(18), 13738, 10.3390/su151813738
5
China Feather Industry Association (2025). Annual export statistics of China's feather and Down products Industry[EB/OL]. China Feather Inf. Netw. Available online at: https://www.cfd.com.cn/index.php?s=/Web/News/detail/id/3480.html.
6
DietrichF. (2023). “A systematic literature review of blockchain-based traceability solutions,” in Proceedings of the Conference on Production Systems and Logistics: CPSL 2023-1. Hannover: publish-Ing, 905–915.
7
FerrettiS.CassanoL.CialoneG.D’AbramoJ.ImboccioliF. (2025). Decentralized coordination for resilient federated learning: a blockchain-based approach with smart contracts and decentralized storage. Comput. Commun.236, 236. 10.1016/j.comcom.2025.108112
8
GayialisS. P.KechagiasE.PapadopoulosG. KanakisE. (2022). A Smart-Contract Enabled Blockchain Traceability System Against Wine Supply Chain Counterfeiting. 10.1007/978-3-031-16407-1_56
9
GrishkovI.KromesR.GiannetsosT.LiangK. (2023). ID-Based self-encryption via hyperledger fabric based smart contract. Lect. Notes Inst. Comput. Sci. Soc. Inf. Telecommun. Eng., 3–18. 10.1007/978-3-031-31420-9_1
10
HathaliyaJ. J.TanwarS. (2024). Role and attribute-based access control scheme for decentralized medicine supply chain. J. Inf. Secur. Appl.85, 103851. 10.1016/j.jisa.2024.103851
11
HuangY.LiX.XuL.MaY. (2025). Digital Traceability in Horticulture: A Systematic Review of edge-cloud-blockchain-terminal (ECBT) Integration with Iot and AI Technologies. Switzerland: Frontiers in Blockchain. 10.3389/fbloc.2025.1636627
12
LiD.HanD.CrespiN.MinervaR.LiK. C. (2023). A blockchain-based secure storage and access control scheme for supply chain finance: D. Li et al. J. Supercomput.79 (1), 109–138. 10.1007/s11227-022-04655-5
13
LiL.TianP.DaiJ.MiaoF. (2024). Design of agricultural product traceability system based on blockchain and RFID. Sci. Reports[2025-11-26]14, 23599. 10.1038/s41598-024-73711-2
14
LiuS. C. (2022). Modeling and efficiency analysis of blockchain agriculture ProductsE-Commerce cold chain traceability system based on petri net. SSRN Electron. J. 9, 1–16. 10.2139/ssrn.4221385
15
LiuC.LiC.LingY.LingY.NaZ. (2025). Research Onseafood Traceability System Based onBlockchain[C]//China Intelligent Robotics Annual Conference. Singapore: Springer. 10.1007/978-981-96-1614-5_12
16
MaJ.FanJ.ZhuM.ChenJ. (2024). Dynamic game research offoodagricultural products supply chain based on blockchain traceability technology. Kybernetes54, 7635–7661. 10.1108/k-12-2023-2636
17
QuispeM. A. C.PachecoA. (2025). Blockchain ensuring academic integrity with a degree verification prototype. Sci. Rep. 15, 9281. 10.1038/s41598-025-93913-6
18
ShakilaM.RamaA.ChristyS.KanakalaA.LauC. Y. (2024). “Hyperledger fabric and beyond: a comprehensive review of blockchain innovations in supply chain,” in AIP Conference Proceedings. Melville, NY: AIP Publishing LLC. 10.1063/5.0229280
19
WuJ.FuY.LiG. (2025). “Medical device traceability management scheme based on blockchain,” in 2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD), 98–103. 10.1109/CSCWD64889.2025.11033298
20
YuQ.ZhangM.MujumdarA. S. (2024). Blockchain-based fresh food quality traceability and dynamic monitoring: research progress and application perspectives. Comput. Electron. Agric.224, 109191. 10.1016/j.compag.2024.109191
21
ZhengK.DingK.HuiJ.ZhangF.LvJ.ChanF. T. (2024). Blockchain-based credible manufacturing data sharing for a collaborative manufacturing supply chain. Int. J. Prod. Res.62 (6), 2233–2254. 10.1080/00207543.2023.2217292
22
ZhouS.FanJ.YuanK.DuX.JiaC. (2025). Efficient privacy-preserving online medical pre-diagnosis based on blockchain. J. Supercomput.81 (1), 1–21. 10.1007/s11227-024-06486-y
23
ZuoY.XuL.LiJ.WangX.PiranM. J. (2025). Secure and efficient blockchain-based access control scheme with attribute update. IEEE Trans. Consumer Electron.71 (1), 1539–1550. 10.1109/TCE.2024.3486157
Summary
Keywords
access control, down traceability model, Hyperledger Fabric, IPFS, privacy data encryption
Citation
Jing S, Mai R, Gao X and Fan Z (2026) A blockchain-based trusted traceability model for the down and feather manufacturing industry. Front. Blockchain 9:1773761. doi: 10.3389/fbloc.2026.1773761
Received
23 December 2025
Revised
30 March 2026
Accepted
23 April 2026
Published
20 May 2026
Volume
9 - 2026
Edited by
Roman Vitenberg, University of Oslo, Norway
Reviewed by
Nasurudeen Ahamed N., United Arab Emirates University, United Arab Emirates
Mosiur Rahaman, King Mongkut’s University of Technology Thonburi, Thailand
Aravindh S., New Prince Shri Bhavani College of Engineering and Technology, India
Updates
Copyright
© 2026 Jing, Mai, Gao and Fan.
This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
*Correspondence: Zhihui Fan, fzh@haust.edu.cn
Disclaimer
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.