Motivation
To enable a fully decentralized, stateless protocol where users can generate and authorize action codes directly from their wallets. This eliminates the need for trusted authorities while maintaining security through cryptographic proof of user intent.Specification
Each action code is generated through a deterministic process that requires the user to sign a protocol-specific message with their wallet. The action code is valid only if the signature can be verified against the user’s public key.Signature Verification Process
To validate an action code:- Extract the code, public key, and timestamp from the code metadata
- Reconstruct the signed message
- Verify the signature against the user’s public key
- Recompute the code hash using the same algorithm
- Compare the computed hash with the provided code
- Ensure the code is within its 2-minute time window
Time Window & TTL
- Time Window: 2-minute TTL from timestamp
- TTL: Exact 2-minute expiration (no drift tolerance)
- Validation: Codes are only valid within their 2-minute time window
Code Prefix Rules
- Case Insensitive: All prefixes are normalized to uppercase
- Alphanumeric Only: Only A-Z and 0-9 characters are allowed
- Length: 3-12 characters
- Reserved: DEFAULT is reserved for the protocol
Security Model
- User-Authorized: Every code requires the user’s wallet signature
- Deterministic: Same inputs always produce the same code
- Time-Bound: Codes expire exactly at their 2-minute boundary
- Stateless: No centralized issuance or authority required
- No Reuse: Each code is tied to a specific time slot
Implementation Notes
- Wallets generate codes locally using this algorithm
- Code validation follows the deterministic derivation process
- No trusted authorities or centralized code issuance required
- The system is fully decentralized and operates as a public good