NFT Forgery Prevention Using FIO

FIP-27: Explained

Published in

FIO Blog

9 min readJun 24, 2021

The FIO community has successfully launched FIP-27 which enables FIO Crypto Handles to be used as FIO NFT Signatures to verify proof of creation for cross-chain NFTs and secure the permanence of associated off-chain images and data. This update was pivotal in launching FIO NFT Signatures as an interoperable solution that verifies NFT authorship, prevents NFT forgery, protects the permanence of associated NFT artwork files, and protects both creators and consumers alike from the growing prevalence of scammers in the NFT space. This post will provide a lay person’s overview of this project.

Background

Non-Fungible Tokens (NFTs) can be created on a number of different blockchains. In many cases, the human value placed on an NFT is related to who was the creator of the data which is being associated with the NFT. A common example of this would be when an artist creates an NFT of an image of one of their works of art. If that artist is well known and famous then the NFT is likely to have more value than if the artist is unknown. Today, there is no way to know with certainty by looking at the data contained in an NFT who was the actual human creator. The result is growing NFT forgeries. Cases where a scammer creates an NFT and presents it as being created by a particular known artist. In some cases, the scammers take an image of an actual art piece from the artist, turn it into an NFT and then sell it as if they were the artist. (see a few articles on this: Coindesk, Artnet, TheVerge)

In addition, in many cases, when an NFT has significant associated content or data, such as an image, that data is not stored on the blockchain. Rather, the NFT contains a link to the data most frequently being a hyperlink on the world wide web. If the data (e.g., image) at the end of that hyperlink were to change or disappear there is no way to know or prove from the blockchain data what the actual image was that was associated and purchased with the NFT. Shocking, but true. That means the actual image or data associated with the NFT could be changed or deleted thereby destroying the value of the NFT.

Purpose

The goal of the FIO NFT Signatures FIP is to enable creators and buyers of NFTs on every blockchain to protect against forgeries — i.e. cases where the purported creator of the NFT is not the actual creator. In addition, FIP-27 protects the “permanence” of any data associated with an NFT via the Token URI (e.g. hyperlink) that is recorded in the NFT by providing a cryptographic way to prove what the image was associated with the NFT even if the data at the Token URI changes or disappears. And it achieves all of this in a decentralized self-sovereign manner.

How do FIO NFT Signatures Work?

Imagine if Leonardo da Vinci were still alive today. When Leonardo creates a painting he signs each one with his signature. That signature is one of the key ways to verify that the piece of art was actually created by Leonardo.

Now Leonardo wants to benefit by turning digital images of his art into unique NFTs that he can sell and where the buyer can cryptographically prove that they own a unique piece of digital artwork by Leonardo da Vinci.

Leonardo wants to prevent scammers from creating NFTs and claiming they were created by him. So, he starts by registering a FIO Crypto Handle. FIO Crypto Handles are unique, human-readable, cross-chain identifiers (e.g. leonardo@davinci) secured by the FIO Protocol blockchain as NFTs themselves. Think of them like your Twitter handle, or your Instagram username: unique to you, fully customizable, and a way to privately integrate your diverse set of public wallet addresses into one public, decentralized, Web3 username — no matter the chain.

Today, FIO Crypto Handles are primarily used as a way for users to send, receive, or request payment in any type of crypto without ever having to interact with complex public addresses. Think of this use case like sending, receiving, or requesting fiat on Venmo by entering the simple, unique username of your payer or payee.

FIO Crypto Handles are structured similarly to an email address, and are made up of two parts — a FIO Username, and a FIO Domain—that join together to form one Web3 identifier unique to you.

FIO Crypto Handles

Leonardo could choose to register his FIO Crypto Handle on the FIO Domain made available by his favorite FIO-enabled wallet or exchange (kind of like getting an email address on the @gmail domain, except with domains like @edge, @coinomi, @guarda, etc.). Or, since Leonardo is so famous, he could choose to register his own personal FIO Domain — like @davinici — to use his unique Web3 identifier as a way to further promote his brand and associated work.

FIP-27 enables Leonardo to map critical information about his created NFTs to his FIO Crypto Handle on the FIO Protocol blockchain. This is designed to ensure that only Leonardo can execute such a mapping to his FIO Crypto Handle: mapping and signature requires the verification of the FIO Private Keys associated with the FIO Crypto Handle, which only Leonardo would control (similar to the way we all control our own private keys as a way to prove and secure ownership of our crypto assets). NFT information that can be mapped to a FIO Crypto Handle — and therefore FIO NFT Signature — include NFT chain type (e.g., Ethereum, Binance Smart Chain, etc.), public address, Token ID, token URI (hyperlink), a cryptographic hash of the data (image) stored at the token URI, and — optionally — a link to his personal website (to generate branding and awareness of his work!).

By mapping this information to a FIO Crypto Handle he controls, Leonardo sets himself up for signing and securing his art with a FIO NFT Signature simply by telling the world how he is signing his art. For example, Leonardo could sign each of his NFT art pieces by creating a new FIO Username for each one on his custom pieces on the @davinci FIO Domain. For the Mona Lisa, he might register the FIO Crypto Handle — for use as a FIO NFT Signature — monalisa@davinici.

Then, Leonardo simply tells the world on his website, in his social media, wherever he speaks, etc. that all of his NFT art is signed by him with a FIO Crypto Handle using the verified and secure @davinci FIO Domain (which only he controls via his FIO Private Keys) and that each art piece will get its own username on that FIO Domain. As a result, anyone who is a Leonardo da Vinci fan will know exactly how to verify the authenticity of his artwork, because they will know exactly how he signs his NFT art.

Leonardo could also choose to use a FIO Crypto Handle on the FIO Domain of his favorite FIO-enabled wallet or exchange (like davinci@edge or davinci@uniqueone), which might be helpful if he’s devoutly committed to using a specific wallet or exchange for storing and sharing NFTs, or in the event he wants to collaborate with a given wallet or exchange to co-promote each other's work. So, let’s say Leonardo signs all of his original artwork as artwork-name@davinci, but wants to sign all collaborative pieces as davinci@wallet-name — without jeopardizing the authenticity or security of his FIO NFT Signature across his @davinci domain: FIP-27 will enable multiple NFTs (e.g. multiple FIO Crypto Handles) to be mapped to a single, master FIO Crypto Handle. Which means that Leonardo could map the artwork he signs with davinci@edge and/or davinci@uniqueone to an owned, verified, and consolidated username on the @davinci domain, like collaborations@davinci. This allows Leonardo to share, collaborate, and verify all of his NFT artwork interoperably by tying all pieces back — via secure and authentic proof of creation — to his more popularly known, verified, and promoted @davinci domain.

So, how then does a prospective NFT buyer verify the FIO NFT Signature associated with a specific NFT (and its contained artwork, images, and data) to ensure it is not a forgery? If the buyer is using an NFT exchange, this verification is built in: that exchange will be able to query the FIO API for any NFT listed on the exchange, and this query will verify the authenticity of the associated FIO NFT Signature: it will verify that the NFT seller’s Web3 identity and the artwork/images/data contained within the NFT for sale all correctly map to a verified FIO Crypto Handle on the FIO Protocol blockchain. Remember, only Davinci can map his NFTs and associated artwork/images/data to his FIO Crypto Handle, in the form of a FIO NFT Signature, through the use of his FIO Private Keys.

While a scammer could claim that an NFT image or piece of art associated with monalisa@davinci is their own — and subsequently offer it up for fraudulent sale — there is no way for that scammer to verify the mapping of that NFT to a FIO Crypto Handle, thus mitigating their ability to authentically sign with a FIO NFT Signature. In this attempted case of forgery, the FIO NFT Signature API query would report back that the NFT listed is *not* associated with the given FIO NFT Signature and is, therefore, a forgery.

NFT creators and enthusiasts alike are now able to authenticate NFT proof of creation directly in the integrated exchange by ensuring the presence of a verification icon; this verification icon will populate when the given FIO API query reports a valid FIO NFT Signature for the specific NFT being viewed. Additionally, proof of creation can be verified via FIO’s of our NFT Validator Tool, which provides a central location for users to verify the authenticity of FIO NFT Signatures across associated NFTs via a similar API query in a simple, user-friendly web interface.

What about that concept of NFT “permanence”?

If you bought the monalisa@davinci signed NFT and the image of the Mona Lisa at the NFT token URL got deleted or swapped out by a hacker, what would you do? Previously you’d be in a difficult situation with no way to cryptographically prove what you bought. But with the FIO NFT Signature, a cryptographic hash of the image you purchased is stored as part of the mapping. A “hash” is an algorithm that takes an arbitrary amount of data input, in this case, the data that makes up the Mona Lisa image, and produces a fixed-size output of enciphered text called a hash value. Only the exact input of the digital data that was exactly contained in the Mona Lisa image purchased will produce that exact hash value. So, while the hash doesn’t allow you to “recreate” the image, you can simply take a copy of the image you stored on your own hard drive and can absolutely prove that that image is the exact image that was associated with the NFT you purchased by Leonardo. So, even though that image is not located at the URL in the Mona Lisa NFT you own (and which the hacker in this example has changed or deleted), you can exactly prove what image was there before the hacker did their evil work. Then you can work to get the correct image restored at the URL contained in the NFT you purchased.

Summary

NFT Forgery Prevention and Permanence Protection are critical to the continued growth in the utilization of NFTs across the blockchain ecosystem.

FIO NFT Signatures (FIP-27) enable a robust solution to these challenges in a completely decentralized and self-sovereign manner. It accomplishes this by enhancing the data elements that can be mapped to a FIO Crypto Handle NFT to include data elements associated with NFTs on other blockchains.