You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think a feature that will be broadly useful to business integration moving forward is the ability to prove ownership of a nano address (i.e. that you hold the private key). As an example use-case, my website (upst-art.net) currently has users send a small random amount after claiming ownership of an address. Upon receipt of that amount, we know they control the account and we credit all future deposits to the account and allow for convenient withdrawal to that account. I'm sure there are similar use-cases for a variety of businesses that might integrate nano. The network would benefit from being able to do this without using the public ledger.
The task should be fairly simple from the wallet side: just sign a message with your private key. But it would need to be a standardized feature across all wallets, so that a service implementing the proof requirement could expect every user to have the functionality available to them when asked.
I think it should be implemented as a nano: URI, similar to transactions, so that the user's operating system can automatically route the task to the appropriate software. It could then be scanned as a QR code or handled like any other nano interaction. The "challenge" would be presented like this:
nano:proof?challenge={random number}&url={optional web address to send the response to}
and the proof of ownership might be presented like this:
which is sent to the provided URL, or copied/paster into an input field. The challenge and salt are random numbers generated by each party for security (someone should check that this is safe from a cryptography standpoint) so that the proof is a one-time use for each party. Once received, the challenger knows that the responder holds the key
For the natrium wallet, the flow would look like: Send > scan QR > present confirmation screen. Except rather than sending any money, you are just providing proof of your ownership to whoever provided the QR code.
The text was updated successfully, but these errors were encountered:
I think a feature that will be broadly useful to business integration moving forward is the ability to prove ownership of a nano address (i.e. that you hold the private key). As an example use-case, my website (upst-art.net) currently has users send a small random amount after claiming ownership of an address. Upon receipt of that amount, we know they control the account and we credit all future deposits to the account and allow for convenient withdrawal to that account. I'm sure there are similar use-cases for a variety of businesses that might integrate nano. The network would benefit from being able to do this without using the public ledger.
The task should be fairly simple from the wallet side: just sign a message with your private key. But it would need to be a standardized feature across all wallets, so that a service implementing the proof requirement could expect every user to have the functionality available to them when asked.
I think it should be implemented as a nano: URI, similar to transactions, so that the user's operating system can automatically route the task to the appropriate software. It could then be scanned as a QR code or handled like any other nano interaction. The "challenge" would be presented like this:
nano:proof?challenge={random number}&url={optional web address to send the response to}and the proof of ownership might be presented like this:
nano:proof?address={nano_123...xyz}&salt={random number}&response={the signature}which is sent to the provided URL, or copied/paster into an input field. The challenge and salt are random numbers generated by each party for security (someone should check that this is safe from a cryptography standpoint) so that the proof is a one-time use for each party. Once received, the challenger knows that the responder holds the key
For the natrium wallet, the flow would look like: Send > scan QR > present confirmation screen. Except rather than sending any money, you are just providing proof of your ownership to whoever provided the QR code.
The text was updated successfully, but these errors were encountered: