Saturday, March 20, 2021

Deconstructing that $69million NFT

"NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Specifically, I deconstruct that huge purchase and show what actually was exchanged, down to the raw code. (The answer: almost nothing).

The reason for this post is that every other description of NFTs describe what they pretend to be. In this blogpost, I drill down on what they actually are.

Note that this example is about "NFT artwork", the thing that's been in the news. There are other uses of NFTs, which work very differently than what's shown here.

tl;dr

I have long bit of text explaining things. Here is the short form that allows you to drill down to the individual pieces.

  • Beeple created a piece of art in a file
  • He created a hash that uniquely, and unhackably, identified that file
  • He created a metadata file that included the hash to the artwork
  • He created a hash to the metadata file
  • He uploaded both files (metadata and artwork) to the IPFS darknet decentralized file sharing service
  • He created, or minted a token governed by the MakersTokenV2 smart contract on the Ethereum blockchain
  • Christies created an auction for this token
  • The auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.
  • Beeple transferred the token to the winner, who transferred it again to this final Metakovan account
Each of the link above allows you to drill down to exactly what's happening on the blockchain. The rest of this post discusses things in long form.

Why do I care?

Well, you don't. It makes you feel stupid that you haven't heard about it, when everyone is suddenly talking about it as if it's been a thing for a long time. But the reality, they didn't know what it was a month ago, either. Here is the Google Trends graph to prove this point -- interest has only exploded in the last couple months:

The same applies to me. I've been aware of them (since the CryptoKitties craze from a couple years ago) but haven't invested time reading source code until now. Much of this blogpost is written as notes as I discover for myself exactly what was purchased for $69 million, reading the actual transactions.


So what is it?

My definition: "Something new that can be traded on a blockchain that isn't a fungible cryptocurrency".

In this post, I'm going to explain in technical details. Before this, you might want to pause and see what everyone else is saying about it. You can look on Wikipedia to answer that question, or look at the following definition from CNN (the first result when I google it):
Non-fungible tokens, or NFTs, are pieces of digital content linked to the blockchain, the digital database underpinning cryptocurrencies such as bitcoin and ethereum. Unlike NFTs, those assets are fungible, meaning they can be replaced or exchanged with another identical one of the same value, much like a dollar bill.
You can also get a list of common NFT systems here. While this list of NFT systems contains a lot of things related to artwork (as described in this blogpost), a lot aren't. For example, CryptoKitties is an online game, not artwork (though it too allows ties to pictures of the kitties).


What is fungible?

Let's define the word fungible first. The word refers to goods you purchase that can be replaced by an identical good, like a pound of sugar, an ounce of gold, a barrel of West Texas Intermediate crude oil. When you buy one, you don't care which one you get.

In contrast, an automobile is a non-fungible good -- if you order a Tesla Model 3, you won't be satisfied with just any car that comes out of the factory, but one that matches the color and trim that you ordered. Art work is a well known non-fungible asset -- there's only one Mona Lisa painting in the world, for example.

Dollar bills and coins are fungible tokens -- they represent the value printed on the currency. You can pay your bar bill with any dollars. 

Cryptocurrencies like Bitcoin, ZCash, and Ethereum are also "fungible tokens". That's where they get their value, from their fungibility.

NFTs, or non-fungible tokens, is the idea of trading something unique (non-fungible, not the same as anything else) on the blockchain. You can trade them, but each is unique, like a painting, a trading card, a rare coin, and so on.

This is a token  -- it represents a thing. You aren't trading an artwork itself on the blockchain, but a token that represents the artwork. I mention this because most descriptions about NFTs are that you are buying artwork -- you aren't. Instead, you are buying a token that points to the artwork.

The best real world example is a receipt for purchase. Let's say you go to the Louvre and buy the Mona Lisa painting, and they give you a receipt attesting to the authenticity of the transaction. The receipt is not the artwork itself, but something that represents the artwork. It's proof you legitimately purchased it -- that you didn't steal it. If you ever resell the painting, you'll probably need something like this proving the provenance of the piece.


Show me an example!

So let's look an at an example NFT, the technical details, to see how it works. We might as well use this massive $69 million purchase as our example. Some news reports describing the purchase are here: [1] [2] [3].

None of these stories say what actually happened. They say the "artwork was purchased", but what does that actually mean? We are going to deconstruct that here. (The answer is: the artwork wasn't actually purchased).


What was the artwork?

It's a piece created by an artist named "Beeple" (Mike Winkelmann), called "Everydays: The First 5000 Days". It's a 500-megapixel image, which is about 300-megabytes in size. A thumbnail of this work is shown below.



So the obvious question is where is this artwork? Is it somewhere on the blockchain? Well, no, the file is 300-megabytes in size, much too large to put on the blockchain. Instead, the file exists somewhere out in cyberspace (described below).

What exists on the blockchain is a unique fingerprint linking to the file, known as a hash.


What is a hash?

It's at this point we need to discuss cryptography: it's not just about encryption, but also random numbers, public keys, and hashing.

A "hash" passes all the bytes of a file through an algorithm to generate a short signature or fingerprint unique to that file. No two files with different contents can have the same hash. The most popular algorithm is SHA-256, which produces a 256-bit hash.

We call it a cryptographic hash to differentiate it from weaker algorithms. With a strong algorithm, it's essentially impossible for a hacker to create a different file that has the same hash -- even if the hacker tried really hard.

Thus, the hash is the identity of the file. The identity of the artwork in question is not the title of the piece mentioned above, other pieces of art can also be given that title. Instead, the identity of the artwork is its hash. Other pieces of artwork cannot have the same hash.

For this artwork, that 300-megabyte file is hashed, producing a 256-bit value. Written in hex, this value is:

6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017

Hexadecimal results in long strings. There are shorter ways of representing hashes. One is a format called MultiHash. It's value is shown below. This refers to the same 256-bits, and thus the two forms equivalent, they are simply displayed in different ways.

QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA

This is the identity of the artwork. If you want to download the entire 300-megabyte file, simply copy and paste that into google, and it'll lead you to someplace in cyberspace where you can download it. Once you download it, you can verify the hash, such as with the command-line tool OpenSSL:

$ openssl dgst -sha256 everdays5000.jfif

SHA256(everdays5000.jfif)= 6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017

The above is exactly what I've done -- I downloaded the file from cyberspace, named it "everydays5000.jfif", and then calculated the hash to see if it matches. As you can tell by looking at my result with the above hash, they do match, so I know I have an exact copy of the artwork.


Where to download the image from cyberspace?

Above, I downloaded the file in order to demonstrate calculating the hash. It doesn't live on the blockchain, so where does it live?

There's two answers. The first answer is potentially anywhere in cyberspace. Thousands of people have downloaded the file onto the personal computers, so obviously it exists on their machines -- you just can't get at it. If you ever do come across it somewhere, you can always verify it's the exact copy by looking at the hash.

The second answer is somewhere on the darknet. The term "darknet" refers to various systems on the Internet other than the web. Remember, the "web" is not the "Internet", but simply one of many services on the Internet.

The most popular darknet services are decentralized file sharing systems like BitTorrent and IPFS. In much the same way that blockchains are decentralized transaction services, these two system are decentralized file services. When something is too big to live on the blockchain, it often lives on the darknet, usually via IPFS.

The way these services identify files is through their hashes. If you know their hash, you can stick it into one of these services and find it. Thus, if you want to find this file on IPFS, download some IPFS aware software, and plug in the hash.

There's an alternative privacy-focused browser called "Brave" that includes darknet features (TOR, BitTorrent, and IPFS). To download this file using Brave, simply use the following URL:

ipfs://QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA

But an easier way is to use one of the many IPFS gateways. These are web servers that will copy a file off the darknet and make it available to you. Here is a URL using one of those gateways:

https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA

If you click on this link within your browser, you'll download the 300-megabyte file from the IPFS darknet. It'll take a while, the service is slow. Once you get it, you can verify the hashes match. But since the URL is based on the hash, of course they should match, unless there was some error in transmission.


So this hash is on the blockchain?

Well, it could've been, but it wasn't. Instead, the hash that's on the blockchain points to a file containing metadata -- and it's the metadata that points to the hash.

In other words, it's a chain of hashes. The hash on the blockchain (as we'll see below) is this one here (I've made it a link so you can click on it to see the raw data):

QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz

When you click on this, you see a bunch of JSON data. Below, I've stripped away the uninteresting stuff to show the meaningful bits;

title:"EVERYDAYS: THE FIRST 5000 DAYS
description:"I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021.  This is every motherfucking one of those pictures.
digital_media_signature:"6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017
raw_media_file:"https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA"

Now remember that due to the magic of cryptographic hashes, this chain can't be broken. One hash leads to the next, such that changing any single bit breaks the chain. Indeed, that's what a "blockchain" is -- a hash chain. Changing any bit of information anywhere on the Bitcoin blockchain is immediately detectable, because it throws off the hash calculations.

So we have a chain: 

hash -> metadata -> hash -> artwork

So if you own the root, you own the entire chain.

Note that this chain seems unbreakable here, in this $69 million NFT token. However, in a lot of other tokens, it's not. I mean, the hash chain itself doesn't promise much (it simply points at the artwork, giving no control over it), but other NFTs promise even less.


So what, exactly, is the NFT that was bought and sold?

Here's what Christie's sold. Here's how Christies describes it:

Beeple (b. 1981)
EVERYDAYS: THE FIRST 5000 DAYS
token ID: 40913
wallet address: 0xc6b0562605D35eE710138402B878ffe6F2E23807
smart contract address: 0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756
non-fungible token (jpg)
21,069 x 21,069 pixels (319,168,313 bytes)
Minted on 16 February 2021. This work is unique.

The seller is the artist Beeple. The artist created the token (shown below) and assigned their wallet address as the owner. This is their wallet address:

0xc6b0562605D35eE710138402B878ffe6F2E23807

When Beeple created the token, he did so using a smart contract that governs the rules for the token. Such smart contracts is what makes Ethereum different from Bitcoin, allowing things to be created and managed on the blockchain other than simple currency transfers. Contracts have addresses on the blockchain, too, but no person controls them -- they are rules for decentralized transfer of things, with nobody (other than the code) in control.

There are many smart contracts that can manage NFTs. The one Beeple chose is known as MakersTokenV2. This contract has the following address:

0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756

Note that if you browse this link, you'll eventually get to the code so that you can read the smart contract and see how it works. It's a derivation of something known as ERC721 that defines the properties of a certain class of non-fungible tokens.

Finally, we get to the actual token being sold here. It is:

#40913

In other words, it's the 40913rd token created and managed by the MakersTokenV2 contract. The full description of what Christies is selling is this token number governed by the named contract on the Ethereum blockchain:

Ethereum -> 0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756 -> 40913

We have to search the blockchain in order to find the transaction that created this token. The transaction is identified by the hash:

0x84760768c527794ede901f97973385bfc1bf2e297f7ed16f523f75412ae772b3

The smart contract is code, so in the above transaction, Beeple calls functions within the contract to create a new token, assign digital media to it (the hash), and assign himself owner of the newly created token.

After doing this, the token #40913 now contains the following information:

creator : 0xc6b0562605d35ee710138402b878ffe6f2e23807
metadataPath : QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz
tokenURI : ipfs://ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz

This is the thing that Christie's auction house sold. As you can see in their description above, it all points to this token on the blockcahin.

Now after the auction, the next step is to transfer the token to the new owner. Again, the contract is code, so this is calling the "Transfer()" function in that code. Beeple is the only person who can do this transfer, because only he knows the private key that controls his wallet. This transfer is done in the transaction below:

0xa342e9de61c34900883218fe52bc9931daa1a10b6f48c506f2253c279b15e5bf 

token : 40913
from : 0xc6b0562605d35ee710138402b878ffe6f2e23807
to : 0x58bf1fbeac9596fc20d87d346423d7d108c5361a

That's not the current owner. Instead, it was soon transferred again in the following transaction:

0x01d0967faaaf95f3e19164803a1cf1a2f96644ebfababb2b810d41a72f502d49 

token : 40913
from : 0x58bf1fbeac9596fc20d87d346423d7d108c5361a
to : 0x8bb37fb0f0462bb3fc8995cf17721f8e4a399629

That final address is known to belong to a person named "Metakovan", who the press has identified as the buyer of the piece. I don't know what that intermediary address between Beeple and Metakovan was, but it's common in the cryptocurrency world to have many accounts that people transfer things between, so I bet it also belongs to Metakovan.


How are things transferred?

Like everything on the blockchain, control is transfered via public/private keys. Your wallet address is a hash of your public key, which everyone knows. Anybody can transfer something to your public address without you being involved.

But every public key has a matching private key. Both are generated together, because they are mathematically related. Only somebody who knows the private key that matches the wallet address can transfer something out of the wallet to another person.

Thus Beeple's account as the following public address. But we don't know his private key, which he has stored on a computer file somewhere.

0xc6b0562605D35eE710138402B878ffe6F2E23807


To summarize what was bought and sold

So that's it. To summarize:

  • Beeple created a piece of art in a file
  • He created a hash that uniquely, and unhackably, identified that file
  • He created a metadata file that included the hash to the artwork
  • He created a hash to the metadata file
  • He uploaded both files (metadata and artwork) to the IPFS darknet decentralized file sharing service
  • He created, or minted a token governed by the MakersTokenV2 smart contract on the Ethereum blockchain
  • Christies created an auction for this token
  • The auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.
  • Beeple transferred the token to the winner, who transferred it again to this final Metakovan account
And that's it.

Okay, I understand. But I have a question. WHAT IS AN NFT????

So if you've been paying attention, and understood everything I've said, then you should still be completely confused. What exactly was purchased that was worth $69 million?

If we are asking what Metakovan purchased for his $69 million, it comes down to this: the ability to transfer MakersTokenV2 #40913 to somebody else.

That's it. That's everything he purchased. He didn't purchase the artwork, he didn't purchase the copyrights, he didn't purchase anything more than the ability to transfer that token. Even saying he owns the token is a misnomer, since the token lives on the blockchain. Instead, since only Metakovan knows the private key that controls his wallet, all that he possesses is the ability to transfer the token to the control of another private key.

It's not even as unique as people claim. Beeple can mint another token for the same artwork. Anybody else can mint a token for Beeple's artwork. Insignificant changes can be made to that artwork, and tokens can be minted for that, too. There's nothing hard and fast controlled by the code -- the relationship is in people's minds.

If you are coming here asking why somebody thinks this is worth $69 million, I have no answer for you.


The conclusion

I think there are two things that are clear here:
  • This token is not going to be meaningful to most of us: who cares if the token points to a hash that eventually points to a file freely available on the Internet?
  • This token is meaningful to those in the "crypto" (meaning "cryptocurrency") community, but it's in their minds, rather than something hard and fast controlled by code or cryptography.
In other words, the work didn't sell for $69 million of real money.

For one thing, it's not the work that was traded, or rights or control over that work. It's simply a token that pointed to the work.

For another thing, it was sold for 42329.453 ETH, not $dollars. Early adopters with lots of cryptocurrency are likely to believe the idea that the token is meaningful, whereas outsiders with $dollars don't.

An NFT is ultimately like those plaques you see next to paintings in a museum telling people about the donor or philanthropist involved -- only this plaque is somewhere where pretty much nobody will see it.




8 comments:

Tudor said...

Thank you, very nice explanation. I had the idea in the back of my mind that the subject is extremely boring, you just proved my feeling was correct. Thank you again for taking the time.

Angel charls said...

Outlook is a popular email service that is used by the majority of users. It works for all types of hardware and operating systems. Despite the fact that its features are very fine, users can sometimes run into problems. If you're having trouble using Outlook on your iPhone, it may be for a number of reasons, you can first try some patches before going on to the advanced troubleshooting. Here are some general solutions for the problem that can help you solve Outlook problems. If the problem with Outlook not running on iPhone continues after taking these measures, you should contact the Microsoft support team via Outlook Contact Belgie. Many of your questions will be answered by the technical executives.

Newport Box 100s said...

It's just baffling to me. Someone bought a Soulja Boy tweet for over $1000. There is no point to these NFT's. The crypto craze is so stupid.

Unknown said...

Whatch when someone starts selling their farts for crazy amounts
of money

Unknown said...

You know how many people that retardo that paid $69 million for some damn stupid pictures could have helped. What is he going to do with it? When he gets lonely he is gonna sit in his lonely chair and look at it to comfort himself and bore himself to death. Oh this megapixel in middle here, ow wow this other tiny one that needs a magnifying glass looks like the artist must have taken this pic in day 3000. Ohh, this one, boy looks like the artist took this pick in day 4999, cause he looks like he is taking a crap while he snapping that pick. Dumb as one can get

Unknown said...

How do you know that the wallet owner is the real author/owner of the art work? Is there a way to associate a wallet to a real life person? I would guess one way would be for the person to announce his wallet code via some other trusted channel?

Jeff said...

I take issue with this statement, "No two files with different contents can have the same hash." Better to say that it's extremely unlikely (but not impossible) that any two files having different contents will have the same hash. Likewise, given a hash, it would be nearly impossible to create a file having that hash. Blockchain miners race each other to create a file whose hash contains just a few bits that match a given value.

Shymaa Arafat said...

u wrote

"It's not even as unique as people claim. Beeple can mint another token for the same artwork. Anybody else can mint a token for Beeple's artwork. Insignificant changes can be made to that artwork, and tokens can be minted for that, too."

So what prevent the auctioneer from resell it again?( make a new token pointing to the same file?)
- u also gave the example of a receipt, if a marchant signed 2 receipts for the same item u could press charges against him, what about NFT?

I mean other than tampering or making a slight change, does the create or transfer operations check if the hash already exists have been minted before? or just verify it?
(They could sign & seal 2 manual receipts to be only discovered in court, but a computerized system wouldn't print a 2nd receipt from the beginning)
....
In one sentence
How does NFTs prevent double spending?or they just don't?