Supply Chain Component Provenance
Chain per-lot component provenance — issuer-signed at every supplier tier — into a ZK proof the assembler can verify.
Who this is for.
Are you still receiving component provenance (country of origin, manufacturing lot, modification history) as Excel sheets and supplier-submitted PDFs, then aggregating internally? Does it feel like there's no structural way to detect tampering several tiers back?
-
Procurement leads and supply chain management at manufacturers (automotive, electronics, industrial equipment)
-
Quality assurance teams setting up traceability and recall-response evidence at the component level
-
Teams building per-component provenance chains for Digital Product Passport (DPP) compliance
Hand over the source, or just the facts?
Change what reaches the AI, and the leakage risk goes with it.
- component_id:
- COMP-ABC-001
- part_name:
- motor control board
- supplier_tier_1:
- Corp A
- supplier_tier_2:
- Corp B
- supplier_tier_3:
- Corp C
- batch:
- 2024-Q3-15
- subject:
- did:lemma:component-COMP-ABC-001
- issuer:
- did:lemma:supplier-A
- sourceHash:
- 0x3c8d…f7a2
- lineageChain:
- [tier-3, tier-2, tier-1, assembly]
- recordedAt:
- 2024-08-15T08:00:00Z
- integrity:
- poseidon-merkle
- ZK verified:
- ✓ VALID
Lemma lets every supplier tier issue component attributes (country of origin, manufacturing lot, modification history, quality test results) as issuer-signed attestations, with per-component cryptographic links to upstream tiers. Supplier names, contract terms, and cost data stay under the issuer's control. What crosses to the receiving side is only a ZK proof: "this part was produced in a certified Tier-3 facility," "this lot passed the specified test threshold."
Autonomous procurement agents can verify the per-component provenance chain as a ZK proof before confirming an order. Tampering attempts, counterfeit lot injection, and gray-market entry are structurally detectable as chain-integrity breaks — execution stops at the boundary without tracing all the way upstream manually.
How this provenance chain fits your procurement structure and DPP / traceability requirements is what we map out in a first conversation.
Choose on three criteria.
Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.
| Method | Pass without exposing | Independent verification | Tamper-proof |
|---|---|---|---|
| Access control only | △ | ✗ | ✗ |
| Masking / anonymization | △ | ✗ | ✗ |
| Encryption only | ✓ | ✗ | ✗ |
| Lemma (ZK proof)the only one with all 3 | ✓ | ✓ | ✓ |
What's next
We enter through adoption support and a PoC, and stay alongside you through to operations.
- A 30-minute review — identify components / procurement paths still received as supplier-submitted documents (Excel, PDF), where tampering several tiers back can't be detected.
- Narrow to 1–2 decisions (results) to prove — e.g. "produced in a certified Tier-3 facility," "this lot passed the specified test threshold" — facts to verify before an order. Not supplier names, contract terms, or cost.
- Design connection and the provenance chain — connection to your existing PLM / MES / ERP, and per-component linking of issuer-signed attributes from each supplier tier.
- Prove one path via a (quote-based) PoC — confirm the provenance chain works on one component procurement path.
- Hands-on support from rollout through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; the setup and pricing are designed together.
Tell us one component procurement path that carries the most provenance risk, in the first 30 minutes. No disclosure of supplier contracts or cost information required.
The bigger picture
The bigger picture this use case belongs to.
We map use scenarios across industries and workflows by the four axes.
See use scenarios for Verifiable Origin in Solutions →TRY LEMMA
Run it yourself.
No sales call needed — start hands-on with Lemma's products.