Integrating cryptographic proof of NFT metadata veracity on-chain

I wrote about this vaguely in a primordial soup a month ago, but I’ve since solidified the ideas in a blog post.

Problem: When NFT’s point to optional metadata stored off-chain there is no on-chain mechanism that a browser/wallet can use to validate that the metadata hasn’t been tampered with.

Solution: In Web 2.0 the W3C standardized Subresource Integrity (SRI) which allows resources in HTML to declare their integrity digests & hashing algorithm so the browser can download the resource, hash it, compare it with the declared integrity digest, and then pass/fail the resource. We can do the same on-chain by providing a simple interface for getIntegrity(tokenId) that returns the SRI-formatted hashing-algorithm + base64-encoded integrity digest.

Caveat: browsers/wallets will have to adopt both checking for the interface and validating off-chain metadata, but this can be a powerful tool against future malicious NFT projects.

Full details here:

Looking for contributors to help us draft an EIP.

Previous topic where I first thought about the idea: SRI-style Integrity Digests for Tokens