Ensuring Confidentiality in Supply Chains With an Application to Life-Cycle Assessment

By Achim D. Brucker and Sakine Yalman.

Modern supply chains of goods and services rely heavily on close collaborations between the partners within these supply chains. Consequently, there is a demand for IT systems that support collaborations between business partners, for instance, allowing for joint computations for global optimizations (in contrast to local optimizations that each partner can do on their own). Still, businesses are very reluctant to share data or connect their enterprise systems to allow for such joint computation. The topmost factor that businesses name as reason for not collaborating, is their security concern in general and, in particular, the confidentiality of business critical data. While there are techniques (e.g., homomorphic encryption or secure multi-party computation) that allow joint computations and, at the same time, that are protecting the confidentiality of the data that flows into such a joint computation, they are not widely used. One of the main problems that prevent their adoption is their perceived performance overhead.

In this paper, we address this problem by an approach that utilized the structure of supply chains by decomposing global computations into local groups, and applying secure multi-party computation within each group. This results in a scalable (resulting in a significant smaller runtime overhead than traditional approaches) and secure (i. e., protecting the confidentiality of data provided by supply chain partners) approach for joint computations within supply chains. We evaluate our approach using life-cycle assessment (LCA) as a case study. Our experiments show that, for instance, secure LCA computations even in supply chains with 15 partners are possible within less than two minutes, while traditional approaches using secure multi-party computation need more than a day.

Keywords:
Life-Cycle Assessment, LCA, Supply Chain, Confidential Computation, Secure Multi-Party Computation, SMPC

Please cite this work as follows:
A. D. Brucker and S. Yalman, “Ensuring confidentiality in supply chains with an application to life-cycle assessment,” Software: Practice and Experience (SPE), 2025, doi: 10.1002/smr.2763. Author copy: https://logicalhacking.com/publications/brucker.ea-confidential-supply-chains-2025/

BibTeX
@Article{ brucker.ea:confidential-supply-chains:2025,
  author    = {Achim D. Brucker and Sakine Yalman},
  journal   = {Software: Practice and Experience (SPE)},
  publisher = {John Wiley \& Sons },
  address   = {},
  language  = {USenglish},
  title     = {Ensuring Confidentiality in Supply Chains With an Application
               to Life-Cycle Assessment},
  volume    = {},
  issue     = {},
  month     = {},
  pages     = {},
  year      = {2025},
  areas     = {security, software},
  doi       = {10.1002/smr.2763},
  keywords  = {Life-Cycle Assessment, LCA, Supply Chain, Confidential
               Computation, Secure Multi-Party Computation, SMPC},
  abstract  = {Modern supply chains of goods and services rely heavily on
               close collaborations between the partners within these supply
               chains. Consequently, there is a demand for IT systems that
               support collaborations between business partners, for
               instance, allowing for joint computations for global
               optimizations (in contrast to local optimizations that each
               partner can do on their own). Still, businesses are very
               reluctant to share data or connect their enterprise systems to
               allow for such joint computation. The topmost factor that
               businesses name as reason for not collaborating, is their
               security concern in general and, in particular, the
               confidentiality of business critical data. While there are
               techniques (e.g., homomorphic encryption or secure multi-party
               computation) that allow joint computations and, at the same
               time, that are protecting the confidentiality of the data that
               flows into such a joint computation, they are not widely used.
               One of the main problems that prevent their adoption is their
               perceived performance overhead.
               
               In this paper, we address this problem by an approach that
               utilized the structure of supply chains by decomposing global
               computations into local groups, and applying secure
               multi-party computation within each group. This results in a
               scalable (resulting in a significant smaller runtime overhead
               than traditional approaches) and secure (i. e., protecting the
               confidentiality of data provided by supply chain partners)
               approach for joint computations within supply chains. We
               evaluate our approach using life-cycle assessment (LCA) as a
               case study. Our experiments show that, for instance, secure
               LCA computations even in supply chains with 15 partners are
               possible within less than two minutes, while traditional
               approaches using secure multi-party computation need more than
               a day.},
  note      = {Author copy: \url{https://logicalhacking.com/publications/brucker.ea-confidential-supply-chains-2025/}},
  pdf       = {https://logicalhacking.com/publications/brucker.ea-confidential-supply-chains-2025/brucker.ea-confidential-supply-chains-2025.pdf},
}