-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIP-0014: User-facing Asset Fingerprint #64
CIP-0014: User-facing Asset Fingerprint #64
Conversation
Why hash the concatenation of the policy id and sub-identifier? The concatenation of the two parts of the identifier is already unique. There is no need to hash it. |
@dcoutts a hash gives us two nice properties:
|
We could arguably get to a fixed length by padding it, though it'd just be more noisy. In the end, the length may be variable but capped anyway, so it isn't necessarily a property to hold on. |
|
Please don't forget us (the SPOs and tool providers) in all of this! We have now written tools and tested this for 2 months to be ready for the mainnet fork and now you wanna change it? We need the policyID.name scheme to work completely offline, and for the policies we need them in "cleartext" via the cli. So this needs to be working in both ways. If you wanna hash/encode it, fine, but we need a method to get back and forth between the two representatives easily on the cli. Cardano-CLI the "human interacting interface" should provide the information like it is doing right now. |
Also we are working with the utxo json output format like this one to clearly get out the policyID and names. We need that information in offline mode without maintaining databases to know what policy.script is/was used to mint/burn tokens:
We need this information to group them by policyIDs and as i say to interact with the assets with the right policy.scripts. |
Thanks for commenting, this is actually why I am making this a public CIP! This little thing has quite some impact over many interfaces. So we better agree on a standard way to approach this, that is safe for end-users and remain usable.
This one does too.
Going further with that proposal, applications consuming data from the ledger such as (a) A user-facing piece of text This means that applications would typically keep storing the policyId and assetName, and only compute the assetFingerprint on-the-fly for display. Yet, reverse-search would require to have constructed an index to map the fingerprint back to the policy + assetName. |
Worse-case is the Ledger Nano S which can show up to 20 characters. Although, users can scroll in theory, we know that in practice many won't.
At least 224 bits make it safe. 160 bits is enough within this particular context although having another more visual identifier would be recommended because humans are simply bad at memorizing byte strings. |
In continuation to what @gitmachtl and @refi93 have pointed above. Having a hash solves some problems but also introduces more complexities for wallets, explorers, and other tools. The hash by nature is not reversible and hence we essentially end up making This looks to be introducing a bigger change, a wallet keeping track of 3 different data points essential to only show end-users a human-friendly identifier and map the actual |
@ashisherc thanks for your feedback, nevertheless, this point has already been raised and discussed in a thread earlier on this PR, see: #64 (comment) Because the asset name is an open string, it is a good vector for phishing attack. Even when bech32 encoded, it is very easy to create two strings that ressemble each others. As for wallets and explorers, it suffices to store the asset fingerprint next to the asset name and policy id. |
There's a bit of a debate about the 'token' vs 'asset' terminology. Though, 'token' tends to refer more to the actual _thing_ being exchanged, whereas 'asset' tends to refer to its nature. In this context, 'asset' seems therefore a better fit.
Motivation, design and rationale explained in: cardano-foundation/CIPs#64
2512: Add fingerprint to assets (cf: CIP-0014) r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue that this PR relates to and which requirements it tackles. Jira issues of the form ADP- will be auto-linked. --> # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> Motivation, design and rationale explained in: [CIP-0014](cardano-foundation/CIPs#64) # Comments <!-- Additional comments or screenshots to attach if any --> <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Jira will detect and link to this PR once created, but you can also link this PR in the description of the corresponding ticket ✓ Acknowledge any changes required to the Wiki ✓ Finally, in the PR description delete any empty sections and all text commented in <!--, so that this text does not appear in merge commit messages. --> Co-authored-by: KtorZ <matthias.benkort@gmail.com> Co-authored-by: Johannes Lund <johannes.lund@iohk.io>
2512: Add fingerprint to assets (cf: CIP-0014) r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue that this PR relates to and which requirements it tackles. Jira issues of the form ADP- will be auto-linked. --> # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> Motivation, design and rationale explained in: [CIP-0014](cardano-foundation/CIPs#64) # Comments <!-- Additional comments or screenshots to attach if any --> <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Jira will detect and link to this PR once created, but you can also link this PR in the description of the corresponding ticket ✓ Acknowledge any changes required to the Wiki ✓ Finally, in the PR description delete any empty sections and all text commented in <!--, so that this text does not appear in merge commit messages. --> Co-authored-by: KtorZ <matthias.benkort@gmail.com> Co-authored-by: Johannes Lund <johannes.lund@iohk.io>
assetFingerprint := encodeBech32 | ||
( datapart = hash | ||
( algorithm = 'blake2b' | ||
, digest-length = 20 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worse-case is the Ledger Nano S which can show up to 20 characters. Although, users can scroll in theory, we know that in practice many won't.
@KtorZ To make it clear - even though the hash digest was set to 20 bytes, the current bech32 assetId length exceeds Ledger's screen capacity of 20 characters (it has the "asset1" prefix, checksum at the end and one bech32 character is not the same as 1 byte, obviously) - so users will indeed have to scroll on Ledger to see it fully.
However, given that we chose to go with a hash of the policyId and assetName concatenation, even the first screenful of the id should be a reasonable assurance that given assetId is correct, though it's definitely recommendable to scroll through the whole assetId to be completely sure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
he current bech32 assetId length exceeds Ledger's screen capacity of 20 characters
I know :( .. bech32 isn't the "smallest" encoding possible, base64 with no padding would produce shorter strings but they'd also be too long. My hope is that this is short-enough to still allow users to check them, if not fully, at least as much as possible from what they get on the first screen 😬
, digest-length = 20 | ||
, message = policyId | assetName | ||
) | ||
, humanReadablePart = 'asset' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about more descriptive such as
humanReadablePart = 'fngrprnt'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Referring to it as fingerprint would actually be less descriptive 😶 There are many things that can be a fingerprint of something. Yet here, it is used to referred to an asset, hence the prefix. In the same way we don't use hash
as a prefix for key hashes for instance, but we use: addr_vkh
or stake_vkh
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with the idea now.
Good things: it's a shorter hash than before, which clarifies things. We've all come to the consensus that showing the potentially-human-readable part is unwise since it's a prime opportunity for confusion by confusing the sub-identifier with the overall human-readable name.
# Added - Ability to create & update a Cardano Token Registry submission JSON file - Requires 'token-metadata-creator' tool, instructions to download/build this tool added to Guild Operators documentation: - https://cardano-community.github.io/guild-operators/#/Build/offchainMetadataTools - Token Registry lookup in Wallet >> Show - Token asset fingerprint generation according to cardano-foundation/CIPs#64 # Changed - Redesigned input handling to be more flexible and improve output Many line changes due to some code refactoring for println and the new ask function to handle input
# Added - Ability to create & update a Cardano Token Registry submission JSON file - Requires 'token-metadata-creator' tool, instructions to download/build this tool added to Guild Operators documentation: - https://cardano-community.github.io/guild-operators/#/Build/offchainMetadataTools - Token Registry lookup in Wallet >> Show - Token asset fingerprint generation according to cardano-foundation/CIPs#64 # Changed - Redesigned input handling to be more flexible and improve output Many line changes due to some code refactoring for println and the new ask function to handle input
Abstract
This specification defines a user-facing asset fingerprint as a bech32-encoded blake2b-160 digest of the concatenation of the policy id and the asset name.
Motivation
The Mary era of Cardano introduces the support for native assets. On the blockchain, native assets are uniquely identified by both their so-called policy id and asset name. Neither the policy id nor the asset name are intended to be human-readable data.
On the one hand, the policy id is a hash digest of either a monetary script or a Plutus script. On the other hand, the asset name is an arbitrary bytestring of up to 32 bytes (which does not necessarily decode to a valid UTF-8 sequence). In addition, it is possible for an asset to have an empty asset name, or, for assets to have identical asset names under different policies.
Because assets are manipulated in several user-facing features on desktop and via hardware applications, it is useful to come up with a short(er) and human-readable identifier for assets that user can recognize and refer to when talking about assets. We call such an identifier an asset fingerprint.
Specification
We define the asset fingerprint in pseudo-code as:
where
|
designates the concatenation of two byte strings. Thedigest-length
is given in bytes (so, 160 bits).Rationale
Design choices
The asset fingerprint needs to be somewhat unique (although collisions are plausible, see next section) and refer to a particular asset. It must therefore include both the policy id and the asset name.
Using a hash gives us asset id of a same deterministic length which is short enough to display reasonably well on small screens.
We use bech32 as a user-facing encoding since it is both user-friendly and quite common within the Cardano eco-system (e.g. addresses, pool ids, keys).
Security Considerations
With a 160-bit digest, an attacker needs at least 2^80 operations to find a collision. Although 2^80 operations is relatively low (it remains expansive but doable for an attacker), it
is considered safe within the context of an asset fingerprint as a mean of user verification within a particular wallet. An attacker may obtain advantage if users can be persuaded
that a certain asset is in reality another (which implies to find a collision, and make both assets at the reach of the user).
We recommend however that in addition to the asset fingerprint, applications also show whenever possible a visual checksum calculated from the policy id and the asset name as specified in CIP-YET-TO-COME. Such generated images, which are designed to be unique and easy to distinguish, in combination with a readable asset fingerprint gives strong verification means to end users.
Backwards Compatibility
N/A
Reference Implementations
Haskell (GHC >= 8.6.5)
Language Extensions
Imports
TypeScript
Imports
See also: @emurgo/cip14-js.
Test Vectors
Copyright
CC-BY-4.0