One of the most intriguing projects Taraxa worked on was helping a Japanese arcade machine leasing company expand their business across new markets in East Asia.
The client had been a successful arcade machine leasing company in Japan for over 60 years with a very stable roster of returning customers. In 2019, they decided to test the waters outside of Japan into East Asia and Southeast Asia, and demand skyrocketed. These arcades were so popular due to several reasons,
- Novelty: most of the markets they expanded into hadn't seen these arcades before and the kids loved them
- Capital-efficiency: the client operated on a revenue-sharing rather than a fixed-fee leasing model, which meant there was minimal upfront investment for the retailers to install and operate the machines
By late 2019, the client had an orderbook equivalent to more than ~200k USD monthly rental receipts. Business was looking very good, but they were reluctant to fulfill these orders.
The Trust Gap
While the revenue-sharing model was very popular among their potential customers, our client ran into problems with customers under-reporting income earned by each arcade machine. Our client had operated in Japan for decades, where they were very friendly and familiar with all their customers' business operations, so they had pretty accurate estimates of how much each arcade would earn at different locations. But with their expansion into new markets, they didn't know the markets, weren't familiar with local business culture or retail patterns, and their new customers (retailers) were strangers to them.
Immediately after they began their expansion, our client became highly suspicious of the paltry and inconsistent incomes earned by the arcades, as reported by their customers. But they had no real evidence of any wrongdoing. When they conducted pilots to install sensors into these arcade machines to receive remote readings of the arcade's operations, their customers were unhappy because they didn't trust the income data collected by our client.
Our client faced several options, none of them good,
- Continue with the status quo, when they were convinced that their customers were under-reporting the arcades' incomes and cheating them out of their fair share of the revenue
- Change to a fixed-fee model and end up losing a lot of business, due to the drastically increased risk now being shouldered by their potential customers
- Pull out of the new markets outside of Japan altogether
Fundamentally, the problem was there was no clear way for the our client (the lessor) and their customers (the lessees) to agree on the arcade's income streams. They did not trust each other, nor did they trust the arcade machines' sensor data output.
What makes data untrustworthy is that, given two parties (lessor and lessee) with conflicting financial interests, one party could alter or otherwise misrepresent the data to advance their own interests at the expense of the other. The lessee could under-report the arcade machine's income to short-change the lessor, and the lessor could tamper with the sensor data, overcharging the lessee.
Since the crux of the problem is a fundamental distrust for the arcade machine's data, we need to make sure the data is trustworthy. A trustworthy data set could help the lessor (our client) and the lessee (their retailer customers) build trust and a successful business relationship with one another.
The arcade machine's sensor data could be made trustworthy through a decentralized audit trail. Capturing the machine's operational status through sensors is a great idea, the only problem is that the data could be tampered with. But if we could construct a way for any third-party to verify that the data has not been tampered with, then the sensor data could be trusted, thereby establishing a fundamental agreement for each arcade's income streams.
Taraxa built a wireless sensor node into each arcade machine that, in addition to collecting the machine's operational status data, also sends cryptographically-signed hashes (and the hashes themselves) of the data in 6-hour intervals onto the Taraxa blockchain. This creates an audit trail for the raw sensor data.
Here's a video of the end to end demo.
Here are some photos from the demo.
If someone were reading an income statement for the leased arcade machines and wondered if the data had been tampered with. All they have to do is pick a data set that they find suspicious. For example, the 24-hour income stream of 5 arcade machines in a convenience shop in Bangkok. Then they'd take that raw data, create four 6-hour hashes for each machine, giving them 20 hashes total, and look them up on the blockchain. If the hashes exist, then they should look at the signatures of the on-chain hashes. If the signatures match the public keys of the 5 arcade machines, then this data has not been tampered with. If at any time, they cannot find a hash, or a signature doesn't match the known corresponding public key, then the data they've been given has been tampered with.
Last but not the least, since a decentralized network is designed to be immutable, all the hashes and signatures stored on the network are tamper-proof to begin with.
TL;DR Taraxa's solution enabled the client's arcade leasing business model to be highly automated by making arcade machine generated data trustworthy through on-chain audit trails.
Since the real world is never simple, there are always many practical considerations that need to be taken into account.
- Faking the audit trail: is not possible since there's an on-chip secure element, which is actually a very mature technology that is designed to hide a secret key inside its hardware and defeat side-channel attacks (attempts at reading the key from physical properties such as temperature fluctuations). The amount of resources it takes to defeat just 1 secure element is so high compared to the leasing fees of an arcade machine that it's not economically worthwhile.
- Tampering of the sensors: it's entirely possible that the sensors themselves could be tampered with. However, to do this takes a great deal of sophisticated technical know-how to evade detection. Simply disconnecting the sensors would be an obvious sign of tampering, hardwiring it into a constant value would also look suspicious, replaying random values could definitely be detected, and replaying past historical values could also be detected. Sensor tampering is definitely possible, but the costs & difficulty just went up exponentially, making it unworthwhile.
- Bribing the sensor manufacturer: is a valid supply-chain attack, but for obvious reasons, integrated circuit manufacturers are too big and have too many security precautions in place to be easily bribed, especially not for a small retailer, not to mention the costs and risks make this attack economically unworthwhile.
As always, solving real world problems is about finding a practical solution to close the trust gap just enough to allow disparate parties to collaborate with confidence. In time, as their collaboration deepens, so will their trust for one another.
Stay tuned! 🪁