Author: Huazhong University of Science and Technology Blockchain Storage Research Center and HashKey Capital Research
Blockchain technology has realized the mapping of currencies in the digital world, resulting in a series of homogeneous encrypted digital currencies, which has created a wave of investment in cryptocurrencies in recent years. The emergence of non-homogeneous token NFT allows us to see the possibility of mapping the entire real world.
Except for currency, most objects in the real world are unique, and their properties and values are different. The characteristics of NFT can perfectly adapt to this situation and realize the tokenization of different objects in the digital world. , using the characteristics of the blockchain that cannot be tampered with, open and transparent, and traceable, complete the mapping from the real world to the digital world, and then construct the long-awaited utopian city — Metaverse.
However, due to the current technical bottleneck, NFT has not been able to perfectly achieve the above idea. Due to the congested communication conditions on the chain, limited scalability, and high gas costs, the metadata and media data of NFT are not available. It is completely stored on the chain, but chooses to store it off the chain, and loses the protection of blockchain technology. This part of the data is not completely safe and reliable, which means that the current NFT has not yet been encrypted like Bitcoin. Currency-like reliability, which has been submerged in the enthusiasm for NFTs and received little attention.
According to data from coingecko, as of press time, the total market value of the NFT market is US$22.97 billion, accounting for 1.2% of the global cryptocurrency market value, and the 24-hour transaction volume is 3.25 billion, which is still maintaining a strong growth momentum. The security behind the huge market value of NFT is very fragile. Due to the uncertainty of off-chain storage, NFT loss events occur from time to time. Once the corresponding metadata and media data become invalid, the NFT ownership certificate stored on the chain is only A worthless check with no drawer. William Entriken, the author of the most widely used NFT standard ERC721, once said: Only if you trust the custodian who actually manages your assets, the ownership of your assets recorded in the ledger is valid.
NFT is not safe now. The information involved in the transaction of cryptocurrencies such as Bitcoin is completely stored on the chain, but NFT is different. Although its transaction process is also completed on the chain, due to its particularity, it often involves complicated Metadata and media data that require a large storage space are usually stored in NFT storage projects such as the projects own centralized server, third-party cloud server, IPFS or MEFS (MEmo File System) under the chain. These intricate Custodians have different risk factors compared to on-chain storage.
first level title
secondary title
The basic concept of NFT
The full name of NFT is Non-FungibleToken, and the Chinese name is non-homogeneous token. It is a non-homogeneous token derived from the Ethereum smart contract. As a unique digital asset, it has the characteristics of indivisibility, non-tampering, irreplaceability, and uniqueness.
Relatively speaking, FT (FungibleToken) is also a homogeneous token. Taking Ethereum as an example, each Ethereum is homogeneous, there is no difference between them, and it can be split into smaller units. And each NFT has a unique and unique identifier, which cannot be interchanged or split.
secondary title
The technical composition of NFT
Blockchain:Blockchain was first known as Bitcoins distributed ledger. Blockchain is a distributed and non-tamperable database. It is essentially a list of recorded data information and uses encryption protocols to protect the information in it. Blockchain offers a viable solution to the long-standing Byzantine problem.
Smart contract:Smart contracts speed up the execution and verification process of digital agreements. Blockchain-based smart contracts use Turings complete scripting language to achieve compatibility of complex functions, and rely on consensus algorithms for execution to ensure consistency. Smart contracts make fair transactions that do not rely on third-party credit intermediaries possible, and can realize cross-industry, cross-field, and cross-ecology value interactions.
On-chain transactions:On-chain transactions need to be realized through blockchain addresses and transaction instructions. A blockchain address consists of a fixed number of letters, numbers, and characters, and it is a unique identifier similar to a bank account for users to send and receive assets. And there is a pair of corresponding public key and private key to verify the authenticity of the transaction.
Data encoding:secondary title
The basic model of NFT
protocol standard
The underlying logic established by NFT is based on distributed ledgers, and its transactions depend on point-to-point networks. If the distributed ledger of blockchain is regarded as a special type of database, then NFT will be stored in this database. The actual storage status of NFT in China is more complicated. If this database has basic security, consistency, integrity and availability characteristics, then the entire NFT ecological closed loop mainly includes the following scenarios.
NFT Digitization: The NFT creator will check that the file, title, and description are completely accurate, and then convert the NFTs metadata into the appropriate format.
NFT storage: NFT creators can choose two ways to store metadata, on-chain and off-chain. On-chain storage costs are high and traffic is congested, but metadata will exist permanently together with the pass. Off-chain storage is limited but theoretically There is a risk of metadata loss. Currently, options for off-chain storage include centralized data storage, IPFS, and decentralized cloud storage.
NFT signature: The NFT creator signs the information including the hash value of the NFT data and sends it to the smart contract.
NFT casting and trading: After the smart contract receives the complete information of NFT, it can start casting and start the transaction process at the same time. The main mechanism is formulated by the token standard.
secondary title
Key properties of NFTs
NFT is essentially a dApp, that is, a decentralized application, so it has various characteristics from the underlying public ledger, which can be roughly summarized as follows:
Verifiability: The token metadata and ownership of NFTs can be publicly verified. The premise is that the metadata is stored on-chain, and if it is stored off-chain, it is up to the off-chain storage system to determine whether it can be publicly verified. Centralized storage cannot be publicly verified, and device owners can change data at will; IPFS can verify whether data has been tampered with through CID, but cannot verify storage status; decentralized cloud storage systems such as MEFS can not only verify whether data has been tampered with, but also can Verify data storage and redundancy status.
Transparent transactions: The entire process of NFT from casting to selling to buying is open and transparent. However, the storage of NFT metadata and media data is not completely open and transparent. NFT creators will choose their own storage methods, but the security of most storage methods cannot be clearly evaluated.
Usability: The on-chain system that NFT relies on will never be paralyzed. As long as it is an issued NFT, there is no possibility that it cannot be sold or purchased. However, the data stored under the NFT chain will have the risk of being unavailable. At present, except for decentralized cloud storage systems such as MEFS, which have complete risk control measures, centralized storage and IPFS have no control measures.
Tamper-proof modification: Once the metadata and complete transaction records of NFT are confirmed, they will be permanently stored, and only new information can be added, and past information cannot be modified. If the metadata is stored in a centralized server, service operators can tamper with the data at will, and file systems such as IPFS and MEFS are immutable.
Easy circulation: The information seen by each NFT user is updated instantly, eliminating the information barriers between traditional producers-credit intermediaries-buyers, the information is clear and easy to circulate.
Atomicity: NFT transactions can be completed in an atomic, consistent, isolated, and durable (ACID) system.
secondary title
Risk assessment of NFT
The NFT system is a combination of blockchain, storage, and network applications. Its security is challenging, and each component may become a security shortcoming, causing the entire system to be attacked. This article uses the STRIDE method for threat modeling, from the aspects of spoofing (Spooling), tampering (Tampering), repudiation (Repudiation), information disclosure (Information Disclosure), denial of service (Dos) and privilege elevation (Elevation of privilege), etc. Assess the possible risks of the NFT system.
Impersonation: Impersonation, as opposed to authenticity, is the ability to impersonate another person or thing in a system. When users mint or trade NFTs, malicious attackers may exploit authentication vulnerabilities or steal users private keys to illegally obtain ownership of NFTs. It is recommended to formally verify the NFT smart contract and use a cold wallet to isolate it from online data to prevent private key leakage.
Tampering: Tampering corresponds to integrity and refers to malicious modification of NFT data. The blockchain is a powerful distributed ledger, and the hash encryption algorithm it uses is resistant to preimages and subimages. If the metadata of the NFT is stored on the chain, once the transaction is confirmed, the metadata of the NFT And ownership cannot be maliciously tampered with. But if it is NFT metadata stored off-chain, and media data stored off-chain, these data may be manipulated. It is recommended to use a decentralized decentralized cloud storage system to ensure data security and reliability.
Repudiation: Repudiation corresponds to non-repudiation, which means that the NFT creator or owner cannot refuse or withdraw the transaction information after it is confirmed on the chain. The security of this process is guaranteed by the characteristics of the blockchain distributed ledger and the unforgeability of the signature, but the hash values involved may be stolen or replaced by malicious attackers. It is recommended to use smart contracts with multi-signature verification to avoid some risks.
Information leakage: Information leakage corresponds to confidentiality, and refers to the leakage of NFT-related information to unauthorized users. Since in the NFT system, the status information and transaction instruction codes of the smart contract are completely transparent and can be accessed publicly by anyone, there are various risks of information leakage in this case. Even if only the hash value of the NFT is obtained, malicious attackers can use the correlation between the hash value and transaction information to do evil. It is recommended that NFT creators use privacy-preserving smart contracts instead of ordinary smart contracts to protect privacy.
Denial of service: Corresponding to availability, denial of service refers to malicious attackers attacking dApp or raw data stored off-chain, resulting in denial of service to the NFT system. Thanks to the high availability of the blockchain, users can call the information they need at any time without worrying about the denial of service by the system on the chain. However, due to the limited space and communication pressure on the chain, some NFT functions need to be realized by off-chain systems, such as the storage of metadata and media data. Centralized network applications and storage systems are still at risk of being attacked by traditional DoS. Deny service to the NFT system. It is recommended to use a new hybrid blockchain architecture, or a decentralized decentralized cloud storage system.
first level title
first level title
NFT product type
Metaverse
Metaverse
Decentraland
Decentraland is a virtual reality platform based on Ethereum. Users can create content and dApps and monetize them, and the created content can be interactively experienced by other users. Land in Decentraland is marked using a Cartesian coordinate system, and the community has permanent ownership, and they have full control over their creations.
Decentraland stores digital asset ownership and other tradable information on the Ethereum blockchain, while other information that requires real-time interaction, such as scene status and user location, is stored on the users computer or the private server of the scene owner. Developers need to choose what information is worth storing on the chain, because this requires high costs.
The Sandbox
The Sandbox is a community-driven UGC platform where users can take ownership of their own digital land and content. Their works can be freely traded, thus truly becoming a part of this metaverse completely created by users, and all elements in the metaverse are self-driven by the community.
The Sandboxs token SAND uses the ERC-20 standard, and the confirmation and transaction of digital assets use the ERC-1155 and ERC-721 standards, all of which are stored on the Ethereum blockchain. The actual media data of digital assets is stored on IPFS, and Amazon’s S3 cloud service is used to support the front-end of the webpage. The digital assets that have not been minted by the creator will be stored on the S3 cloud server, and data privacy risks require further decentralization. Storage schemes are protected.
CryptoVoxels
digital collectibles
digital collectibles
CryptoPunks are a series of pixel-style avatars with different characteristics, with a total of 10,000. Initially, they can be claimed for free through the Ethereum wallet, but currently they need to be purchased through second-hand trading platforms. Initially, in order to save Gas costs, CryptoPunks aggregated 10,000 characters into one picture, and stored the hash value of this picture in the smart contract on the chain, but did not disclose the storage location of its original media data. As the risk of NFT storage has received more attention, CryptoPunks spent 75M gas fees to store all avatars on the Ethereum blockchain.
Bored Ape Yacht Club is a series of ape heads with different characteristics, a total of 10,000 pieces, all of which have been cast and can be purchased through second-hand trading platforms. BAYC announced the TokenID, SHA-256 hash value, and IPFS hash value corresponding to each avatar on its official website. At the same time, it also used a decentralized storage system to back up the media data of each avatar, and the backup information also Announced.
game
game
Gods Unchained is an NFT card game based on Ethereum similar to Hearthstone. Players can participate in game modes such as competitions and battle royale by forming their own card groups. Cards can be freely traded in the market. Players have ownership. At present, the ownership of NFT in the game is stored on the chain, while the metadata and media data of NFT cards are stored on the companys server, providing an API interface for use in smart contracts.
Axie Infinity is a pet raising game similar to Pokémon based on the Ethereum side chain Ronin. Players can collect, train and raise Axie fantasy pets in the form of NFT, and have pet ownership. The project stores the ownership information of each Axie and its unique genetic data on the chain, and in order to meet the low latency requirements of the game, the media data is stored in the central server off the chain.
first level title
NFT trading platform
Opensea is the earliest and currently the largest NFT trading platform, accounting for more than 90% of the trading market. Initially, Opensea also used a centralized server to store NFT metadata and media data, but as the value of a single NFT continues to rise, data loss caused by centralized storage also occurs from time to time, and Opensea is now also providing NFT creators Provide decentralized storage solutions for selection. Creators can now choose to use IPFS to decentralize NFT metadata and media data, but they will need to pay for this choice themselves.
Rarible is currently the second largest NFT trading platform, supporting ERC-721 and ERC1155 protocols. This project stores the metadata and media data of NFT minted by creators in the backend of the website, that is, in the centralized server. New buyers Calls can be made on the chain as needed.
On-chain storage
On-chain storage
At present, the blockchains used by NFT mainly include public chains such as Ethereum, Flow, and BSC, and side chains such as Polygon and Ronin.
Limited by the high gas costs and congested communication conditions on the chain, most NFT projects choose to only store the ownership data of NFT on the chain to ensure that the ownership cannot be tampered with, traceable, and non-repudiable. The transaction does not need to go through a centralized trust agency as an intermediary, but can be completed directly through the smart contract on the chain, which gives NFT good liquidity and uses technology that is not controlled by any third party as a credit intermediary.
first level title
off-chain storage
centralized
centralized
secondary title
Centralization can be verified
Take CryptoPunks as an example, which initially stores a product integration image in a centralized server, and then stores a cryptographic hash of this image in a smart contract for verification. The advantage of this is that the image can be verified through the hash value to ensure that no modification has been made, endowing the NFT media data with non-tamperable characteristics. However, the media data itself is stored in the central server, instead of the entire network node backup like the NFT ownership storage on the chain, there are many risks such as data loss and denial of service.
decentralized
decentralized
As a representative project of decentralized storage, IPFS has gradually been accepted by the NFT industry. IPFS aims to provide a decentralized addressing supplement to the traditional centralized HTTP. Taking Bored Ape Yacht Club as an example, its metadata and media data are stored in IPFS. IPFS provides redundant backup and stable content addressing. As an addressing network running on multiple nodes, it solves the problem of centralized storage before The pain point of URL address invalidation avoids dependence on centralized service providers.
secondary title
Decentralization is fixable
Decentralized and repairable storage systems, as a new possibility for NFT to solve off-chain storage, are getting widespread attention inside and outside the industry. Decentralized distributed cloud storage projects such as Filecoin, Memo, and Arweave are also actively exploring for NFT enthusiasts. To provide better storage optimization solutions, Filecoin and Memo respectively launched NFT storage projects based on their respective storage ecology.
NFT.Storage is an NFT storage project based on the Filecoin ecology launched by Protocol Labs. NFTs stored through this project will be stored in IPFS or Filecoin. Currently, the capacity of a single storage data is limited to 100MB. Its repair function is based on the incentive mechanism of Filecoin, through the scoring and verification system of storage nodes, it can detect and repair damaged or lost data in time. However, the storage in IPFS is provided by Protocol Labs, which requires the participation of more network nodes and further decentralization. The storage in Filecoin has not yet been linked to the main network, and is provided by test network nodes, and there is a risk of loss due to network reset.
Metastorage.org is developed based on the MEFS storage file system, the NFT storage project of the Memo ecosystem. The NFT stored through this project will be stored in both IPFS and MEFS. MEFS is a storage system developed by Memo Labs. Quantity is not limited. Its repair function is based on the MEFS storage system, adopts the redundancy mechanism of multiple copies and erasure codes, and provides public verification methods. The KEEPER role in the system is responsible for matching nodes that have passed verification and challenges for users, and continuously evaluates and maintains them. Although the overall repair mechanism of MEFS is decoupled from the blockchain, it still requires a wider range of nodes to participate in the Memo system to provide support for the MEFS system and form a stable ecosystem.
first level title
secondary title
Metaverse value support
Generally speaking, the Metaverse refers to virtual worlds built using a range of technologies including the Internet and VR. This concept was born decades ago but has yet to be realized. With the rapid development of the blockchain, the metaverse has ushered in the possibility of becoming a reality. The blockchain provides an ideal decentralized environment for the metaverse world, and the emergence of NFT also provides a feasible way for the confirmation of digital assets. path. Constrained by the current blockchain technology, the actual content of NFT needs a storage method that matches its ownership storage. The demand forces the development of technology, and the decentralized cloud storage industry dedicated to solving NFT storage problems will usher in a broad market. Space to break through the current security bottleneck of NFT centralized storage.
In this blockchain-driven virtual reality, participants can have a very broad and rich imagination space, such as enjoying games, displaying self-made art, owning and trading virtual properties, etc. In addition, users have the opportunity to profit from the unique virtual economic system. They can purchase land that is not under the control of a centralized organization, build freely on it in the form of NFT, rent out the building to others for remuneration, or raise and breed rare pets and sell them for income.
secondary title
The infrastructure of the P2E gaming industry
Recently, P2E games have ushered in an explosive period, which has attracted widespread attention from players and the capital market. In particular, Axie Infinity surpassed NBA Top Shot in one fell swoop and became the NFT project with the highest market value. It can be seen that NFT has great potential in the game industry. Some of the crypto games that already exist are CrytpoKitties, Cryptocats, CryptoPunks, Meebits, Axie Infinity, Gods Unchanged, and TradeStars. A very attractive feature of this type of game is the breeding mechanism. Users can raise pets themselves and spend a lot of time breeding new offspring. They can also buy limited-edition/rare-edition virtual pets and sell them for a premium. Due to the value circulation characteristics of P2E games, the current storage method cannot well meet its high security requirements. Memo and other decentralized cloud storage systems are more suitable for NFT high-value storage infrastructure.
Additional rewards attract many investors to the game, which makes NFTs even more important. Another exciting feature of NFT is that it provides a record of ownership of in-game items, allowing players to own personally exclusive in-game items, facilitating economic identification in the ecosystem, benefiting both developers and players. Players and game developers as NFT publishers can earn royalties every time NFT is sold in the open market, completing a virtuous cycle of feeding back the ecology.
secondary title
huge capital market
The existence of NFT has created a mutually beneficial business model. While players and developers profit from the second-hand NFT market, the blockchain community has also largely expanded NFT to include various types of digital assets and a thriving virtual Economic activity. Traditional online economic activity relies on centralized companies that provide trust and technology. Although blockchain has developed several financing channels, such as ICO, IFO, and IEO, its trial scenarios are still very limited. NFT greatly expands the additional attributes of the blockchain, such as uniqueness, ownership, and liquidity. With the help of NFT, the blockchain rapidly expands its scope of application. This allows everyone to link to a specific event, much like our real-life patterns. To achieve this vision, the storage method of NFT is an important part. The amount of data corresponding to FT is relatively small, which is directly stored on the chain, and NFT also needs a more reliable storage method.
For example, buying a ticket is a common economic activity. When buying tickets in traditional event ticketing marketplaces, consumers must trust the third party providing the business. Accordingly, consumers run the risk of being defrauded or having invalid tickets purchased, which may be counterfeit, counterfeit, or cancelable. In extreme cases, the same ticket may be sold multiple times, or some non-transferable tickets circulate in the market.
NFT-based tickets are issued by the blockchain to prove the right to enter any sports or cultural event. NFT benefits from the problems of double spending, tampering and forgery that the blockchain has already solved in the FT stage. The unique characteristics of distributed ledgers give NFT tickets obvious advantages over traditional tickets. An NFT-based ticket is unique and cannot Tamperable, which means that the ticket holder cannot resell the ticket after it has been sold. NFT, a blockchain-based smart contract, provides a transparent ticket trading platform for stakeholders such as consumers and event organizers. Consumers can buy and sell NFT tickets from smart contracts without relying on any third parties.
secondary title
Protect digital property rights
Digital collectibles encompass everything from trading cards, wine, digital images, videos, virtual real estate, domain names, diamonds, cryptocurrency stamps and intellectual property among other physical objects. Lets take the field of art as an example. First of all, traditional artists have only a few channels to display their works. The acquisition of traditional channels requires capital and network resources, and also requires a lot of energy. Due to lack of attention, prices do not reflect the true value of their works. Even the works they publish on social networks will be charged platform and advertising fees by platforms and advertisers.
NFTs convert their works into a digital format with comprehensive rights, and artists do not have to hand over ownership and content to agents, which provides them with the possibility of high income. Typical examples include Mad Dog Jones REPLICATOR sold for $4.1 million, Grimes works sold for a total of about $6 million and others from and other great crypto artists such as Beeple and Trevor Jones as we all know. NFT has done a good job of protecting the property rights of artworks, but its corresponding actual content, such as metadata and media data, does not have safe and reliable industry storage standards. Distributed storage systems such as Memo are expected to solve this problem.
Additionally, artists traditionally do not receive royalties from future sales of their work. In contrast, NFTs can be programmed so that an artist receives a predetermined amount of each sale of his digital work. Every time his digital work is exchanged on the market, he will receive a preset royalty fee, which is a An efficient way to manage and protect digital masterpieces. In addition, some platforms, such as Mintbase and Mintable, have even built some tools to support ordinary people to easily create their own NFT works.
first level title
Challenges of NFT storage
secondary title
Usability challenges
secondary title
lack of redundancy
secondary title
slow confirmation speed
secondary title
High gas fees
secondary title
Storage Security and Privacy Issues
secondary title
Inaccessibility of NFT data
In mainstream NFT projects, most of them use encrypted hash values as identifiers instead of real media data, and then record them on the blockchain to save gas consumption. This makes users lose confidence in NFTs, as the original files may be lost or corrupted. Some NFT projects have begun to cooperate with specialized file storage systems, such as IPFS, which allow users to address content by hash value, as long as someone somewhere on the IPFS network is hosting it, users can successfully obtain this hash The content corresponding to the value. Still, such a system has unavoidable drawbacks. When users upload NFT metadata and media data to IPFS nodes, there is no guarantee that their data will be replicated across all nodes. This data is stored on IPFS, and it is possible that only one node hosts the content and no other nodes back it up, and if the only node storing it is disconnected from the network, the data may become unavailable. DECRYPT.IO and CHECKMYNFT.COM have reported this issue. The Memo project is trying to use the developed MEFS system to make up for this shortcoming of IPFS.
secondary title
Anonymity and Privacy
Most NFT transactions rely on their underlying Ethereum platform, which only provides pseudo-anonymity, not strict anonymity or privacy. Users can partially hide their identities, and if the connection between their real identities and the corresponding addresses is known to the public, then all activities of users under the exposed addresses can be observed. Existing privacy protection solutions, such as homomorphic encryption, zero-knowledge proofs, ring signatures, and multi-party computation, have not yet been applied to NFT-related schemes on a large scale due to their complex encryption primitives and security assumptions.
Regulatory policy
Regulatory policy
legal aspect
legal aspect
secondary title
taxable property
secondary title
scalability issues
The scalability of the NFT scheme includes two aspects. The first is to emphasize whether a system can interact with other ecosystems. The second focus is whether the NFT system can be updated when the current version is abandoned.
NFT interoperability
Existing NFT ecosystems are isolated from each other, and once users select one type of product, they can only trade them within the same ecosystem due to its underlying blockchain platform. At present, if you want to conduct cross-ecological transactions, you need to complete it through a third-party trading platform like Opensea. Breaking away from the trust organization that originally belonged to the blockchain platform will increase the cost of trust. Interoperability and cross-chain communication have always been obstacles to the widespread adoption of dApps, and cross-chain communication can only be achieved with the help of external trusted parties. In this way, the characteristic of decentralization is inevitably lost to some extent.
But fortunately, most NFT-related projects adopt Ethereum as their underlying platform. This means that they share a similar data structure and can be exchanged under the same rules. The storage methods of NFT projects are different, how to maintain decentralization and unified risk structure is an important issue in the future.
Updatable NFTs
Transitional blockchains generally update their protocols through soft forks and hard forks, illustrating the difficulties and trade-offs when updating existing blockchains. Despite the general model, new blockchains still have strict requirements, such as tolerating certain adversarial behaviors and staying online during updates. NFT schemes are closely dependent on their underlying platforms and remain consistent with them. While data is usually stored in separate components (such as IPFS and MEFS file systems), the most important logic and tokenId are still recorded on-chain, and improvements to properly update the system will be necessary.
