You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One possible issue with this system is the ability of miners to front-run and steal names because the data is visible on chain.
In the Nomen protocol, the name are not fully published in the clear, they are hashed. However, it is possible for a motivated griefer to pre-hash many interesting names, wait for those named hashes to appear in the mempool, then attempt to steal them by mining a name a first.
Proposed Solution
We implement a two-phase on chain claim to a name: a CLAIM phase, and a REVEAL phase. In the claim phase, the name hash is salted with a random 32 byte value and hashed again. A new TRANSACTION TYPE is created, which is called a SHADOW CLAIM. It's like a normal claim, but the name hashe is salted (or "shadowed") as described above. This shadowing step prevents any would-be thieves from knowing your name before you claim it.
After that, in some future Bitcoin transaction, we include another new TRANSACTION TYPE called a SHADOW REVEAL, which includes the original, unsalted name hash and the salt value, allowing the indexer to complete the circle and assign ownership of the name (now considered claimed as of the reveal transaction).
The upside of this method is that a griefer cannot sit around sniping interesting names when someone attempts to claim them. They have to actively start stealing names in anticipation, paying the monetary costs of that. This turns it from a griefing issue into a squatting issue, which will be handled in a different proposal.
The downside of this is that it is no longer possible to know if someone claimed a name, but hasn't published their reveal yet. When claiming a shadow name, you have to take the risk of knowing that someone else may have already registered that name and just not revealed it yet. If they reveal it before you, then the name is theirs and your original claim transaction is now considered invalid. This is a trade off the user will have to make.
Of course, this is unfair of users of the original claim transaction type. With original claim transactions, you're able to search the blockchain for your name hash to see if someone else has claimed it first. This is why original names and shadow names should not occupy the same namespace. For example, the name ursuscamp registered under the original claim type will have just the name ursuscamp. But I can also choose to register ursuscamp under the shadow namespace, and it will be ursuscamp.shadow.
This may also have interesting marketing appeal!
The text was updated successfully, but these errors were encountered:
The Problem
One possible issue with this system is the ability of miners to front-run and steal names because the data is visible on chain.
In the Nomen protocol, the name are not fully published in the clear, they are hashed. However, it is possible for a motivated griefer to pre-hash many interesting names, wait for those named hashes to appear in the mempool, then attempt to steal them by mining a name a first.
Proposed Solution
We implement a two-phase on chain claim to a name: a
CLAIM
phase, and aREVEAL
phase. In the claim phase, the name hash is salted with a random 32 byte value and hashed again. A newTRANSACTION TYPE
is created, which is called aSHADOW CLAIM
. It's like a normal claim, but the name hashe is salted (or "shadowed") as described above. This shadowing step prevents any would-be thieves from knowing your name before you claim it.After that, in some future Bitcoin transaction, we include another new
TRANSACTION TYPE
called aSHADOW REVEAL
, which includes the original, unsalted name hash and the salt value, allowing the indexer to complete the circle and assign ownership of the name (now considered claimed as of the reveal transaction).The upside of this method is that a griefer cannot sit around sniping interesting names when someone attempts to claim them. They have to actively start stealing names in anticipation, paying the monetary costs of that. This turns it from a griefing issue into a squatting issue, which will be handled in a different proposal.
The downside of this is that it is no longer possible to know if someone claimed a name, but hasn't published their reveal yet. When claiming a shadow name, you have to take the risk of knowing that someone else may have already registered that name and just not revealed it yet. If they reveal it before you, then the name is theirs and your original claim transaction is now considered invalid. This is a trade off the user will have to make.
Of course, this is unfair of users of the original claim transaction type. With original claim transactions, you're able to search the blockchain for your name hash to see if someone else has claimed it first. This is why original names and shadow names should not occupy the same namespace. For example, the name
ursuscamp
registered under the original claim type will have just the nameursuscamp
. But I can also choose to registerursuscamp
under the shadow namespace, and it will beursuscamp.shadow
.This may also have interesting marketing appeal!
The text was updated successfully, but these errors were encountered: