If we want crypto-assets to become mainstream, one important problem to solve is the problem of authenticity. So far, no platform has implemented a solution for authenticity, so this is with excitement that we’re announcing the release of Proof of Authenticity on Coinprism, a much needed innovation in crypto-asset space.
Why is it important?
Let’s first understand the problem. Let’s say a friend owes you $10, and wants to repay you in Starbucks coupons. He sends you 10 STBK in lieu of $10, and tells you that you can spend those at Starbucks. How do you know this is actually true, and those coins are actually issued by the coffee shop Starbucks, and can be redeemed for $10 at those? On Counterparty, Mastercoin or NXT, all you get is an asset identifier, anybody can come and create a coin called STBK or STRK or SRBK, and claim it’s redeemable at Starbucks. However, now you have to do your research and find out yourself if that’s true or not. The perfect breeding ground for scams.
Coinprism goes further. On Coinprism, each coin can be associated with a contract in a decentralized way: the machine-readable contract is hosted by the issuer, and the Blockchain points to that contract. Coinprism knows how to read the contract, and displays it to you. So you can already check that the contract correctly claims that “each coin is worth $1 at Starbucks”.
But still, anybody can write anything on the contract page, and claim to be Starbucks. That doesn’t mean they are. You need to be able to verify the authenticity of the contract, as coming from Starbucks the company.
Verifying that the contract was written – and signed – by the actual “Starbucks Corporation” registered in the US, is key here. If you have a coin, cryptographically bound to a contract saying “you can redeem every one of those coins for $1 at a Starbucks coffee shop”, and this contract is digitally signed by the legal “Starbucks Corporation” entity (which we are all familiar with), then you have an end-to-end Proof of Authenticity of your coin.
The solution is before our eyes
If we take a step back, and look at the Internet today, this problem already exists. When you go to www.overstock.com to buy some bed sheets online, you need to be able to verify the authenticity of the website as coming from “Overstock.com, Inc.”, the company. Someone (your ISP) could intercept the traffic, and replace the contents of the page, or they could intercept the payment page, and sniff your credit card number when you make a purchase. In other words, no communication on the Internet can be safe unless you are able to guarantee authenticity of the entity operating the server you are connecting to.
Well, if you try to log in to overstock.com, you will see this in your browser:
The green label means the server you are communicating with has been authenticated as “Overstock.com, Inc.”, the company incorporated in the US. Any communication you are doing while this green label is displayed is guaranteed to be only decryptable by “Overstock.com, Inc”. If you trust Overstock.com, Inc with your bed sheets, then you can safely trust this webpage.
Proof of Authenticity for a crypto-asset
The whole chain of authenticity can be guaranteed by cryptography, but only up to the last mile. The last mile is verifying the identity of an organization. Unfortunately, no amount of cryptography, Blockchain or smart contract will solve that problem. You need a real person (often with gray hair and glasses) to look at real paper documents, proving that person X asking for a certificate is the rightful representative of company Y.
Fortunately though, there are well established companies doing that for a living in many countries: VeriSign, GlobalSign, Go Daddy, Comodo… and they have a dedicated service of real persons with gray hair and glasses, who look at documents all day long to verify that person X is indeed representative of company Y, and can be issued a certificate to prove it cryptographically to their customers.
Sure, this is not perfect. As always, organizations with power can abuse it, but generally it works, and you already rely on it for everything you do online. You’re relying on one of those companies whenever you open your webmail, turn on your Xbox, make a phone call, or even download a piece of software from a website.
Announcing Proof of Authenticity within Coinprism
Coinprism is the first crypto-asset platform to offer end-to-end Proof of Authenticity. Let’s see how it looks.
Every asset for which end-to-end authenticity could not be verified will display with an orange warning sign:
If Coinprism is able to verify the end-to-end authenticity of an asset, it will have a green check mark, and the name of the verified issuer is shown in place of the Asset ID:
This is the equivalent of the padlock icon in your browser.
How do I make my asset verified?
First, let’s be clear that being verified is optional. If you want your asset to be private, and only be used within your circle of friends, you can just share the asset ID (which is cryptographically secure), and your friends can easily check the asset ID matches when they receive a coin. You don’t need a verified asset in that case.
A verified asset is useful if you want strangers to believe in the value of your asset. But again, it’s not a hard requirement either, the same way people can (sometimes) trust websites with anonymous people behind it.
But let’s say you really want to go all the way and prove your asset is trustworthy and has a real company behind it. All you need to do is host the metadata file for the asset on your own servers, and on an HTTPS URL.
Let’s see how that’s done step by step.
Make sure you have a website and an SSL certificate
Hopefully, if you are a trustworthy business, you should have a website of some kind (remember, this is 2014). The next step is to make sure you have an SSL certificate for your website. There are two types of SSL certificates:
- Domain validated: They are easy to get, but only validate your domain name. You can get those for free with StartSSL. This will mark you as a verified issuer, but the issuer will only show as your website domain name (like “www.appletartcoins.com”) on Coinprism.
- Organization validated: They are usually more expensive to get. The certificate authority will verify you are the owner of your company. Coinprism will then display the official name of your company as the issuer (like “Apple Tart Ltd.”).
Host the metadata file on your server
The next step is to host a metadata file on your server. The metadata file contains all the information and contract about your coin. It is a simple JSON file that looks like this:
"name": "Lemonade Stand Revenue Share",
"issuer": "The Little Lemonade Stand",
"description": "This token represents a share of ownership in the little lemonade stand in my street. Each token grants right to 1% of the monthly profits from my stand.",
"description_mime": "text/x-markdown; charset=UTF-8",
Simply host this file on you website under HTTPS (note: remember to set link_to_website to true). Let’s say it’s hosted at https://lemon.ad/LEMO.
Specify the metadata URL when issue your coins
The last step is to specify this when issuing your coin. It should look like this:
And this is it.
The URL you specify (https://lemon.ad/LEMO) will be embedded in the Blockchain, and associated to your colored coin. Wallets like Coinprism can then fetch that URL, examine the SSL certificate, and validate end-to-end authenticity.
Bonus question: Why it’s not centralized
There is a common misconception that the fact that metadata is hosted on a server causes centralization.
The value of any crypto-asset comes from the fact that the issuer is willing to redeem it according to the terms they stated. Every crypto-token on Coinprism, Counterparty, Mastercoin, NXT, etc… is therefore already centralized towards the issuer, and you implicitly trust the issuer when buy their coin. If that issuer is responsible for hosting the metadata, there is no additional degree of centralization.