The global semiconductor supply chain faces escalating security challenges that threaten operational integrity and national security. Recent studies reveal that counterfeiting alone costs the industry over $75 billion annually, while sophisticated threat actors increasingly target intellectual property across manufacturing tiers. The Provenance ChainTM Network (PCN) is addressing these challenges through our NIST-sponsored effort to design and deliver a protocol that uses device metrology to transform semiconductor supply chain security through standards-based data representation with blockchain-based verification and integrity enforcement.
The research for NIST involved extensive industry engagement with approximately sixty-five companies across the semiconductor ecosystem and identified critical security gaps including limited visibility beyond first-tier suppliers, fragmented metrology data practices, inadequate component verification, and reluctance to share essential data due to intellectual property concerns. These gaps create exploitable vulnerabilities throughout the manufacturing process, from design to deployment.
To address these challenges, PCN developed a protocol on a decentralized distributed ledger architecture that enables secure, auditable data sharing across supply chain tiers while preserving intellectual property. The protocol-based selective disclosure mechanism allows data owners to maintain control of their intellectual property while still providing critical provenance information to authorized parties, effectively balancing security with transparency.
A key innovation is the integration and alignment with the Electronic Datasheets Working Group (EDS-WG), which PCN led. This industry collaboration includes major players such as Intel, Cadence, Apple, Nvidia, and others, focused on standardizing machine-readable component specifications to replace current PDF-based documentation. To arrive at an international standard that can be universally adopted across the semiconductor industry with broad adoption, this standardization work is moving into JEDEC JEP30 JC11.
The security architecture implements a zero-trust model with verifiable credentials and smart contract enforcement to establish trust between mutually untrusted parties. The approach systematically improves supply chain security by registering metrology data from authorized facilities and tracking both hardware and software components through every custody transfer. This creates a comprehensive system of evidence that enhances both supply chain resilience and national security.
Initial testing with industry partners demonstrates that our approach reduces vulnerability to supply chain attacks by providing verification of component authenticity without requiring disclosure of proprietary manufacturing processes. The technology also enables rapid identification of potentially compromised components when new threats emerge, significantly reducing incident response time.
As threat actors increasingly target the semiconductor supply chain through both physical and cyber vectors, our distributed approach to security provides a critical defense capability by eliminating single points of failure. By enabling selective disclosure of authenticated component data, we create transparency without compromising security or intellectual property - a balance that has previously been unattainable in the industry.
The presentation will include case studies from our NIST research and collaboration with Cadence, Kipo AI and others, demonstrate how the protocol works across manufacturing tiers, and outline our roadmap toward full commercial deployment that can interoperate with private networks. We invite industry participation in this collaborative effort to secure our semiconductor ecosystem against evolving threats.
