In 2023, Everledger – the most prominent blockchain provenance platform, backed by Tencent, Fidelity, and over $27 million in funding – went into administration after a funding round collapsed. The company had tracked diamonds, gemstones, wine, and luxury goods on a private Hyperledger blockchain. When the company shut down, so did the provenance records. Every certificate of authenticity, every chain-of-custody record, every proof that a diamond was ethically sourced – all tied to a single platform that no longer exists.

Everledger’s failure illustrates the core problem with proprietary provenance platforms: they create exactly the kind of single point of failure that blockchain was supposed to eliminate. But the alternative – building on public, open blockchains – introduces a different problem. In a world with multiple blockchains, different parties in an asset’s chain of custody will use different networks. An artist might anchor on IOTA. A gallery might prefer Ethereum. An auction house might use something else entirely. A practical provenance protocol has to accommodate this reality.

We built a protocol that does. It creates provenance records as chains of cryptographically signed attestations, linked by content hashes rather than on-chain pointers, allowing a single asset’s history to span any number of blockchains without bridges, relays, or cross-chain messaging. We’re publishing a research paper with the full protocol design, architecture, and results, with the source code available on GitHub.

The Core Idea

A painting moves from an artist’s studio to a gallery, gets authenticated by an appraiser, is purchased by a collector, and undergoes restoration. At each step, a party creates a structured attestation – “I created this work,” “I acquired it on this date,” “I confirm it’s genuine,” “I performed this restoration” – signs it, and anchors the SHA-256 hash on a blockchain of their choice. Each attestation includes a parentHash field referencing the hash of the previous one, creating a linked chain. But the links are between content hashes, not between on-chain records.

This distinction is what makes the protocol cross-chain by construction rather than by integration. If attestation A lives on Ethereum and attestation B (referencing A’s hash) lives on IOTA, the link between them exists in the attestation content, not in any on-chain pointer. The Ethereum contract doesn’t know IOTA exists. A verifier stitches the chain together by walking backward from the most recent attestation, querying each known chain until they find each hash. If every link resolves to a registered, non-revoked attestation and the chain terminates at an origin, the provenance is verified. If any link fails to resolve, the chain is broken.

Adding a new blockchain to the ecosystem means deploying the registry contract on that chain. Nothing else changes. No existing contracts need modification. No cross-chain messaging infrastructure is needed.

What the Proof of Concept Demonstrates

We implemented the protocol on Ethereum (Solidity) and IOTA Rebased (Move) and traced a fictional painting – “Convergence at Dusk” by Elena Vasquez – through five parties, with attestations alternating between the two chains. The verification script walked all five attestations, crossing from IOTA to Ethereum and back, and confirmed the chain was valid.

More interesting is the forgery scenario. We registered a fake transfer attestation on Ethereum – the open issuer model allows this, just as anyone can write a certificate of authenticity in the real world. The fake attestation referenced a parent hash that doesn’t exist on any chain. The verification script detected the broken link immediately. A forger can register whatever they want, but they can’t forge a valid parent reference unless they know the hash of a legitimately registered attestation. And if they reference a real attestation, they create a fork in the provenance tree that a verifier can detect.

The entire demonstration runs as shell scripts and curl against local blockchain networks. No Python framework, no CLI tool, no JWT signing library. Registration costs roughly 162,000 gas on Ethereum and 3.9 million NANOS on IOTA. Verification is free on both chains. Both contracts are under 150 lines. The point was to show that the protocol mechanics are genuinely simple – the complexity lives in the off-chain tooling that a production system would build on top, not in the on-chain logic.

Why This Matters Beyond Art

The paper discusses provenance for paintings and luxury goods because those are intuitive examples, but the protocol’s most practical near-term application may be regulatory.

The EU’s Ecodesign for Sustainable Products Regulation (ESPR) introduces the Digital Product Passport (DPP) – a mandatory digital record covering lifecycle, sustainability, and traceability data for products sold in the EU. Battery passports become mandatory from February 2027. Textiles and steel follow in mid-2027. Electronics, furniture, and vehicles between 2028 and 2029.

The DPP requires exactly the kind of structured, multi-party, lifecycle tracking that this protocol is designed for: an origin attestation for manufacturing, transfer attestations for supply chain handoffs, authentication attestations for compliance checks, and event attestations for maintenance, repair, and end-of-life processing. And supply chains cross jurisdictions – different participants in different countries may well use different blockchain networks. The cross-chain capability isn’t an academic exercise; it’s a practical requirement for any system that aims to serve real supply chains.

The protocol isn’t a DPP implementation – the regulatory requirements are far more specific – but the attestation chain model could serve as a technical building block for DPP systems. The paper explores this connection in detail.

What This Doesn’t Do (Yet)

This is a protocol design with a minimal proof of concept, not production tooling.

The current PoC uses pre-computed attestation hashes. A full implementation would sign each attestation as a JWT (Ed25519, did:key), hash the signed JWT, and anchor that hash on-chain. The on-chain contracts wouldn’t need to change – they already store arbitrary 32-byte hashes – but the signing pipeline is deferred. The protocol doesn’t include off-chain storage for attestation content (a production system would need something like IPFS or a dedicated store), doesn’t address how verifiers discover which attestors to trust (an issuer directory or reputation system), and doesn’t include a mechanism for discovering which chain holds a particular attestation (the demo uses a lookup table; production would need a registry of registries).

These are real gaps, and the paper is explicit about each of them. The protocol is designed so that filling them doesn’t require changing the on-chain contracts or the verification logic.

Connections

The authenticator trust problem – how do you know that the expert who authenticated your painting is actually qualified? – connects directly to our earlier work on decentralized professional credentials. An appraiser’s authentication attestation could be verified not just for its on-chain status but also against a verifiable credential confirming their professional qualifications. The paper discusses this as a future direction, along with NFT integration, IoT condition monitoring, and selective disclosure of provenance records.

The full protocol design, architecture, comparison with existing approaches, and discussion of future directions is in the research paper. The source code is on GitHub. The code is provided for research and educational purposes and has not been audited for production use.