From 21312e5063379650309c9080f700cd62f9fbe7eb Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 12:00:26 +0000 Subject: [PATCH 1/6] feat: add spec for publically verifiable timestamps for UCANs with Drand --- Publically Verifiable UCAN Timestamps.md | 31 ++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 Publically Verifiable UCAN Timestamps.md diff --git a/Publically Verifiable UCAN Timestamps.md b/Publically Verifiable UCAN Timestamps.md new file mode 100644 index 0000000..4f09d81 --- /dev/null +++ b/Publically Verifiable UCAN Timestamps.md @@ -0,0 +1,31 @@ +# Publically verifiable timestamps for UCANs with Drand + +![](https://img.shields.io/badge/status-wip-orange.svg?style=flat-square) + +## Editors + +- [Alan Shaw](https://github.com/alanshaw), [DAG House](https://dag.house/) + +## Authors + +- [Alan Shaw](https://github.com/alanshaw), [DAG House](https://dag.house/) + +# Abstract + +Being able to verify that a UCAN invocation happened within a time window gives us some assurances. + +Enabling public verification that a UCAN was created on or after a specific time also allows services to be open and transparent. + +[Drand](https://drand.love/) is a distributed randomness beacon. Drand nodes produce collective, publicly verifiable, unbiased, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. + +By including a drand randomness round in a signed UCAN, anyone can prove that it was created _on_ or _after_ that randomness round was generated. There’s a number of uses for this, an example is allowing the web3.storage service to account for `store/add` invocations, publically proving that we were asked to store data within a given time frame. + +Services may choose to reject UCANs with timestamps that do not correspond to a recent randomness round. In this case it's reasonable to assume that the UCAN was _probably_ not generated long after the included randomness round. There is no incentive to do so if it is likely to be rejected on reciept. + +## Specification + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +1. Issuers **must** include a drand randomness round in UCAN [`nnc`](https://github.com/ucan-wg/spec#323-nonce) field. +1. Issuers **may** include the "chain hash" of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. The chain hash uniquely identifies the drand chain the randomness value was taken from, if it is different from the mainnet chain operated by the League of Entropy. If omitted, it is assumed to be `8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce`. +1. Audiences **may** reject a received UCAN if the randomness of the current/recent round does not match the randomness included in the UCAN. From 5891d504c6190b4511417105a0a159e8790d875a Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 12:04:08 +0000 Subject: [PATCH 2/6] chore: appease linter --- .github/workflows/words-to-ignore.txt | 2 ++ ... Timestamps.md => Publicly Verifiable UCAN Timestamps.md | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) rename Publically Verifiable UCAN Timestamps.md => Publicly Verifiable UCAN Timestamps.md (91%) diff --git a/.github/workflows/words-to-ignore.txt b/.github/workflows/words-to-ignore.txt index 5dcf65e..fc99953 100644 --- a/.github/workflows/words-to-ignore.txt +++ b/.github/workflows/words-to-ignore.txt @@ -39,6 +39,8 @@ URIs interop permissionless stateful +drand +bilinear # actually correct reimagine diff --git a/Publically Verifiable UCAN Timestamps.md b/Publicly Verifiable UCAN Timestamps.md similarity index 91% rename from Publically Verifiable UCAN Timestamps.md rename to Publicly Verifiable UCAN Timestamps.md index 4f09d81..d12dcb0 100644 --- a/Publically Verifiable UCAN Timestamps.md +++ b/Publicly Verifiable UCAN Timestamps.md @@ -1,4 +1,4 @@ -# Publically verifiable timestamps for UCANs with Drand +# Publicly verifiable timestamps for UCANs with Drand ![](https://img.shields.io/badge/status-wip-orange.svg?style=flat-square) @@ -18,9 +18,9 @@ Enabling public verification that a UCAN was created on or after a specific time [Drand](https://drand.love/) is a distributed randomness beacon. Drand nodes produce collective, publicly verifiable, unbiased, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. -By including a drand randomness round in a signed UCAN, anyone can prove that it was created _on_ or _after_ that randomness round was generated. There’s a number of uses for this, an example is allowing the web3.storage service to account for `store/add` invocations, publically proving that we were asked to store data within a given time frame. +By including a drand randomness round in a signed UCAN, anyone can prove that it was created _on_ or _after_ that randomness round was generated. There’s a number of uses for this, an example is allowing the web3.storage service to account for `store/add` invocations, publicly proving that we were asked to store data within a given time frame. -Services may choose to reject UCANs with timestamps that do not correspond to a recent randomness round. In this case it's reasonable to assume that the UCAN was _probably_ not generated long after the included randomness round. There is no incentive to do so if it is likely to be rejected on reciept. +Services may choose to reject UCANs with timestamps that do not correspond to a recent randomness round. In this case it's reasonable to assume that the UCAN was _probably_ not generated long after the included randomness round. There is no incentive to do so if it is likely to be rejected on receipt. ## Specification From c1d963e535d784d72abaf0e7ae79b459ea14cf70 Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 14:35:42 +0000 Subject: [PATCH 3/6] fix: require round number ofr unchained randomness chains --- Publicly Verifiable UCAN Timestamps.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Publicly Verifiable UCAN Timestamps.md b/Publicly Verifiable UCAN Timestamps.md index d12dcb0..fea9b56 100644 --- a/Publicly Verifiable UCAN Timestamps.md +++ b/Publicly Verifiable UCAN Timestamps.md @@ -27,5 +27,8 @@ Services may choose to reject UCANs with timestamps that do not correspond to a The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). 1. Issuers **must** include a drand randomness round in UCAN [`nnc`](https://github.com/ucan-wg/spec#323-nonce) field. -1. Issuers **may** include the "chain hash" of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. The chain hash uniquely identifies the drand chain the randomness value was taken from, if it is different from the mainnet chain operated by the League of Entropy. If omitted, it is assumed to be `8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce`. +1. Issuers **should** include the drand randomness _round number_ in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. + If included, the round number **must** correspond to the randomness value in the `nnc` field. This field is **required** for ["unchained" drand randomness chains](https://drand.love/blog/2022/02/21/multi-frequency-support-and-timelock-encryption-capabilities/#unchained-randomness-timed-encryption). +1. Issuers **may** include the "chain hash" of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. + The chain hash uniquely identifies the drand chain the randomness value was taken from, if it is different from the mainnet chain operated by the League of Entropy. If omitted, it is assumed to be `8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce`. 1. Audiences **may** reject a received UCAN if the randomness of the current/recent round does not match the randomness included in the UCAN. From 5de7a7aca5c5129203df989f5caa0d5df8bf5c1b Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 14:36:30 +0000 Subject: [PATCH 4/6] fix: formatting --- Publicly Verifiable UCAN Timestamps.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Publicly Verifiable UCAN Timestamps.md b/Publicly Verifiable UCAN Timestamps.md index fea9b56..858dccb 100644 --- a/Publicly Verifiable UCAN Timestamps.md +++ b/Publicly Verifiable UCAN Timestamps.md @@ -27,8 +27,11 @@ Services may choose to reject UCANs with timestamps that do not correspond to a The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). 1. Issuers **must** include a drand randomness round in UCAN [`nnc`](https://github.com/ucan-wg/spec#323-nonce) field. + 1. Issuers **should** include the drand randomness _round number_ in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. If included, the round number **must** correspond to the randomness value in the `nnc` field. This field is **required** for ["unchained" drand randomness chains](https://drand.love/blog/2022/02/21/multi-frequency-support-and-timelock-encryption-capabilities/#unchained-randomness-timed-encryption). + 1. Issuers **may** include the "chain hash" of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. The chain hash uniquely identifies the drand chain the randomness value was taken from, if it is different from the mainnet chain operated by the League of Entropy. If omitted, it is assumed to be `8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce`. + 1. Audiences **may** reject a received UCAN if the randomness of the current/recent round does not match the randomness included in the UCAN. From 34f425c040d7dd21f0de2fd7efdc532aa7429d88 Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 14:37:14 +0000 Subject: [PATCH 5/6] fix: formating --- Publicly Verifiable UCAN Timestamps.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Publicly Verifiable UCAN Timestamps.md b/Publicly Verifiable UCAN Timestamps.md index 858dccb..a92aa95 100644 --- a/Publicly Verifiable UCAN Timestamps.md +++ b/Publicly Verifiable UCAN Timestamps.md @@ -29,9 +29,11 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S 1. Issuers **must** include a drand randomness round in UCAN [`nnc`](https://github.com/ucan-wg/spec#323-nonce) field. 1. Issuers **should** include the drand randomness _round number_ in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. + If included, the round number **must** correspond to the randomness value in the `nnc` field. This field is **required** for ["unchained" drand randomness chains](https://drand.love/blog/2022/02/21/multi-frequency-support-and-timelock-encryption-capabilities/#unchained-randomness-timed-encryption). 1. Issuers **may** include the "chain hash" of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field. + The chain hash uniquely identifies the drand chain the randomness value was taken from, if it is different from the mainnet chain operated by the League of Entropy. If omitted, it is assumed to be `8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce`. 1. Audiences **may** reject a received UCAN if the randomness of the current/recent round does not match the randomness included in the UCAN. From 68a1147ac84cad6de0275d5169d8350663e42438 Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 3 Jan 2023 14:49:27 +0000 Subject: [PATCH 6/6] fix: appease linter --- .github/workflows/words-to-ignore.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/words-to-ignore.txt b/.github/workflows/words-to-ignore.txt index fc99953..fbb79ea 100644 --- a/.github/workflows/words-to-ignore.txt +++ b/.github/workflows/words-to-ignore.txt @@ -41,6 +41,7 @@ permissionless stateful drand bilinear +mainnet # actually correct reimagine