E-mail: [scheid,killer,franco,rodrigues,stiller]@ifi.uzh.ch [andreas.knecht2,tim.strasser]@uzh.ch the device's private key is not secured or it is leaked [9], a malicious actor can generate or modify transactions, rendering the cold chain measurements untrusted. This problem of private key management becomes evident as well, when considering highly-constrained IoT devices (i.e., Class 0 IoT devices [4]) that cannot directly interact with a BC node using standard Internet protocols (e.g., HTTP) or have power limitations (e.g., batteries). Thus, relying on low power communication (e.g., Bluetooth Low Energy, BLE) between edge nodes signing transactions and handling key management are possible in a hybrid approach [33]. Such an edge node is a single point of failure and, as it stores all the devices' private keys, if compromised, all devices communicating with that edge nodes are compromised as well. It is crucial that all devices' private keys are secured, meaning that they cannot leave the device for transaction signing, and devices are to be physically secured against tampering.