FileMarket Mainnet Alpha Test is now live!

We are proud to share fantastic results of the previous phase of the Alpha Testnet campaign. During this stage, users will need to mint EFT on FVM Mainnet.

Recently, there has been a big announcement in the Filecoin Ecosystem. FWS (Filecoin Web Services) is a set of compute and storage technologies built on top of the Filecoin Network. The components provided by Filecoin Web Services are designed to be scalable, flexible, and secure, making the offering suitable for a wide range of use cases.

The Engineering team within the Filecoin ecosystem has reached a significant milestone in the Filecoin Web Services project. This platform leverages the potential of Filecoin, the world’s largest decentralized storage network.

This announcement represents a crucial step towards offering a practical cloud alternative for developers around the world. If you are an individual or an organization with meaningful public data sets you may participate in data onboarding program with hosted free storage.

Our event aims to support the FWS launch, allowing everyone to experience the simplicity of uploading data to Filecoin’s hosted decentralized storage in the form of EFT. This event will run from Tuesday May 4, to Friday June 4, 22:00 (GMT + 3).

Gas expenses will be covered by FileMarket Foundation. Please fill out this form before the 15th of May 12:00 (GMT + 3) to get FIL airdropped and complete all tasks bellow. The limit for FIL gas airdrop is 7000 addresses. If you would like to be a part of the journey of FileMarket, here is a checklist of things to do:

1. Get FilFam and FILearner role in Discord by completing tasks at guild.xyz

2. Get File’n’thropist role in Discord by gaining lvl3 in Zealy.io

3. Fill this form before 15th May to get FIL from the faucet

4. Connect your wallet to Filecoin Mainnet

5. Mint new collection

6. Mint your own NFT with hidden content, using Encrypted File Token Technology on Filecoin Storage. Upload any file that will be encrypted and hidden by EFT©.

7. List your EFT.

At FileMarket, we are committed to providing the best EFT experience to Filecoin community. This event is also designed to battle test our smart contracts before the launch of “Filebunnies” — the First EFT collection on Filecoin.

Filebunnies collection can be your key access point of exploring Filecoin Ecosystem and Filecoin Virtual Machine. Owning the FileBunny will later give Airdrop of FileMarket token. Snapshots of active addresses are taken monthly. Please see the rarity table to know more details about the future distribution:

All users completed this FileMarket Mainnet Alpha Test (File’n’thropist, FILearner, or FilFam Discord role + FIL gas form completed + Mainnet activity) will be eligible for the the freemint of Filebunnies EFTs and bonuses from partners of this cross-promo event.

WAGMI, always!

While starting FileMarket— a multifaceted platform that serves as a NFT2.0 storefront builder, cutting-edge marketplace, and a protocol for tokenizing, storing, and swapping files. At one point, we thought that it would be nice to have some private content linked to NFT to solve Ctrl+c — Ctrl+v problem. We’ve done some research and realized that there are no such technologies to have private content and the ability to transfer it while remaining hidden from the world. After that, we decided to design and implement a protocol for private NFT using encryption.

This article will describe our path to the solution and include many technical details, so one reading this article should be familiar with basic encryption concepts like symmetric and asymmetric encryption, NFT standards like ERC721 and ERC1155, and the Solidity language because there will be a lot of code!

The entire code of the FileMarket project is open source, it can be found in our Github organization. A demo version of our platform is also already available.

Basic concept

Our main goal was to make the protocol completely decentralized, which leads us to the file immutability requirement because with re-encryption file contents can be changed after minting. So, we decided to encrypt the file with any symmetric encryption and store the result. Thus, the transfer process will consist of symmetric encryption key transfer.

Of course, we can’t transfer the key in a direct way, so it also must be encrypted. We thought that asymmetric encryption suits us the best as the receiver will have his private key hidden and the sender will be able to encrypt the symmetric encryption key with the only public key of the receiver.

So, our first basic concept looks like this:

Fraud verifying

The case of confirmation of the transfer by the receiver does not require additional attention, but the case of rejection implies that something is wrong with the file. There are a few possible options:

1. The encrypted file key is not valid (for example, an empty string or decrypted data is not a valid key).

2. The encrypted key is valid, but the result of the decryption is not the same file that was originally encrypted. To verify this fact, the file is concatenated with its hash during encryption.

If none of these conditions are met, but the receiver declined the transfer, then this is fraud on the part of the receiver because he gained access to the encrypted file but did not accept the transfer, and this transfer could be part of some kind of transaction like the sale of NFTs.

Hence, the protocol should provide for the resolution of disputes in case of rejection of the transfer. That is, some trusted third party is needed to carry out the verification in this case. Schematically it looks like this:

Decentralized fraud verifying

Our next problem is to make the trusted third-party decentralized. To do this, the implementation technology must have the following properties:

1. Have access to the data storage;

2. Be able to perform encryption and decryption operations;

3. With its help, the implementation of NFT must be possible.

Filecoin has all these properties:

1. From FVM actors there is access to the Filecoin data storage;

2. The implementation language of FVM actors — Rust makes it convenient to use encryption protocols. Using Solidity to implement encryption is difficult and inefficient — such operations will have a high cost in gas and a long execution time due to a large number of operations with the memory (you can read more about this issue in one of my previous articles);

3. FEVM allows us to use Solidity implementations of NFT standards like ERC721 or ERC1155, while all encryption work will be done with FVM actors.

With Filecoin, our protocol looks like this:

Development process

Initially, we decided to divide the development into two parts:

1. FVM actors for working with files and encryption;

2. FEVM Solidity NFT smart contracts.

We entered the FVM Early Builders program and participated in the FEVM hackathon (unfortunately, we did not make it to the final). At the time of the start of development (August 2022), FVM was not yet fully completed, so we decided that we should implement Solidity smart contracts that we will deploy in Polygon and a Rust server that would listen to the blockchain and wait for fraud reports, after which it would conduct decryption attempt. This Rust server will be able to call the smart contract methods responsible for resolving disputes. The choice of the Rust language here is not accidental, it is needed in order to make it easier for us to convert this server into a FVM actor in the future.

So, the Polygon version with the Rust server looks like this:

And we decided to pack Solidity smart contracts into a standard and define them as interfaces. We named this standard Encrypted File Token or EFT. Next, we will consider the standard in more detail.

Encrypted File Token Standard

So, the main requirements for our standard:

1. It must implement the token transfer pipeline.

2. It must be possible to use an FVM actor for fraud verification when the result of the check is obtained in a single call and use a plain EVM smart contract (managed by a Rust server) as a source of dispute resolution.

3. It must be possible to trigger some events when a transfer is canceled or completed. This is necessary to create other high-level applications that interact with the EFT standard, since passing an EFT cannot be an atomic operation.

To fulfill these requirements, we define 3 interfaces:

1. IEncryptedFileToken — main standard for Encrypted NFT.

2. IFraudDecider — interface for fraud decider contract. It’s required to make this interface for the possibility of using FVM-actor and EVM contract (for Polygon version of our system), which will be called from the Rust server.

3. IEncryptedFileTokenCallbackReceiver — interface for contracts to implement for the ability to make some actions on transfer cancellation of finish.

Let’s start with IEncryptedFileTokenCallbackReceiver as it is the simplest standard.

pragma solidity ^0.8.0;

/// @dev Interface for third party to receive transfer updates from token contract instances
interface IEncryptedFileTokenCallbackReceiver {
    /// @dev This function MUST be called if transfer is cancelled
    /// @param tokenId Id of token for which transfer was cancelled
    function transferCancelled(uint256 tokenId) external;

    /// @dev This function MUST be called if transfer is finished successfully
    /// @param tokenId Id of token for which transfer was finished
    function transferFinished(uint256 tokenId) external;

    /// @dev This function MUST be called if transfer is finished with fraud report
    /// @param tokenId Id of token for which transfer was finished
    /// @param approved indicates if there was really fact of the fraud
    function transferFraudDetected(uint256 tokenId, bool approved) external;
}

The IFraudDecider interface is defined so that EFT instances can interact with both the FVM actor and to interact with the Polygon smart contract managed by our backend. To do this, the fraud check function returns two boolean values ​​ — the first determines whether a decision was made, and the second takes the value true if there is indeed a fraud act.

pragma solidity ^0.8.0;

interface IFraudDecider {
    /// @dev Decide if there was a fact of fraud
    function decide(
        uint256 tokenId,
        string calldata cid,
        bytes calldata publicKey,
        bytes calldata privateKey,
        bytes calldata encryptedPassword
    ) external returns (bool, bool);
}

And finally, the token standard itself. We have omitted some obvious comments like “MUST revert if the token doesn’t exist” in this Gist to shorten it. Also, block with ERC721 transfers and instructions to make them revert always was omitted. Full interface definition and reference implementation can be found in our repository.

pragma solidity ^0.8.0;

interface IEncryptedFileToken is IERC721 {
    /// @dev Init token transfer. Shortcut for draftTransfer+completeTransferDraft
    /// @param tokenId is id for token to transfer
    /// @param to token receiver
    /// @param data transfer data
    /// @param callbackReceiver is contract on which callbacks will be called
    function initTransfer(
        uint256 tokenId,
        address to,
        bytes calldata data,
        IEncryptedFileTokenCallbackReceiver callbackReceiver
    ) external;

    /// @dev Draft transfer - lock NFT before receiver will be defined
    /// @param tokenId is id for token to transfer
    /// @param callbackReceiver is contract on which callbacks will be called
    function draftTransfer(
        uint256 tokenId,
        IEncryptedFileTokenCallbackReceiver callbackReceiver
    ) external;

    /// @dev Complete transfer draft
    /// @param tokenId is id for token to transfer
    /// @param to is token receiver
    /// @param data is transfer data
    function completeTransferDraft(
        uint256 tokenId,
        address to,
        bytes calldata publicKey,
        bytes calldata data
    ) external;

    /// @dev Set receiver public key
    /// @notice publicKey asymmetric encryption public key
    /// @param tokenId is id for token to transfer
    /// @param publicKey is receiver public key
    function setTransferPublicKey(
        uint256 tokenId,
        bytes calldata publicKey
    ) external;

    /// @dev Approve transfer and save encrypted password
    /// @param tokenId is id for token to transfer
    /// @param encryptedSecret is encrypted by receiver public key 
    ///     symmetric encryption key
    function approveTransfer(
        uint256 tokenId,
        bytes calldata encryptedSecret
    ) external;

    /// @dev Finalize transfer
    /// @notice This function MUST call `transferFinished` callback function
    /// Following cases are allowed:
    /// 1. Transfer is finalized by receiver
    /// 2. Encrypted password was set more than 24 hours ago 
    ///   (or some other significant timeout) and transfer is finalized by sender
    /// @param tokenId is id for token to transfer
    function finalizeTransfer(
        uint256 tokenId
    ) external;

    /// @dev Report fraud
    /// @notice Within this function fraud MUST be checked by IFraudDecider 
    ///    and if there is and instant decision, abandon transfer and call the callback
    /// @notice This function MUST call `transferFraudDetected` 
    ///    callback function in case of instant decision
    /// @param tokenId is id for token to transfer
    function reportFraud(
        uint256 tokenId,
        bytes calldata privateKey
    ) external;

    /// @dev Apply fraud decision, abandon transfer and call the callback
    /// @notice MUST revert if fraud decision making instant for this token instance
    /// @notice MUST revert if called not by fraud decider linked to this token
    /// @notice This function MUST call `transferFraudDetected` callback function
    /// @param tokenId is id for token to transfer
    /// @param approve equals true if fact of fraud was proved
    function applyFraudDecision(
        uint256 tokenId,
        bool approve
    ) external;

    /// @dev Cancel transfer
    /// @notice This function MUST call `transferCancelled` callback function
    /// Following cases are allowed:
    /// 1. Current owner or transfer initiator cancels transfer before completing draft
    /// 2. Current owner cancels transfer before public key was set by receiver
    /// 3. Current owner cancels transfer before encrypted password was set
    /// 4. Current owner cancels transfer before receiver finalize it or report fraud
    /// 5. Receiver cancels transfer before encrypted password was set if 24 hours 
    ///     (or some other significant timeout) past after public key was set
    /// @param tokenId is id for token to transfer
    function cancelTransfer(
        uint256 tokenId
    ) external;
    
    /// @dev Function to detect if fraud decision instant for this instance. 
    ///     Should return false in EVM chains and true in Filecoin
    /// @return Boolean indicating if fraud decision will be instant
    function fraudDecisionInstant() external view returns (bool);

    /// @dev Function to get fraud decider instance for this token
    /// @return IFraudDecider instance
    function fraudDecider() external view returns (IFraudDecider);

    /// @dev Event emitted after transfer creation
    event TransferInit(uint256 indexed tokenId, address from, address to);

    /// @dev Event emitted after transfer draft creation
    event TransferDraft(uint256 indexed tokenId, address from);

    /// @dev Event emitted after transfer draft completion
    event TransferDraftCompletion(uint256 indexed tokenId, address to);

    /// @dev Event emitted after setting receiver's public key
    event TransferPublicKeySet(uint256 indexed tokenId, bytes publicKey);

    /// @dev Event emitted after setting encrypted file password
    event TransferPasswordSet(uint256 indexed tokenId, bytes encryptedPassword);

    /// @dev Event emitted after transfer successful finish
    event TransferFinished(uint256 indexed tokenId);

    /// @dev Event emitted after fraud was reported
    event TransferFraudReported(uint256 indexed tokenId);

    /// @dev Event emitted after fraud was decided
    event TransferFraudDecided(uint256 indexed tokenId, bool approved);

    /// @dev Event emitted after transfer was cancelled
    event TransferCancellation(uint256 indexed tokenId);
}

EFT Standard

Examples

For a better understanding, let’s take a look at a few important examples: the implementation of IFraudDecider in our current version, which is controlled by our Rust server, and the implementation of the simplest exchange contract for selling EFT.

IFraudDecider

FraudDeciderWeb2 — A contract that implements the IFraudDecider interface. It has a special lateDecision method that is called from our Rust server. It is called when an attempt has been made to decrypt a file, and the verdict is passed in the arguments.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "@openzeppelin/contracts/access/AccessControl.sol";
import "./IFraudDecider.sol";
import "./FileMarketCollection.sol";

contract FraudDeciderWeb2 is IFraudDecider, AccessControl {
    event FraudReported(address collection, uint256 tokenId, string cid,
        bytes publicKey, bytes privateKey, bytes encryptedPassword);

    struct Report {
        FileMarketCollection tokenInstance;
        uint256 id;
        string cid;
        bytes publicKey;
        bytes privateKey;
        bytes encryptedPassword;
    }

    mapping(address => mapping(uint256 => Report)) public reports;

    constructor() {
        _grantRole(DEFAULT_ADMIN_ROLE, _msgSender());
    }

    function decide(
        uint256 tokenId,
        string calldata cid,
        bytes calldata publicKey,
        bytes calldata privateKey,
        bytes calldata encryptedPassword
    ) external returns (bool, bool) {
        reports[_msgSender()][tokenId] = Report(FileMarketCollection(_msgSender()),
            tokenId, cid, publicKey, privateKey, encryptedPassword);
        emit FraudReported(_msgSender(), tokenId, cid, publicKey,
            privateKey, encryptedPassword);
        return (false, false);
    }

    function lateDecision(address tokenInstance, uint256 tokenId,
        bool approve) external onlyRole(DEFAULT_ADMIN_ROLE) {
        Report storage report = reports[tokenInstance][tokenId];
        require(bytes(report.cid).length != 0,
            "FraudDeciderWeb2: report doesn't exist");
        report.tokenInstance.applyFraudDecision(tokenId, approve);
    }
}

IFraudDecider implementation

EFT Exchange

FileMarketExchange — an example of a simple exchange for selling EFT. An order is created and at that moment an EFT transfer is created to lock the token (the creation of any other transfers will be impossible until the order completion of cancellation). Using the fulfillOrder function, the buyer fixes his address for receiving EFT and locks the funds, and the functions of the IEncryptedFileTokenCallbackReceiver interface allow the exchange contract to unlock the funds upon successful or unsuccessful completion of the transfer.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "@openzeppelin/contracts/utils/Context.sol";
import "./IEncryptedFileToken.sol";
import "./IEncryptedFileTokenCallbackReceiver.sol";

contract FileMarketExchange is IEncryptedFileTokenCallbackReceiver, Context {
    struct Order {
        IEncryptedFileToken token;
        uint256 tokenId;
        uint256 price;
        address payable initiator;
        address payable receiver;
        bool fulfilled;
    }

    mapping(IEncryptedFileToken => mapping(uint256 => Order)) public orders;

    function placeOrder(
        IEncryptedFileToken token,
        uint256 tokenId,
        uint256 price
    ) external {
        require(price > 0, "FileMarketExchange: price must be positive");
        require(token.supportsInterface(type(IEncryptedFileToken).interfaceId));
        require(orders[token][tokenId].price == 0, "FileMarketExchange: order exists");
        orders[token][tokenId] = Order(token, tokenId, price,
            payable(_msgSender()), payable(0), false);
        token.draftTransfer(tokenId, IEncryptedFileTokenCallbackReceiver(this));
    }

    function fulfillOrder(
        IEncryptedFileToken token,
        bytes calldata publicKey,
        uint256 tokenId
    ) external payable {
        Order storage order = orders[token][tokenId];
        require(order.price != 0, "FileMarketExchange: order doesn't exist");
        require(!order.fulfilled, "FileMarketExchange: order was already fulfilled");
        require(msg.value == order.price, "FileMarketExchange: value must equal");
        order.receiver = payable(_msgSender());
        order.fulfilled = true;
        order.token.completeTransferDraft(order.tokenId, order.receiver,
            publicKey, bytes(""));
    }

    function cancelOrder(
        IEncryptedFileToken token,
        uint256 tokenId
    ) external {
        Order storage order = orders[token][tokenId];
        require(order.price != 0, "FileMarketExchange: order doesn't exist");
        require(!order.fulfilled, "FileMarketExchange: order was fulfilled");
        order.token.cancelTransfer(tokenId);
    }

    function transferCancelled(uint256 tokenId) external {
        Order storage order = orders[IEncryptedFileToken(_msgSender())][tokenId];
        require(order.price != 0, "FileMarketExchange: order doesn't exist");
        if (order.fulfilled) {
            order.receiver.transfer(order.price);
        }
        delete orders[IEncryptedFileToken(_msgSender())][tokenId];
    }

    function transferFinished(uint256 tokenId) external {
        Order storage order = orders[IEncryptedFileToken(_msgSender())][tokenId];
        require(order.price != 0, "FileMarketExchange: order doesn't exist");
        require(order.fulfilled, "FileMarketExchange: order wasn't fulfilled");
        order.initiator.transfer(order.price);
        delete orders[IEncryptedFileToken(_msgSender())][tokenId];
    }

    function transferFraudDetected(uint256 tokenId, bool approved) external {
        Order storage order = orders[IEncryptedFileToken(_msgSender())][tokenId];
        require(order.price != 0, "FileMarketExchange: order doesn't exist");
        require(order.fulfilled, "FileMarketExchange: order wasn't fulfilled");
        if (approved) {
            order.receiver.transfer(order.price);
        } else {
            order.initiator.transfer(order.price);
        }
        delete orders[IEncryptedFileToken(_msgSender())][tokenId];
    }
}

Simple exchange contract implementation

What’s next?

After the MVP version, our two main goals are:

1. To implement our protocol on FVM/FEVM.

2. To build developer tools for easy usage of our EFT standard.

We will continue development and are excited to share results in future parts of this article series. Thank you for reading and may the force be with you!

Useful links:

• FileMarket

• Our Github repository

• FileMarket Twitter

• FileMarket Telegram Group

• FileMarket Discord