Gun Token

The GunClear Token

The GunClear tokens are ERC 721-compatible, non-fungible tokens uniquely representing firearms in GunClear's platform. The tokenId is the sha256 hash of the firearm's serial number, and a secret value j that is randomly generated and forwarded to each owner, which we call the "validation key".

The validation key is an important concept as it allows firearm owners to pseudo-anonymize their firearm from the public view, as well as provides a mechanism for a firearm to be re-tokenized in case of loss of access. The validation key is computed privately within the GunClear application so your serial number is never committed on-chain. It is passed from owner to owner as a succinct proof that the physical asset matches the ownership token. The firearm's current owner transmits this secret j and the serial number to the receiver of a trade, and that receiver validates that the serial number transmitted physically matches the one on the firearm. This is not a perfect secrecy however, since the firearm is not considered traded until confirmed by the network. Additionally, all prior owners (and potential owners who did not commit to a trade) have knowledge of this secret. For practical purposes, it should be enough to help protect potential owners against fraud on the platform.

The validation key is not shared with GunClear, but the serial number for a specific tokenId is. We need this correlation to detect abuse of the platform and ensure as much as possible that the tokenization is valid given the documentation provided. If we detect that a serial number which is attempting to be tokenized matches one in our database of previous tokenizations, we will require more advanced proof from that owner prior to us minting the token. If we mint the token, it is because the proof is beyond a reasonable doubt that the firearm is indeed real, and is potentially being re-tokenized because of access loss from losing keys to a specific account that owned it. It could also mean that our prior tokenization was invalid, and the evidence supplied was not sufficient to detect fraud. If we reject it, we believe the request was an attempt at a griefing attack against the current owner. We will only allow a certain amount of tokenization requests in a defined time period. When combined with our requirement to submit proof of inclusion against the most up-to-date public authorization list, these parameters should protect against spam requests and griefing attacks against our users.

Minting a Token

The minting process is controlled by the GunClear authority, only GunClear may mint tokens for it's users. The minting process has GunClear generating the tokenId as described prior and transferring it to the control of the mintee's account on the Gunero Plasmachain by locking the token using their provided txnIdHash. This allows an owner to maintain their privacy by never having them submit an on-chain transaction to tokenize.

This is an opt-in service we provide, and if the user desires to maintain ownership of their tokens, we will abide.

Transferring a Token

While it is possible for an owner to transfer a token they own (which isn't locked into the Plasmachain), this is not the primary use case for which we designed our token for. It is however a perfectly valid use of the GunToken contract stemming from the properties of self-sovereignty of the ownership certificate for the firearm, so we will note that it is possible trade your unlocked tokens freely. Again, this is accomplished totally transparently on the Ethereum network, so the risk of correlation is much stronger.

Locking a Token

The primary use case for the Token is to lock into the PlasmaRifle Manager contract. Locking into this contract creates a signal the Gunero network listens for, creating the first entry for that tokenId into the child chain's database. This transaction is validated by all participants in the Proof of Authority network, so the reliance of trust in the GunClear authority is minimized.

Burning a Token

If the current owner of the token decides to make a public attestation that the firearm represented by it's corresponding token should be permanently removed from the supply of tokens available to trade, and thus from the GunClear ecosystem, then they will "burn" or destroy this token. A token can only be burned by it's owner, and is a permanent action. Since the token itself is a combination of the firearm's serial number and a secret held by the account, the act of "burning" a token has several potential meanings:

1. The token is inaccessible (keys to view and access it are lost)
2. The firearm is lost or stolen
3. The owner no longer wants to participate in the system (or is transferring outside the system)

See Plasma Manager for more details about exit procedures.

Additionally, since we are attempting to protect against abuse of the platform, there are limited conditions under which the Manager will actually burn tokens, showing that an inconsistency is undecidable by the rules of the network, and requiring further review by the GunClear Authority in order to correctly re-tokenize the asset.