The Numbers Protocol employs the Asset Tree Signature to ensure the integrity of on-chain asset tree data. Furthermore, it utilizes the Creator Signature, generated with the creator's Signature Wallet key, to strengthen the provenance and authenticity of the asset.
Asset Tree Signature Verification
The most simple way to retrieve on-chain commit data which includes Asset Tree and Asset Tree Signature is install the Nit CLI tool, initialize the Nit config following the repository's readme to use Numbers mainnet, and use the nit log <nid> command to list all commit data found on Numbers mainnet.
yarnglobaladd@numbersprotocol/nit# Run this if you don't have yarn global bin in your PATHecho'export PATH="$(yarn global bin):$PATH"'>>~/.bashrcsource~/.bashrcnitinit
Example nit log command:
$nitlogbafkreifsitvutdqggqt2i3ag32tvw6g67bweszkrdtbm44vebfxpqs55m419:30:20TotalCommitnumber:1blocknumber:387179tx:0x7ec4c829f6ebf104443b251356586fe5016b26268538bc4d81d61f128f192d80{"assetTreeCid":"bafkreigdpjluexw5ponbonhw5tnqltp3ijrbak2ouja5xjpoh23exj3hmm","assetTreeSha256":"c37a57425edd7b9a1734f6ecdb05cdfb4262102b4ea241dba5ee3eb64ba76763","assetTreeSignature":"0x62fc4e51d51cf5627bb096acc7a5ab404df2a70fea9bcf902d4959dbf69accf102c714c90a3262001aa552cd7d95d5299ecd954dda4aae010e0628a6131691471c","author":"0x114e5E0dce98180c98ADC62E9Ac6Ea7184417ecd","committer":"0x51130dB91B91377A24d6Ebeb2a5fC02748b53ce1","provider":"bafkreigrt5tepycewppysdwcjccdkdvvc2ztelqv64idgautq52g3vfh4i","action":"bafkreicptxn6f752c4pvb6gqwro7s7wb336idkzr6wmolkifj3aafhvwii","actionResult":"https://bafkreigdpjluexw5ponbonhw5tnqltp3ijrbak2ouja5xjpoh23exj3hmm.ipfs.dweb.link","abstract":"Asset was created by 0xB36BcD7ce1940814DB3cBBb228e8CD78D776748E.","timestampCreated":1717064256,"actionName":"action-initial-registration-jade"}
By using the committer, assetTreeSha256 and assetTreeSignature the identify of the committer could be verified by verifying the Asset Tree Signature is created by the committer's private key. Below is the minimal example code to perform the verification for Asset Tree Signature.
To verify Creator Signature, obtain the signed_metadata and signature following the steps in Query Assets section. The below example code demonstrate the verification steps.
import*as nit from"@numbersprotocol/nit";import { ethers } from"ethers";asyncfunctionverifySignature(signedMetadataJSON, signatureJSON) {constsignatureObject=JSON.parse(signatureJSON);constintegritySha=awaitnit.getIntegrityHash(ethers.toUtf8Bytes(signedMetadataJSON) );if (integritySha ===signatureObject.integritySha) {console.log("integritySha is correct!"); } else {console.log("integritySha is incorrect."); }constrecoveredAddress=awaitnit.verifyIntegrityHash(signatureObject.integritySha,signatureObject.signature );if (recoveredAddress ===signatureObject.publicKey) {console.log("Signature is valid!"); } else {console.log("Signature is invalid."); }}// Replace these value with your actual signed_metadata and signatureconstsignedMetadataJSON=`{ "asset_mime_type": "image/png", "caption": "", "created_at": 1701688997, "proof_hash": "01b0d72b491486379e9657eaf960e1ab114fbe6479a757fdaf2144dc9d654d58", "recorder": "Capture", "spec_version": "2.0.0"}`;constsignatureJSON= '{"proofHash":"01b0d72b491486379e9657eaf960e1ab114fbe6479a757fdaf2144dc9d654d58","provider":"ExampleCaptureSignatureProvider","signature":"0xa6615b4a6a563eaf89e000c6f7b46bcb3f4fabb90438cc44e46c9ff282e4ef857352735e051637f2737d7d30d8f8a3dd9d048b102413751ac06a96376042e3061b","publicKey":"0x114e5E0dce98180c98ADC62E9Ac6Ea7184417ecd","integritySha":"39c8352f98872ce41fc79c2446f2fa6903fa68f73d6b2cb99f843844e5e01291"}';
verifySignature(signedMetadataJSON, signatureJSON);