Blockchain technology enables the mapping of currency in the digital world, and has resulted in the creation of a series of fungible cryptocurrencies, which has sparked a surge of cryptocurrency investment in recent years. The emergence of non-fungible tokens (NFT), on the other hand, allows us to envision the prospect of mapping the entire real world.
Apart from the currency, most objects in the real world are one-of-a-kind with distinct characteristics and values.. The characteristics of NFT can perfectly adapt to this circumstance and realize the tokenization of different objects in the digital world. By leveraging the qualities of blockchain to be tamper-proof, open and transparent, and traceable, NFT maps the real world into the digital world, and builds up the long-awaited Utopia – the Metaverse.
However, because of existing technical limitations, NFT has not been able to achieve the above-mentioned idea perfectly. Due to congested communications, limited scalability, high gas expenses, and other reasons, the metadata and media data of NFT are not entirely stored on the blockchain, but off the chain instead. Without the protection of blockchain technology, this component of the data is not completely safe and reliable, which implies that the current NFT has not yet achieved the same level of trustworthiness as Bitcoin does. But this flaw is masked by the enthusiasm for NFT and receives little attention.
According to data from coingecko, as of press time, the current market cap of the NFT market has totaled $22.97 billion, accounting for 1.2% of the global cryptocurrency market cap. It has a 24-hour trading volume of $3.25 billion and is still rising with a strong momentum. The security behind the huge number is, however, very fragile. Due to the uncertainty of off-chain storage, there have been missing cases for NFT from time to time. Once the corresponding metadata and media data become invalid, Certificate of ownership for NFT stored on the blockchain is just a worthless check without an acceptor. William Entriken, the author of ERC721, which is the most widely used NFT standard, once said: ” Your ownership of assets on a ledger is only as valid as your trust in the custodian who has physical control of the assets.”
As of now, NFT is still not secure. Unlike Bitcoin and other cryptocurrencies whose transaction information is completely stored on the blockchain, NFT has a different approach. While its transaction is also completed on the blockchain, its storage is often done off the blockchain – in the centralized server of the project, third-party cloud server, IPFS, or Metastorage and other NFT storage projects. This is due to the fact that the metadata involved is often complicated and that the media data requires a larger storage space. These intricate “Keepers” are all somewhat riskier than storage on the blockchain.
NFT storage has become the weakest link in the current NFT system, yet as a key infrastructure of the Metaverse, it is bound to play an important role in the new social ecosystem in the future. This article will explain the underlying architecture of NFT, summarize the status of NFT storage, and also delve into the opportunities and challenges faced by NFT storage.
NFT refers to “non-fungible token”, a type of token originally created through the Ethereum smart contracts. As a special digital asset, it is indivisible, tamper-proof, irreplaceable, and one-of-a-kind.
The concept of NFT is relative to FT, which stands for “fungible token”. Bitcoin is a typical example of fungible tokens – each Bitcoin is identical to one another and can be divided into smaller units. Each NFT, however, has a single unique identifier, which cannot be interchanged with any other one or split into smaller units.
NFT can empower creators in various fields with its unique attributes, providing a more convenient and reliable way to authenticate digital assets. With NFTs, creators can easily prove the existence and ownership of digital works in the form of pictures, videos, artworks, tickets, etc. In addition, creators can also earn royalties every time the NFTs are traded.
Blockchain. Blockchain is a technology was first known as a distributed ledger for Bitcoin. Blockchain is a distributed and tamper-proof database. In essence, it is a list of recorded data and information that is protected by encryption protocols. Blockchain provides a viable solution to the long-standing Byzantine Generals problem.
Smart contract. The smart contract accelerate the execution and verification process of digital protocols. Blockchain-based smart contracts use Turing complete scripting languages to build complex functions that are compatible with each other and are executed through consensus algorithms to ensure consistency. Smart contracts enable fair transactions that do not rely on third-party credit intermediaries, thus making cross-industry, cross-field, and cross-ecosystem value interactions possible.
**On-chain transaction. **On-chain transactions require blockchain addresses and instructions for the transactions. A blockchain address is composed of a fixed number of letters, numbers, and characters。It is a unique identifier for users to send and receive assets, much like a bank account and has a pair of corresponding public and private keys to verify the authenticity of the transaction.
**Data coding. **Through data coding, files can be compressed into an effective format to save storage. The authentication of the NFT assets is actually the authentication of the hash values signed by the creator of the NFT. Others may copy the metadata, but they cannot prove their ownership.
Fundamentally, the underlying logic of NFT is based on distributed ledger and relies on peer-to-peer networks for transaction. If the blockchain distributed ledger is regarded as a special type of database, then it is the place where NFTs are stored – the actual storage of NFTs is more complicated though. Assuming that this database is secure, consistent, integral, and accessible, the entire NFT closed-loop ecosystem mainly includes the following scenarios.
NFT is essentially a type of dApp, that is, a decentralized application. It inherits various qualities from the underlying public ledger, which can be summarized as follows:
The NFT system is a technology that integrates blockchain, storage and network applications. Its security faces challenges as each component may become a security weakness and expose the entire system to attacks. This article uses the STRIDE method for threat modeling, assessing the potential risks of the NFT system from the aspects of Spooling, Tampering, Repudiation, Information disclosure, Denial of service (Dos) and Elevation of privilege.
With its unique attributes, NFT has brought about changes to certain extent to many areas, including Metaverse, digital artworks, collectibles, games, DeFi, public utilities and sports. This article summarizes the NFT products with the highest market cap in each category as the target group for studying the status of NFT storage.
Decentraland
Decentraland is a virtual reality platform based on Ethereum. Users can create contents and dApps and monetize them. The contents created can be provided to other users for interaction. The land in Decentraland is marked using the Cartesian coordinate system, of which the community has permanent ownership, and the creators can have full control over their works.
Decentraland stores the ownership of digital assets and other tradable information on the Ethereum blockchain, while other information that requires real-time interaction, such as scene status and user locations, are stored on the users’ computers or the scene owners’ private servers. Developers need to choose what information is worth storing on the blockchain because it entails a higher cost.
The Sandbox
The Sandbox is a community-driven UGC platform where users can obtain ownership of digital land and creative contents. Their works can be traded freely and turned into components of this user-generated Metaverse. All elements in the Metaverse are self-driven by the community.
SAND, the token on the Sandbox, is an ERC-20 token, while the authentication and transactions of digital assets on the platform follow the ERC-1155 and ERC-721 standards. This information is stored on the Ethereum blockchain. The actual media data of digital assets, on the other hand, is stored on IPFS and leverages Amazon’s S3 cloud service to support the front end of the web page. The digital assets that are yet to be minted will be stored on the S3 cloud server, and it requires decentralized storage solutions to further protect the data privacy.
CryptoVoxels
CryptoVoxels is a Metaverse based on Ethereum. Users can build, develop and sell digital assets on the street, and their ownership will be permanently recorded on the blockchain. The style is similar to Minecraft, where users can use customized pixel blocks to build their own land. The platform also provides users with the system’s native COLR tokens to color the land. At present, CryptoVoxels stores the media information corresponding to the digital works created by users on the land in the company-operated server. It has stated on social media that it will consider transferring the data to a decentralized storage system.
CryptoPunks is a suite of pixel style avatar with different characteristics, with a total of 10,000 in number. These characters were claimed for free through the Ethereum wallet at the very beginning, and now need to be purchased through a second-hand trading platform. Initially, in order to save gas expenses, CryptoPunks aggregated 10,000 characters into a picture, and stored the hash value of this picture in a smart contract on the blockchain, but did not disclose the storage location of its original media data. As NFT storage risks get more attention, CryptoPunks spent 75M gas fees to store all avatars on the Ethereum blockchain.
Bored Ape Yacht Club is a total of 10,000 ape avatars with distinct features. All of the avatars have been minted and are available for purchase on the second-hand trading platform. BAYC announced on its official website the TokenID, SHA-256 hash value and IPFS hash of each avatar. It has also backed up the media data of each avatar in a decentralized storage system and released the back-up information.
NBA Top Shot is a collection platform for NBA fans to collect and trade various highlighted moments in NBA history. These highlighted moments are minted into NFTs through Flow, a public blockchain that was also developed by the same development team Dapper Labs, and can be traded freely. Some descriptive data information of NFTs is stored on the blockchain, and the video stream data corresponding to each NFT is stored in the centralized data center off the blockchain.
Gods Unchained is an Ethereum-based NFT card game similar to Hearthstone. Players can form their own decks to play under different game modes such as Ranked Constructed and Arena Adventure. Cards can be freely traded in the market and are owned by the players. At present, the ownership of the NFT in the game is stored on the blockchain, while the metadata and media data of the NFT cards are stored on the company’s server and integrated with the smart contracts for use through an API interface.
Axie Infinity is a pet-raising game similar to “Pokemon Go” based on Ronin, a sidechain of Ethereum. Players can collect, train, raise, and own the imaginary Axie pets in the form of NFTs. The project stores the ownership information of each Axie and its unique genetic data on the blockchain while keeping the media data on the central server off the blockchain in order to meet the requirement of low latency.
MyCryptoHeroes is an Ethereum-based RPG game set in a fictitious world. Players can collect heroes in the form of NFT and form their own hero team to fight. The metadata of the NFT involved in the project is stored on the blockchain, and the media data is stored on the server managed by the company.
Opensea is the earliest and currently largest NFT trading platform, occupying more than 90% of the trading market. Initially, Opensea also used a centralized server to store NFT metadata and media data. With the spike of value of a single NFT and affected by the data losses from time to time, Opensea now also provides decentralized storage options for users. Currently, creators can choose to use IPFS to decentralize NFT metadata and media data, but they need to pay for it.
Rarible is currently the second largest NFT trading platform, supporting both ERC-721 and ERC1155 protocols. The project stores the metadata and media data of the NFTs minted by the creator at the backend of the website, which is a centralized server. They can be called on the blockchain by new buyers when needed.
SuperRare is an online art gallery that can be used for trading as well. It has also issued its own trading token RARE. The NFTs auctioned by SuperRare did not show very detailed technical information to users, such as smart contracts, tokenID, metadata, etc. This may be the reason why the market share of the platform has been low. According to our research, SuperRare uses IPFS for metadata and media data storage.
At present, the blockchains used by NFT mainly includes public blockchains such as Ethereum, Flow, and BSC, and sidechains such as Polygon and Ronin.
Due to the high gas fees and congested communication on the blockchain, most NFT projects choose to store only NFT ownership data on the blockchain to ensure that the ownership is tamper-proof, traceable, and cannot be repudiated. The transaction does not require a centralized credit agency as an intermediary and can be completed directly on the blockchain through smart contracts. This approach widens the circulation of NFT. It also uses a credit intermediary that is not controlled by any third party.
The media data representing the actual form of the NFT is stored off-chain, and in some cases, some more complex metadata information, too. Separating them from the ownership storage system casts shadow on the ownership that is stringently protected by the blockchain technology.
The mainstream off-chain storage methods currently used by NFT are: centralized, centralized verifiable, decentralized, and decentralized repairable, etc.
Generally speaking, Metaverse refers to a virtual world built with a series of technologies including the Internet and VR. This concept was born decades ago but was never realized. With the rapid development of blockchain, Metaverse sees the prospects to become a reality – blockchain provides an ideal decentralized environment for Metaverse and the emergence of NFT also offers a feasible way to authenticate digital assets. Restricted by the current blockchain technology, the actual content of NFT needs a storage method that matches the ownership storage. Pushed by the demand, the booming of the technology is well expected to break through the security bottleneck for decentralized storage for NFT, and a broader market space for the decentralized cloud industry that focuses on addressing the NFT storage issues is right ahead.
In this virtual reality driven by blockchain, participants can have a very broad and rich space for imagination, such as enjoying games, displaying self-made artworks, owning and trading virtual property, etc. Users can even profit from the unique virtual economic system. They can purchase land controlled by a decentralized organization, build on it freely in the form of NFT, rent the building to others for return, or raise and breed rare pets and sell them for money.
The Metaverse ecosystem covers all the projects in the Metaverse discussed in the previous section, most of which are still in their early stages. Blockchain is usually used to record and ensure the ownership of users’ digital assets, and the media data corresponding to the ownership is mostly still stored in centralized servers or IPFS and has not been given the same level of protection as the ownership. This casts certain risks on the integrity of digital assets. Without a complete and reliable closed loop for storage, the use of blockchain technology to protect ownership will also lose its meaning.
The recent booming of P2E games have drawn widespread attention from both players and the capital market. With Axie Infinity overtaking NBA Top Shot to become the NFT project with the highest market cap, it is believed that NFT has great potential in the gaming industry. Some of the existing crypto games are CrytpoKitties, Cryptocats, CryptoPunks, Meebits, Axie Infinity, Gods Unchanged, and TradeStars. One fascinating feature of this type of game is the “reproduction” mechanism. Users can raise pets themselves and spend a lot of time breeding new offspring. They can also buy limited edition/rare edition virtual pets and then sell them at high prices. Due to the characteristics of value circulation of P2E games, the current storage methods cannot meet their high security requirements. Decentralized cloud storage systems such as Memo are therefore better suited for NFT high-value storage.
The additional rewards have attracted many investors to join the game, which makes NFT even more important. Another exciting function of NFT is that it provides ownership records of items in the game. Players can have their own personal game items, which promotes economic identification in the ecosystem and brings benefits to both developers and players. Players and game developers as NFT publishers can earn copyright royalties every time the NFT is sold on the open market, sending funds back to the ecosystem and forming a virtuous cycle.
The reliability of NFT storage will determine the growth ceiling of the P2E gaming industry. When the industry develops to a certain level, the hidden dangers in the NFT storage will eventually receive more and more attention, and various game projects will have to make investments in improving NFT storage to lower the risks.
The existence of NFT creates a mutually beneficial business model – while players and developers make profits on the second-hand NFT market, the blockchain community has also largely expanded the coverage of NFT to include various types of digital assets and prosperous virtual economic activities. Traditional online economic activities rely on centralized companies that offer trust and technologies. Although blockchain has already developed several financing channels, such as ICO, IFO and IEO, the use cases are still very limited. NFT has greatly expanded the additional properties of blockchain, such as uniqueness, ownership, and liquidity. With the help of NFT, blockchain has rapidly expanded its scope of application. This allows everyone to be linked to a specific event, just like in our real life. The storage method of NFT plays a pivotal part in realizing this vision. While FT (Fungible Token) can be stored on the blockchain due to the smaller amount of data volume, NFT requires an equally reliable storage method.
Let’s take buying tickets – a common economic activity, as an example. When buying tickets in the conventional market, consumers must trust the third party that provides the service. Therefore, consumers are at risk of being deceived or purchasing invalid tickets. These tickets may be fake, forged, or can be cancelled. In extreme cases, the same ticket may be sold multiple times, or non-transferrable tickets are traded in the market.
NFT-based tickets issued by the blockchain can prove the right to join any sports or cultural activities. NFT benefits from the fact that problems such as double spending, tampering and forgery have already been solved on blockchain in the FT stage. The uniqueness of the distributed ledger gives NFT tickets a clear advantage over traditional tickets. An NFT-based ticket is unique and cannot be tampered, which means that the ticket holder cannot resell the ticket after it has been sold. NFT, a blockchain-based smart contract, provides a transparent ticket trading platform for consumers, event organizers and other stakeholders. Consumers can buy and sell NFT tickets through smart contracts without relying on any third party.
It is equally important to store the corresponding media data of the NFT. High-value transactions must be protected by infrastructure with greater security. With the growing diversification and complexity of NFT forms, the NFT storage industry will also grow in parallel with the development of projects in the NFT ecosystem.
Digital collectibles cover a variety of categories – trading cards, wine, digital images, videos, virtual real estates, domain names, diamonds, cryptocurrency stamps, intellectual property and other physical objects. Let’s take the art industry as an example. To start with, artists who are following traditional approaches have very few channels to display their works. Access to traditional channels requires capital and network, as well as a lot of energy. Due to lack of attention, the prices cannot reflect the true value of the artworks. Even when the works are published on social networks, they will be charged by platforms and advertisers for intermediary fees and advertising fees.
NFTs can convert their works into a digital format with comprehensive benefits. Artists do not have to hand over ownership and content to agents, which implies the possibility of higher profits. Typical examples include Mad Dog Jones’ REPLICATOR sold for $4.1 million, Grimes’s works sold for a total of about $6 million, and other crypto works from other great digital artists, such as the well-known Beeple and Trevor Jones. NFT has done a good job in protecting the property rights whereas the corresponding contents such as metadata and media data are not yet well protected by secure and reliable storage protocols – this is something Memo and other decentralized storage systems have a high hope to solve.
In addition, artists cannot obtain copyright royalties from the future sales of their works under the traditional model. In contrast, NFTs can be programmed so that the artist will receive a predetermined royalty fee each time his digital work is traded in the market. This is an effective way to manage and protect digital masterpieces. On top of that, some platforms, such as Mintbase and Mintable, have even established tools to support ordinary people to easily create their own NFT works.
The media data of the digital collectibles is actually the NFT itself. The NFT would be meaningless if the ownership and royalty rights of the work lose their value. Traditional collection activities often come with higher storage costs. Collection in the digital age obviously requires better storage solutions.
In order to realize the development of the above-mentioned NFT storage applications, a series of obstacles must be removed, just like any other new technologies. This article discusses some typical challenges faced by NFT such as system-related issues caused by the Bitcoin-based platforms and human factors such as regulatory, policy-wise and social impact, from the perspectives of availability, security, regulation, and scalability.
Availability refers to the process of measuring the effectiveness, efficiency and satisfaction of users when testing a specific product. Most NFT projects are built on Ethereum. Therefore, it is rather evident that the main shortcomings of Ethereum have been inherited. We will discuss three main challenges that have a direct impact on the user experience.
5.2 Storage Security and Privacy
Data from users is the top priority of any system. For the data that is stored off-chain while associated with the tags on the blockchain, there are risks of losing contact between the two or being abused by malicious parties.
Inaccessibility of NFT DataIn mainstream NFT projects, most of the encrypted hash values are used as identifiers instead of real media data. They are then recorded on the blockchain to lower of consumption of gas. However, the possibility of losing or damaging the original files makes users feel insecure about NFT. Some NFT projects have begun to cooperate with specialized file storage systems, such as IPFS, which allows users to address contents through hash values. As long as there is someone on the IPFS network taking care of it, users can always obtain the corresponding contents that matches the hash value. Nevertheless, such a system still has inevitable flaws. When users upload NFT metadata and media data to IPFS nodes, there is no guarantee that their data will be replicated in all nodes. The data is stored on IPFS, and there may be only one node hosting the contents, with no back-up on any other node. If the only node storing it is disconnected from the network, the data may become unavailable. DECRYPT.IO and CHECKMYNFT.COM have reported this problem, and Memo is also trying to use the self-developed MEFS system to make up for this defect in IPFS.
In addition, an NFT may also point to the wrong file address. If this is the case, the user cannot prove that he actually owns the NFT. All in all, relying on an external system as the core component of the NFT system will always be vulnerable.
Anonymity/PrivacyMost NFT transactions rely on their underlying Ethereum platforms, which only provides pseudo-anonymity rather than strict anonymity or privacy. Users can partially hide their identities. If the connection between the real identity and the corresponding address is known to the public, all activities of the user under the compromised address can be observed. The existing privacy protection solutions, such as homomorphic encryption, zero-knowledge proofs, ring signatures, and multi-party calculations, have not been applied to NFT-related solutions on a large scale due to their complex encryption primitives and security assumptions.
Similar to other types of blockchain-based systems, reducing expensive computing costs has become the key to protecting the security and privacy of NFT data.
Similar to most cryptocurrencies, NFTs also face obstacles such as strict regulation from the regulatory authorities. Meanwhile, how to properly regulate this new technology in the corresponding market is also a challenge. This article tackles this topic from two typical aspects.
Legal AspectThe legal and policy issues faced by NFTs cover a wide range of areas. Potentially relevant areas include commodities, cross-border transactions, KYC (Know Your Customer) data, and so on. Before entering the NFT field, it is very important to have a proper understanding of the relevant regulatory review and litigation. In some countries, the legal requirements for cryptocurrency are very strict, and the same is true for NFT sales. Regulatory difficulties are something one cannot circumvent when minting, trading, selling, or buying NFTs. Legally speaking, users can only trade derivatives such as stocks and NFTs on authorized exchanges. Some other countries, such as Malta and France, are trying to implement appropriate laws to regulate the service of digital assets. They require buyers to follow complex and even contradictory terms. Therefore, conducting due diligence becomes a mandatory step before investing in NFT assets.
Taxable property. Products related to intellectual property, including art, books, domain names, etc., are considered taxable property under the current legal framework. However, NFT sales are not yet included. Although a few countries, such as the United States, levies cryptocurrencies as property, most regions in the world have not yet considered the taxation of crypto assets. This may greatly increase the number of financial crimes under the cover of NFT transactions to avoid taxation by the corresponding regional governments. Individual participants are taxed based on any capital gains related to NFT property. In addition, transactions such as NFT-for-NFT, NFT-for-IP, and Eth-for-NFT should all be taxed. Apart from this, higher tax rates should be applied to high-margin property or collectibles. It is therefore recommended that NFT-related industries seek more advice from professional tax departments after the profound changes.
The scalability of the NFT solutions covers two aspects. The first is to emphasize whether a system can interact with other ecosystems; the second point is whether the NFT system can be updated when the current version is abandoned.
NFT InteroperabilityThe existing NFT ecosystems are isolated from each other. Once users choose a type of product, they can only trade them within the same ecosystem – this is restricted by the underlying blockchain platform. At present, if someone wants to make transactions across different ecosystems, he needs to do this through a third-party transaction platform similar to Opensea. Breaking away from the trust institution of the original blockchain platform will increase the cost of trust. Interoperability and cross-chain communication have always been a barrier for the widespread promotion of dApps, and cross-chain communication can only be achieved with the help of external trust parties. In this way, the quality of decentralization will inevitably be undermined to some extent.
Fortunately, most NFT-related projects use Ethereum as their underlying platform. This means that they share a similar data structure and can make exchanges under the same rules. Differnet NFT projects have differnet storage methods. How to build a unified risk structure while maintaining decentralization is an important topic for future.
Updatable NFTs
Transitional blockchains generally update their protocols through soft forks and hard forks, which illustrates the difficulties and trade-offs in updating existing blockchains. Despite being a generic model, the new blockchains still have strict requirements, such as tolerating specific confrontational behaviors and staying online during the update process. NFT programs rely heavily on the underlying platforms and have to keep consistent with them. Although the data is usually stored in separate components (such as IPFS and MEFS file systems), the most important logic and tokeId are still recorded on the blockchain, and it will be necessary to update the system appropriately.