Whitby Jet is a gemstone formed from the compressed remains of a particular species of ancient conifer, buried in the Jurassic-era shale of the North Yorkshire coast over 180 million years ago. It is found in a specific geological formation, in a relatively small area of cliff and beach around Whitby. It is lightweight, takes an extraordinary polish, and has been worked into jewellery since the Bronze Age. It was enormously fashionable during the Victorian mourning period; Queen Victoria wore it after Prince Albert died, and that royal endorsement made it the gemstone of the era.

It has been imitated almost as long as it has been valued. Lignite (a softer, lesser coal), black glass, vulcanite (hardened rubber), French jet (a misnomer for black glass), and more recently plastic: all have been sold as Whitby Jet, some honestly as imitations, many dishonestly as the genuine article. The tests for authenticity — specific gravity, surface temperature, response to a hot needle, UV fluorescence — require skill, equipment, and the physical object in hand. They do not travel with the piece. They cannot be embedded in a photograph or a certificate or a chain of custody document.

I live in Whitby. I work, among other things, on solving this problem.

The cryptographic identity of a stone

The project I have been working on uses NTAG 424 DNA NFC tags — small chips that implement AES-128 CMAC authentication in hardware — to give individual pieces of Jet a cryptographic identity. The chip is small enough to embed in a piece of jewellery without significantly affecting it. It stores a unique identifier and a secret key. It can produce, on demand, a message authentication code that proves the chip is the genuine chip and not a clone.

The authentication works like this: a reader sends the chip a challenge. The chip uses its secret key to compute an AES-128 CMAC over the challenge and a counter. The reader verifies the response against the expected value, using a server-side key that corresponds to the chip's key. The counter increments with each authentication, so replaying a previous response does not work — the counter value is part of what is signed.

The chip’s secret key is written during manufacturing and is designed to be irrecoverable even under physical attack. The key never travels; only the response travels. This is structurally the same property that makes contactless payment trustworthy at scale: the secret stays home, and only cryptographic proofs of knowledge leave the device.

What this solves and what it does not

It is worth being precise about what cryptographic provenance solves and what it does not. It solves the problem of the chip being genuine: you can verify, with high confidence, that the NFC tag you are reading is the specific tag that was registered to this piece. What it does not solve, on its own, is the problem of the chip having been transferred to a different piece. A dishonest seller could, in principle, remove the chip from a genuine piece and embed it in an imitation.

This is the classic physical token problem, and it is addressed in the system design rather than the cryptography. The chip registration includes a physical description, photographs, weight, and dimensional measurements. The authentication app presents these alongside the cryptographic result: not just “chip verified” but “chip verified — does this match the piece in your hand?” The human judgement is still part of the system, but it is now supported by evidence rather than wholly dependent on expertise and trust.

Why this matters beyond Jet

Whitby Jet is a particular case of a general problem: physical objects whose value depends on provenance, and whose provenance is currently established by paper documentation and expert opinion that does not travel reliably with the object. Fine art, rare books, heritage artefacts, pharmaceutical supply chains, high-value components: all of these have versions of the same problem.

The NFC authentication approach is not new in industrial supply chain contexts. What makes the Jet project interesting to me is the combination of a very old material culture — 180 million years of geology, 4,000 years of human use, 150 years of systematic imitation — with authentication technology that would have been incomprehensible to the Victorian jet workers who were first dealing with the fraud problem. The solution to a very old problem, from a small coastal town, using the same family of cryptographic ideas I first encountered in transport infrastructure.