Vegetable IoT Blockchain Anti Counterfeiting Traceability System Based on PQ-ECIES

doi:10.12133/j.smartag.SA202507019

Abstract

Abstract:

[Objective] The vegetable supply chain is characterized by multiple production entities, diverse product varieties, and complex circulation processes, which often result in low data accuracy, label forgery, data tampering, and difficulties in cross-enterprise collaboration in traditional traceability systems. Furthermore, the rapid development of quantum computing poses significant threats to existing cryptographic foundations, by enabling efficient factorization or discrete logarithm attacks. This study aimed to design and implement a vegetable supply chain anti-counterfeiting and traceability system that integrates the Internet of Things (IoT), blockchain technology, and a post-quantum enhanced elliptic curve integrated encryption scheme (PQ-ECIES). The system seeks to enhance the trustworthiness, privacy protection, and collaborative efficiency of supply chain data management, while maintaining practical performance for IoT devices and high-frequency data uploading scenarios. [Methods] The proposed system was constructed on an IoT framework incorporating nine categories of devices. A registration and admission mechanism was developed to establish a trusted mapping between "device–enterprise–data", effectively preventing unauthorized entities from uploading forged data. At the data layer, collected information was divided into public and private categories: public data were uploaded directly to the blockchain, while private data were encrypted using PQ-ECIES before being stored on-chain. Smart contracts automated processes such as data classification, permission verification, and encrypted data querying, thus reducing human intervention and ensuring compliance. PQ-ECIES was designed by combining elliptic curve cryptography (ECC) and the Kyber algorithm from lattice-based post-quantum cryptography. A dual-key mechanism was employed to generate session keys, where an ECC-derived shared secret was combined with a Kyber-derived shared secret through SHA3-256 hashing, followed by key derivation for encryption and authentication. This design provided resilience against Shor's algorithm and other quantum attacks while maintaining efficiency compatible with IoT devices. The blockchain system was implemented using Hyperledger Fabric 1.4.4, with seven organizational nodes and the Raft consensus mechanism. Performance testing included evaluations of data collection accuracy, on-chain latency, query latency, and encryption performance across RSA, advanced encryption standard (AES), and PQ-ECIES. [Results and Discussions] The IoT-based data collection achieved significantly higher accuracy than manual input, particularly in large-scale sample scenarios such as pesticide residue testing. The average latency for data uploading to the blockchain was 2 879 ms, while data query latency averaged 122 ms, both of which met the practical requirements of vegetable supply chain applications. In cryptographic performance testing, PQ-ECIES achieved encryption and decryption of 128 B plaintext in approximately 10–30 ms, outperforming RSA (50–80 ms) and only slightly slower than AES (<10 ms). This result indicates that PQ-ECIES achieved an optimal trade-off between efficiency and security, offering asymmetric encryption benefits such as key distribution and identity verification, along with strong post-quantum resistance. Simulation under quantum attack models confirmed that traditional ECC and AES could be compromised within hours using Shor's and Grover's algorithms, whereas PQ-ECIES maintained resilience due to the lattice-based hardness assumptions of Kyber. From a system-level perspective, three major contributions were identified. First, trustworthiness was enhanced by binding IoT devices to enterprises through Bluetooth-based verification and blockchain's immutable ledger, ensuring data authenticity at the source. Second, privacy protection was achieved by adopting graded visibility: consumers accessed only public data such as testing results and logistics status, while regulators could decrypt private information (e.g., production location and batch details) via authorized keys, balancing transparency with confidentiality. Third, collaboration across enterprises was improved through the consortium blockchain structure and Fabric channel mechanisms, which eliminated information silos and enabled selective data sharing in real time, reducing inter-organizational access time from weeks to minutes. [Conclusions] This study proposed and implemented a vegetable supply chain traceability system that integrates IoT, blockchain, and PQ-ECIES. By deploying nine categories of IoT devices, establishing trusted device–enterprise mappings, and incorporating blockchain's decentralized and tamper-proof ledger, the system ensured reliable data collection and storage. The integration of PQ-ECIES provided dual cryptographic protection, balancing efficiency with long-term quantum security. Experimental validation confirmed that IoT-based collection significantly improved accuracy, blockchain integration achieved acceptable on-chain and query latency, and PQ-ECIES outperformed RSA while offering post-quantum resistance not available in AES. Beyond technical performance, the system enhanced trust, privacy, and collaboration across the vegetable supply chain, effectively addressing common issues of data forgery, tampering, and cross-enterprise coordination.Overall, the proposed framework demonstrates high potential for real-world deployment in agricultural supply chains, offering a secure, efficient, and future-proof solution to ensure authenticity, reliability, and transparency in vegetable traceability. The study also provides a reference model for extending post-quantum blockchain-based traceability to other agri-food sectors facing similar challenges.

Key words: Internet of things, blockchain, vegetable, anti-counterfeiting traceability, Post Quantum encryption

CLC Number:

S126
TP311

QI Peiyang, SUN Chuanheng, TAN Changwei, WANG Jun, XING Bin. Vegetable IoT Blockchain Anti Counterfeiting Traceability System Based on PQ-ECIES[J]. Smart Agriculture, doi: 10.12133/j.smartag.SA202507019.

Figures/Tables 16

Fig. 1

Fig. 2

Table 1

Fig. 3

Fig. 4

Table 2

Pseudocode for the encryption steps of PQ-ECIES

Algorithm 1：加密步骤算法
Input： PrivacyData，（ReceiverPublicKey， ReceiverKyberPublicKey） //隐私数据，数据接收者双重公钥
Output： Complete ciphertext //完整密文
1： /步骤1：生成发件人的临时密钥/
2： SenderTemporaryPrivateKey ← Random（） // 生成临时随机私钥
3： SenderTemporaryPublicKey ← SenderTemporaryPrivateKey × G // 计算椭圆曲线公钥
4： SenderTemporaryKyberPublicKey ← Kyber.KeyGen（） // 生成kyber临时公钥
5： /* 步骤 2：计算共享密钥 */
6： EllipticCurveSharedSecret ← SenderTemporaryPrivateKey × ReceiverPublicKey // 椭圆曲线共享密钥
7：（KyberCiphertext， KyberSharedSecret） ← Kyber.Encapsulation（ReceiverKyberPublicKey） // Kyber 共享密钥
8： /步骤 3：派生联合密钥 /
9： CombinedSecret ← SHA3-256（EllipticCurveSharedSecret ∥ KyberSharedSecret） // 合并共享密钥并哈希
10： EncryptionKey ← KDF（CombinedSecret， "ENC"） // 密钥派生函数（Key Derivation Function， KDF（）），AES-GCM 是高级加密标准（AES）的一种工作模式，全称是Galois/Counter Mode
11： MessageAuthenticationKey ← KDF（CombinedSecret， "MAC"） //派生消息认证码（Massage Authentication Code，MAC）认证密钥
12： /* 步骤 4：加密隐私数据 */
13： Ciphertext ← AES-GCM-Encrypt（EncryptionKey， PrivacyData） // 使用 AES-GCM 加密数据
14： AuthenticationTag ← HMAC-SHA256（MessageAuthenticationKey， Ciphertext） //生成完整性认证标签，基于散列的消息认证码-安全哈希算法（Hash-based Message Authentication Code-Secure Hash Algorithm，HMAC-SHA）
15： /* 步骤 5：封装完整密文 */
16： CompleteCiphertext ← SenderTemporaryPublicKey ∥ SenderTemporaryKyberPublicKey ∥
17： KyberCiphertext ∥ Ciphertext ∥ AuthenticationTag // 拼接完整密文作为最终输出

Table 2

Table 3

Fig. 5

Fig. 6

Table 4

Table 5

Fig. 7

Fig.8

Fig. 9

Fig. 10

Table 6

References 33

[1]	孙传恒, 朱文颖, 邢斌, 等. 中国农产品质量安全可追溯体系发展历程与展望[J]. 农业工程学报, 2025, 41(12): 1-14.
	SUN C H, ZHU W Y, XING B, et al. Development history and prospects of agricultural product quality and safety traceability system in China[J]. Transactions of the Chinese society of agricultural engineering, 2025, 41(12): 1-14.
[2]	姚晓霞. 区块链技术在生鲜农产品供应链管理中的应用[J]. 市场周刊, 2024, 37(2): 32-35.
	YAO X X. Application of blockchain technology in supply chain management of fresh agricultural products[J]. Market weekly, 2024, 37(2): 32-35.
[3]	陈高霞, 李召娟, 邢燕, 等. 信息技术在蔬菜种苗安全追溯系统设计中的应用探究[J]. 农业工程技术, 2024, 44(26): 29-30.
	CHEN G X, LI Z J, XING Y, et al. Application of information technology in the design of vegetable seedling safety traceability system[J]. Agricultural engineering technology, 2024, 44(26): 29-30.
[4]	褚超. 前置仓模式下生鲜农产品供应链风险评估[J]. 物流科技, 2025, 48(12): 161-164, 183.
	CHU C. Risk assessment of the fresh agricultural product supply chain under the front warehouse mode[J]. Logistics sci-tech, 2025, 48(12): 161-164, 183.
[5]	胡雯, 黄季焜, 陈富桥, 等. 基于区块链技术的农产品质量安全追溯体系: 实践、挑战与建议[J]. 农业经济问题, 2024, 45(5): 33-47.
	HU W, HUANG J K, CHEN F Q, et al. A blockchain-based traceability system for agri-food products: Practice, challenges, and suggestions[J]. Issues in agricultural economy, 2024, 45(5): 33-47.
[6]	吴旭阳. 基于区块链的农产品溯源数据存储优化研究[D]. 郑州: 河南工业大学, 2024.
	WU X Y. Optimization of agricultural products traceability data storage based on blockchain[D]. Zhengzhou: Henan University of Technology, 2024.
[7]	林建材, 烟台苹果质量安全监管和追溯系统研究与应用[R]. 烟台: 烟台市农业技术推广中心, 2002-12-11.
	LIN J C. Research and application of Yantai apple quality safety supervision and traceability system[R]. Yantai: Yantai Agricultural Technology Extension Center, 2002-12-11.
[8]	张继恩. 商品条码在食品冷链物流中的应用[J]. 现代食品, 2025, 31(3): 120-123.
	ZHANG J E. Application of commodity bar code in food cold chain logistics[J]. Modern food, 2025, 31(3): 120-123.
[9]	熊盼, 黄小燕. 区块链技术在果业供应链中的应用研究[J]. 贵州农机化, 2025(2): 32-36.
	XIONG P, HUANG X Y. Research on the application of blockchain technology in fruit industry supply chain[J]. Guizhou agricultural mechaniation, 2025(2): 32-36.
[10]	张净, 唐恒睿, 刘晓梅. 基于区块链及IPFS的农产品多链追溯系统研究[J]. 中国农机化学报, 2024, 45(7): 127-134.
	ZHANG J, TANG H R, LIU X M. Research on multi-chain traceability system of agricultural products based on blockchain and IPFS[J]. Journal of Chinese agricultural mechanization, 2024, 45(7): 127-134.
[11]	MEHANNAOUI R, MOUSS K N, AKSA K, et al. A holochain-based IoT-enabled agri-food traceability system: Application in the recombined milk supply chain[J]. International journal of information technology, 2025.
[12]	沈诗琦, 王婧. 基于区块链技术的农产品供应链研究[J]. 物流科技, 2025, 48(6): 99-102.
	SHEN S Q, WANG J. Research on the agricultural supply chain based on blockchain technology[J]. Logistics sci-tech, 2025, 48(6): 99-102.
[13]	MASTILOVIĆ J, KUKOLJ D, KEVREŠAN Ž, et al. Emerging perspectives of blockchains in food supply chain traceability based on patent analysis[J]. Foods, 2023, 12(5): ID 1036.
[14]	陈醇, 张重阳, 冯国富. 基于区块链的水产养殖数据存储与溯源模型研究[J]. 渔业现代化, 2025, 52(3): 108-116.
	CHEN C, ZHANG C Y, FENG G F. Research on blockchain- based data storage and traceability model for aquaculture[J]. Fishery modernization, 2025, 52(3): 108-116.
[15]	李瑶, 栾洲栋, 王昊东, 等. 区块链技术在果品供应溯源系统中的创新应用[J]. 果农之友, 2025(6): 150-152.
	LI Y, LUAN Z D, WANG H D, et al. Innovative application of blockchain technology in fruit supply traceability system[J]. Fruit growers' friend, 2025(6): 150-152.
[16]	OJETUNDE B, KURIHARA T, YANO K, et al. A practical implementation of post-quantum cryptography for secure wireless communication[J]. Network, 2025, 5(2): ID 20.
[17]	IAVICH M, KUCHUKHIDZE T. Investigating CRYSTALS-kyber vulnerabilities: Attack analysis and mitigation[J]. Cryptography, 2024, 8(2): ID 15.
[18]	巫宇, 刘明光, 费奕霖, 等. 基于区块链与大数据技术的预制菜质量安全溯源系统[J]. 智慧农业导刊, 2025, 5(7): 17-20.
	WU Y, LIU M G, FEI Y L, et al. Quality and safety traceability system for prefabricated vegetables based on blockchain and big data technologies[J]. Journal of smart agriculture, 2025, 5(7): 17-20.
[19]	谢茂南. 物联网技术在农产品质量监测与溯源中的应用研究[J]. 农机使用与维修, 2023(12): 55-57.
	XIE M N. Research on the application of Internet of Things technology in agricultural product quality monitoring and traceability[J]. Agricultural machinery using & maintenance, 2023(12): 55-57.
[20]	张洪奇, 张艳, 张晨, 等. 设施智慧农场大数据平台开发与应用[J]. 山东农业大学学报(自然科学版), 2024, 55(3): 295-303, 475.
	ZHANG H Q, ZHANG Y, ZHANG C, et al. Development and application of big data platform for facility intelligent farm[J]. Journal of Shandong agricultural university (natural science edition), 2024, 55(3): 295-303, 475.
[21]	洪轲, 梅娟. 基于农产品溯源的电子商务平台设计与实现[J]. 电脑知识与技术, 2025, 21(1): 48-50.
	HONG K, MEI J. Design and implementation of E-commerce platform based on traceability of agricultural products[J]. Computer knowledge and technology, 2025, 21(1): 48-50.
[22]	沈倩. 基于区块链技术的农产品冷链物流追溯系统解决方案[J]. 物流工程与管理, 2024, 46(5): 60-63, 103.
	SHEN Q. A solution for agricultural product cold chain logistics traceability system based on blockchain technology[J]. Logistics engineering and management, 2024, 46(5): 60-63, 103.
[23]	李倩, 王建平, 吕莹莹, 等. 基于区块链和物联网的优质果品溯源平台关键技术及应用[J]. 河南科技学院学报(自然科学版), 2025, 53(3): 54-69.
	LI Q, WANG J P, LV Y Y, et al. Key technologies and applications of a high-quality fruit traceability platform based on blockchain and the Internet of Things[J]. Journal of Henan institute of science and technology (natural science edition), 2025, 53(3): 54-69.
[24]	郭浩. 太原市农产品供应链追溯系统推广策略研究[D]. 大连: 大连海洋大学, 2024.
	GUO H. Research on promotion strategies for the taiyuan agricultural product supply Chain traceability system[D]. Dalian: Dalian Ocean University, 2024.
[25]	孙传恒, 万宇平, 罗娜, 等. 面向追溯主体的果蔬全供应链区块链多链模型研究[J]. 农业机械学报, 2023, 54(4): 416-427.
	SUN C H, WAN Y P, LUO N, et al. Blockchain multi-chain model of fruit and vegetable supply chain for traceability subjects[J]. Transactions of the Chinese society for agricultural machinery, 2023, 54(4): 416-427.
[26]	钱建平, 张保岩, 邢斌, 等. 集成实时快速检测信息的蔬菜追溯系统改进与应用[J]. 农业工程学报, 2015, 31(4): 306-311.
	QIAN J P, ZHANG B Y, XING B, et al. Improvement and application of vegetable traceability system with integrated real-time rapid detection of information[J]. Transactions of the Chinese society of agricultural engineering, 2015, 31(4): 306-311.
[27]	姜锦婷. 基于区块链技术对农产品冷链物流系统的优化: 以徐州市为例[J]. 物流工程与管理, 2023, 45(11): 93-95, 119.
	JIANG J T. Optimization of agricultural products cold chain logistics system based on blockchain technology: Taking Xuzhou as an example[J]. Logistics engineering and management, 2023, 45(11): 93-95, 119.
[28]	高琪娟, 蒋道臻, 乐阳, 等. 基于Fisco-Bcos联盟链技术的农产品溯源系统设计与实现研究[J]. 安徽农业大学学报, 2024, 51(3): 530-536.
	GAO Q J, JIANG D Z, LE Y, et al. Research on the design and implementation of an agricultural product traceability system based on Fisco-Bcos consortium blockchain technology[J]. Journal of Anhui agricultural university, 2024, 51(3): 530-536.
[29]	孙传恒, 张军, 罗娜, 等. 牡蛎供应链生物风险因子溯源隐私数据加密共享方法研究[J]. 农业机械学报, 2025, 56(5): 577-588.
	SUN C H, ZHANG J, LUO N, et al. Research on method of encrypted sharing of privacy data for tracing biological risk factors in oyster supply chain[J]. Transactions of the Chinese society for agricultural machinery, 2025, 56(5): 577-588.
[30]	杨国涛, 曹冲, 韩涛, 等. 物联网中基于混合加密的密码安全认证方法[J]. 集成电路与嵌入式系统, 2024, 24(4): 23-29.
	YANG G T, CAO C, HAN T, et al. Password security authentication method based on hybrid encryption in the Internet of Things[J]. Integrated circuits and embedded systems, 2024, 24(4): 23-29.
[31]	米瑞琪, 江浩东, 张振峰. 基于Kyber公钥加密的高效认证密钥交换协议[J/OL]. 软件学报, 2025: 1-14. (2025-06-11)[2025-06-30].
	MI R Q, JIANG H D, ZHANG Z F. Efficient authenticated key exchange protocol based on kyber public-key encryption[J/OL]. Journal of software, 2025: 1-14. (2025-06-11)[2025-06-30].
[32]	林自然, 程池, 陈鹏, 等. 一种针对Kyber的并行检错密钥恢复方案[J]. 密码学报(中英文), 2025, 12(2): 429-442.
	LIN Z R, CHENG C, CHEN P, et al. Parallel error-checking key recovery scheme for kyber[J]. Journal of cryptologic research, 2025, 12(2): 429-442.
[33]	EHSAN M A, ALAYED W, REHMAN A U, et al. Post-quantum KEMs for IoT: A study of kyber and NTRU[J]. Symmetry, 2025, 17(6): ID 881.

供应链阶段	物联网设备	公开信息	隐私信息
产中	四情物联设备	蔬菜货物溯源ID、土壤湿度、气候数据、虫害发生情况	农户的具体位置、个人联系方式、四情物联设备ID
	农残检测仪	蔬菜货物溯源ID、检测时间、检测结果	生产者的身份信息、具体的种植地点、农残检测值、农残检测仪识别ID
	农事采集App	蔬菜货物溯源ID、作物生长周期、施肥、灌溉的时间	农户的操作记录、个人农事安排、农事采集设备ID
产后	条码打印机	蔬菜货物溯源ID、产品的追溯码、生产日期	生产批次、生产者信息、条码打印机设备ID
	仓储检测	蔬菜货物溯源ID、仓储公司、仓库温湿度、产品存储量	仓库位置、管理人员信息、仓储传感器设备ID
	物流检测	运蔬菜货物溯源ID、运输路线、货物状态、运输公司信息	司机信息、运输公司内部数据、物流传感器设备ID
	智能电子秤	蔬菜货物溯源ID、称重数据、计量时间	交易双方的信息、价格谈判数据、智能电子称设备ID

链码功能	方法名称	描述	输入	输出
物联网数据上链	UploadProductionData（）	将生产数据写入区块链	生产数据	True/False
	UploadProcessData（）	将加工数据写入区块链	加工数据	True/False
	UploadStorageData（）	将储运数据写入区块链	储运数据	True/False
	UploadSaleData（）	将销售数据写入区块链	销售数据	True/False
PQ-ECIES加密验证	GenerateKey（）	生成非对称密钥	组织节点信息	公私钥对
	PublicKeyEncryption（）	公钥加密	供应链隐私数据	True/False
	PrivateKeyVerification（）	私钥验证	PQ-ECIES加密后数据	True/False
数据查询	QueryPublicData（）	查询公开数据	公开数据ID	对应公开数据
数据查询	QueryPrivacyData（）	查询隐私数据	隐私数据ID	对应隐私数据

测试项	攻击算法	目标算法	量子比特需求/个	模拟破解时间	破解概率/%
ECC密钥恢复（secp256k1）	Shor算法	传统ECC	4 096	2.1小时	98.7
AES-256密钥搜索	Grover算法	传统AES	1 024	6.3小时	95.2
Kyber-768密钥恢复	格基攻击	PQ-ECIES	>1 000 000	>30年	<0.1