Bitmarks: using blockchain and human-readable keys to protect indie hardware businesses from fraud


Originally published at:


How is a “bitmark” different from or better than a serial number?


Yes, particularly a serial number that is also stored in the firmware?


please geeksplain to me how to do this with the voting system ?


Worried about labels being pealed off? Just laser etch the plastic in the first place.


The do make stickers that tear before they peel. Haven’t we all dealt with them?


A blockchain sibling of spime.


Are you admitting to trying to swap price stickers?

Yeah, I tried a few times, too, in my mis-spent youth.


If I understand it correctly, the Bitmark is more difficult to counterfeit than standard serial numbers for unscrupulous manufacturers. There’s an artificial scarcity mechanism (the five-word phrase labels) that limit the number of units the manufacturer can produce in any given batch, unique identifiers, and a near tamper-proof auditing and tracking system (the blockchain).


The main point of it that I took away from the article is more providing the manufacturer with a way to distingish their product with clones or grey market products–so they can support just their product.

There’s no scarcity for products like these. They’re readily cloned. All that’s being done here is making a way to provide a means for the manufacturer and the customer to know that a specific board is legit.

You can clone the thing to your hearts content, Bunny probably doesn’t care. He just doesn’t want to have to support clones someone else made nor does he want to have to replace broken boards that he didn’t make.

That seems completely legit.


Yes. To be clear, the scarcity to which I was referring was the identifiers themselves and not the products, in partial answer to the question of why Bitmarks might be better than standard serial numbers.


I just looked the device up. Yeah, they’re completely cloneable–Bunny has made them open hardware. So, it’s clear he’s not interested in restricting the manufacturer of them. But, they’re target for education use, so there will be a ton of support needed. I can completely see his need for doing this.

And, yeah, sorry, I was only meaning to amplify your point, not contend with what you said. Sorry if that came off wrong.


Thanks to you both for the helpful explanations.
I suppose that another advantage of bitmarks over serial numbers is that the latter are, well, serial – so it’s trivial to invent a valid value once you know the basic template.


So is this type of application of the blockchain as much of a power hog as mining bitcoins, etc?


I would be curious though know more about exactly what the threat model is:

My understanding is that block chain stuff makes it very difficult (Barring implementation flaws or possession of overwhelming compute power) to tamper with the contents of a ledger even in absence of a single authoritative record holder; but obviously doesn’t prevent cloning of valid stickers, or printing of stickers with values that we’re never actually issued, but which are structurally correct. The neat math also does nothing to keep certain actions from simply never being recorded(eg. the return case: if I do record that a unit was returned, good luck getting that record out of the ledger without anyone noticing; but if I simply keep it off the books, it will never be recorded in the he first place).

In this case, my naive impression would be that most of the points of failure would not be impeded by the block chain mechanism: the untrusted vendor can’t produce more fully legitimate units than they have been provided stickers(though the same would be true of simple serial numbers if only a specified range we’re authorized for production); and they can freely produce multiple units with identical tags or units with accurate-looking fake values. The latter will be detected and f the customer checks, the former leads to a race between two or more customers, since the system can distinguish between real and fake values; but not between the ‘original’ use of a real value and the subsequent printings of the same sticker.

For service/returns/other important product life events, there is the problem that the block chain only forces retention if someone makes the note in the first place.

I guess I just don’t understand how this is more reliable than a single authoritative record holder(Bunny’s company in this case) doling out ordinary serial numbers and product registrations. It’s mathematically cooler, however.

Obviously, my naive impression is worth way less than someone with experience in the matter, which is why this is intended to be in the form of a question: do I misunderstood some of the capability of the mechanism? Is it largely as I understand; but it turns out that most supply chain fraud actually falls in areas it covers? Are hopes modest; but the cost of trying corresponding low?


This topic was automatically closed after 5 days. New replies are no longer allowed.