Jump to content
devnullprod

XRP Account Distribution Study

Recommended Posts

Posting a seperate thread as this is new research, though on a similar topic.

We just spent a short while looking at the XRP Base58 address space to further our understanding and generate ideas pertaining subsequent systems which can be built ontop of it to provide advanced features. Our report can be accessed here:

https://wipple.devnull.network/research/entropy.html

 

Mechanisms involved performing a snapshot of the account set on the XRPL, writing a script to count character and substring references, and then plotting / deriving conclusions from the results. Base58 addresses were analyzed as these are the primary mechanism which to uniquely reference accounts from the user-level. As expected, character and short-substring occurances are very uniform throughout the database and suffices to show xrp random number / seed generation produces intended results.

 

We conclude by introducing a conceptual naming scheme based on community feedback / input where accounts can be referenced by humans and high level systems using mnemonics derived from account IDs.

Share this post


Link to post
Share on other sites
5 hours ago, Sukrim said:

What's your proposal exactly?

We proposed one simple solution involving a standard where human-friendly 5-character account ID substrings are sufficient to reference / discuss accounts in unique scopes so long as care is taken to verify the uniqueness of the substring identifier in the account set being analyzed. This is because the overlap entailed by a substring of this length results in a low probability of random collision. This is just for informal discussions such as during investigations on community forums w/ provided links to relevant accounts and transactions (of course during formal specification such as in software issuing and reading transactions, full account ids are necessary)

 

This arrises from a problem we've encountered which arrises due to the tedium of representing accounts in human communications. This can be seen by the many discussions here and in other discussion channels where accounts are abreviated as XYZ... .

 

Finally the last idea was to explore and to start a discussion. If others had different ideas as to mnemonics which can be mapped to accounts (even if not perfect 1-1 mapping as that's not needed in this scenario) we'd love to hear them!

Share this post


Link to post
Share on other sites

I’ve always kind of adopted the 5 char mnemonic personally (but based on a subsection generally at front or back of account).  

So whatever stuck out as noteworthy.  Eg an address might have   6sHnw  which is not necessarily memorable,  but looks distinctive enough to use as a nickname (in my tiny mind at least).  

I’ve operated on the assumption that when dealing with accounts the sighting of those chars is enough to know I have the correct one.  

So essentially I’ve already adopted your proposal.  :) 

Share this post


Link to post
Share on other sites

Glad to hear it @Tinyaccount We do a similar thing, though hopefully this formalizes our standard a bit. As it stands we see 5 chars being the minimum used to represent an account in an informal context as fewer characters result in too high chance of of collision. Perhaps in the future we can build on this (perhaps be incorporating a phonetic alphabet, standardized spacing/dashes, or similar)

Share this post


Link to post
Share on other sites

Thanks for doing this research. It's useful for me to know that 5 characters is a good cutoff for making collisions very unlikely. I'll probably go on to use that as my convention in documentation. (I assume the 5 characters is not counting the starting "r" which is a freebie.)

Share this post


Link to post
Share on other sites

5 characters is still not too hard to bruteforce though, so as soon as something is being used in documentation or a very commonly used/well known address, it isn't very hard to generate one that starts with the same string.

Share this post


Link to post
Share on other sites
17 minutes ago, Sukrim said:

5 characters is still not too hard to bruteforce though, so as soon as something is being used in documentation or a very commonly used/well known address, it isn't very hard to generate one that starts with the same string.

But isn’t the proposal that in listing or documenting accounts which are already extant, the five chars are sufficient as a proxy ID?

So the five chars are used AFTER the fact,  not as part of a UI in real-time.  Hence locating an address with the identical five chars doesn’t expose a vulnerability since it’s not used live.  Or have I got it wrong?

Share this post


Link to post
Share on other sites

While this can be useful (e.g. in a transaction analyzer to shorten account IDs to, say, rABC..XYZ and detect collisions) I share some of Sukrim’s concerns.

Share this post


Link to post
Share on other sites

Another option would be to represent the full address in a visual way so it's easier for a human to recognize.
This way you encode the FULL address, and changing a single bit gives you a completely different image.

Some examples generated using http://identicon.org/:

The genesis account
(rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh)


?t=rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh&s=

Gatehub
(rhub8VRN55s94qWKDv6jmDy1pUykJzF3wq)


?t=rhub8VRN55s94qWKDv6jmDy1pUykJzF3wq&s=

 

RippleFox
(rKiCet8SdvWxPXnAgYarFUXMh1zCPz432Y)


?t=rKiCet8SdvWxPXnAgYarFUXMh1zCPz432Y&s=

Share this post


Link to post
Share on other sites

@Sukrim @nikb I understand the concerns about brute forcing it fewer chars, etc. Unfortunately even with 7 characters or so, it's well within the realm of possibility of generating an account any given substring in a reasonable amount of time.

Unfortunately this comes down to a "convenience" vs "security" situation, which as you know is always a tradeoff. I'm definetly not proposing this solution for any situation requiring any level of formal security or verification (even the most minimal), but rather just exploring this topic for the most informal of conversations, when discussing account activity via social media channels such as twitter for example (where typing out full account addresses has an adverse effects towards tweet character limits).

 
@fluxw42 I love the identicon idea! I'm going to look at integrating this into the Account Details Page on Wipple (https://wipple.devnull.network/live/accounts/rvYAfWj5gh67oV6fW32ZzP3Aw4Eubs59B) and perhaps making it accessible via an embeddable widget. Should provide a quick way to visualize accounts. Great thinking! :JC_doubleup:
 
Edited by devnullprod

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...