In today’s digital world, it’s a given that people purchase, sell, consume, and use a tremendous amount of digital assets. Flight tickets, software licenses, game items, vouchers, discount codes, memberships, subscription packages and stocks, to name a few, are all digital assets or rights we are quite familiar with. Unlike physical assets, however, one of the main reasons why digital assets have been restricted in their resale was due to the digital nature of these assets: it is impossible to distinguish an original asset from its fake copy and it is impossible to prevent double-spend frauds that occur during peer-to-peer transactions. So far, there has been no real solution for preventing such frauds and this naturally caused digital asset issuers to also take full control of the distribution system.

Market Inefficiency Problems

From the market mechanics point of view, the fact that the issuer takes full control of the digital rights sold to its customers causes a deadweight loss. Let’s go through an example:

Bob bought an annual pass for an amusement park. The annual pass is more economic than buying daily passes because he is a frequent visitor. After six months, he has to move to another city so he won’t use the pass anymore. He has no other choice than to waste the remaining six month period because reimbursement is not allowed. On the other hand, Alice wants to buy a six-month pass, but the theme park only sells daily, weekly and annual passes.

The demand side of the market faces problems. In the real world, as neither Bob nor Alice is happy with current offers, Bob would go to either Craigslist or eBay and try to sell his under-used pass while Alice would also go to these secondary marketplaces to find better options. Of course, they both would have to keep their fingers crossed hoping their counterpart is not a scammer.

The supplier also faces problems: a loyal customer is not completely satisfied with his under-utilized annual pass, and a potential client is not making the purchase decision because the available offers are not good enough for her. To remediate them, the amusement park could start selling six-month passes, provide reimbursement rights with respective fees, or simply choose to ignore both Bob’s and Alice’s needs if they see no substantial benefits for trying to solve the problem.

Proof of Ownership

In this post, we would like to propose a solution for such market inefficiency problems with the Proof of Ownership protocol implemented in CodeChain, an open source blockchain engine that supports consensus algorithms pluggability and can be used to build both private and public networks.

Through the proof of ownership protocol, both the prover and the verifier can check the ownership of an asset at zero cost. This prevents fraudulent listings on secondary markets, allowing safer peer-to-peer transactions. Alice can check whether Bob actually owns the pass before making the decision to purchase. In addition, Bob is guaranteed with an instant payment (a benefit enabled by blockchain) as long as he proves he is the actual owner. The theme park can also indirectly benefit as Alice, the new client, can make further purchases (food, souvenirs, etc) every time she visits the park. They only need to verify the ownership of the annual pass holder, be it Bob or Alice, at the entrance.

Implementation

So how can Bob prove that he, the prover, actually owns the asset he claims to own?

In CodeChain, an asset is locked by the lock script. The prover can prove the ownership of an asset by creating a transaction that unlocks the given asset and transfers it to another address. Bob hands the transaction off to the verifier, Alice, who then checks the ownership of the asset by sending the transaction to the network and by seeing if the transaction successfully transfers the asset.

This approach is simple but has a cost for both the prover and the verifier. The prover has to change the address of the asset while proving the ownership of the asset. The verifier must pay for the transaction fee because she needs to check if the transaction succeeds on the chain.

You might ask what if the verifier executes the transaction locally without propagating the transaction to the network? In this scheme, the asset address is not changed and no transaction fee is paid. It looks much nicer on the surface, but there is a problem. Because the transaction is no longer executed on-chain, the same transaction can be used multiple times to prove the ownership. In other words, it is susceptible to a replay attack. Anyone who once got the transaction can pretend she is the owner of the asset by simply relaying the transaction to the verifier.

Can’t we avoid the cost? We invented a scheme that works off-chain and is resistant to the replay attack. Before delving into the details of the scheme, let’s discuss what it means to prove the ownership of an asset. In CodeChain, most assets are locked by the P2PKH (Pay To Public Key Hash) script. Therefore, you can prove the ownership of an asset by proving that you own the secret key used to lock the asset you claim to own.

Our proof-of-ownership scheme works as follows:

  1. Verifier: Generates a nonce and encrypts the nonce and the callback URL with the prover’s public key.
  2. Prover: Decrypts the data received from the verifier with the prover’s private key and sends the nonce back to the verifier via the callback URL.
  3. Verifier: Checks if the nonce received via the callback URL matches the nonce generated in the first phase.

The data sent by the verifier is encrypted with the prover’s public key. So only the prover can decrypt the data with its private key. The prover proves the ownership of the asset by proving that she owns the secret key matching the public key used to lock the asset. If the verifier gets the correct nonce from the prover, it implies that the prover actually owns the asset.

This scheme prevents the relay attack by including the callback URL in the data. Because the prover sends the nonce via the callback URL, it is not possible for a middleman to relay data from the verifier and get the nonce from the prover.

For more details, please refer to our proof-of-ownership demo.

https://github.com/CodeChain-io/proof-of-ownership-demo

 

Conclusion

As mentioned at the beginning of the post, time lock-up subscriptions, membership coupons, achievement badges that act as passes to certain privileges, discount codes, digital vouchers, flight tickets, game packages and stocks are all digital assets whose owners have suffered from market inefficiency problems at some point in their lives. Blockchains and the proof of ownership protocol are a solution to these issues. Our proposed proof of ownership scheme is not confined to CodeChain, as it is a protocol that any service can implement and use. Other Hyperledger projects can adopt the idea and develop useful blockchain applications on top of it.