diff --git a/README.md b/README.md index 6a679e53..e9acb774 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -# TRON Improvement Proposals (TIPs) TRON Improvement Proposals (TIPs) describe standards for the TRON platform, including core protocol specifications, client APIs, and contract standards. diff --git a/template.md b/template.md index cb6c46a1..5c75b90d 100644 --- a/template.md +++ b/template.md @@ -1,54 +1,37 @@ -``` -tip: +--- +tip: title: -author: , FirstName (@GitHubUsername) and GitHubUsername (@GitHubUsername)> +author: Author Name discussions-to: -status: -type: -category (*only required for Standard Track): +status: Draft +type: Standards Track +category: Core created: -requires (*optional): -replaces (*optional): -``` +--- -This is the suggested template for new TIPs. - -Note that an TIP number will be assigned by an editor. When opening a pull request to submit your TIP, please use an abbreviated title in the filename. - -The title should be 44 characters or less. - -## Simple Summary (required) - -Provide a simplified explanation of the TIP. - -## Abstract (required) +## Simple Summary +"If you can't explain it simply, you don't understand it well enough." Provide a simplified and layman-accessible explanation of the TIP. +## Abstract A short (~200 word) description of the technical issue being addressed. -## Motivation (required) - +## Motivation The motivation is critical for TIPs that want to change the TRON protocol. It should clearly explain why the existing protocol specification is inadequate to address the problem that the TIP solves. TIP submissions without sufficient motivation may be rejected outright. -## Specification (required) +## Specification +The technical specification should describe the syntax and semantics of any new feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current TRON platforms. -The technical specification should describe the syntax and semantics of any new feature. +## Rationale +The rationale fleshes out the specification by describing what motivated the design and why particular design decisions were made. It should describe alternate designs considered and related work, e.g., how the feature is supported in other languages. -## Rationale (required) - -The rationale fleshes out the specification by describing what motivated the design and why particular design decisions were made. It should describe alternate designs that were considered and related work, e.g. how the feature is supported in other languages. The rationale may also provide evidence of consensus within the community, and should discuss important objections or concerns raised during discussion. - -## Backwards Compatibility (optional) - -All TIPs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The TIP must explain how the author proposes to deal with these incompatibilities. TIP submissions without a sufficient backwards compatibility treatise may be rejected outright. - -## Test Cases (optional) +## Backward Compatibility +All TIPs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The TIP must explain how the author proposes to deal with these incompatibilities. Submissions without a sufficient backward compatibility treatise may be rejected outright. +## Test Cases Test cases for an implementation are mandatory for TIPs that are affecting consensus changes. Other TIPs can choose to include links to test cases if applicable. -## Implementation (required) - -The implementations must be completed before any TIP is given status "Final", but it need not be completed before the TIP is accepted. While there is merit to the approach of reaching consensus on the specification and rationale before writing code, the principle of "rough consensus and running code" is still useful when it comes to resolving many discussions of API details. +## Implementations +The implementations must be completed before any TIP is given "Final" status, but it need not be completed before the TIP is accepted. While there is merit to referencing implementations, it is better to include the implementation in the TIP as code snippets or executable documentation. ## Copyright - -Copyright and related rights waived via [CC0](LICENSE.md). \ No newline at end of file +All TIPs are licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/tip-796.md b/tip-796.md new file mode 100644 index 00000000..82d7d113 --- /dev/null +++ b/tip-796.md @@ -0,0 +1,114 @@ +🧠 TIP-796 — TRON Account-Layer Username Standard +Status: Draft +Type: Standards Track +Authors: Ali & ChatGPT +GitHub: @alichatme +Created: September 25, 2025 +License: MIT © 2025 +📘 Summary +TIP-796 introduces a native, unique, non-transferable username standard for TRON accounts, implemented directly at the Account Layer. +This system: +requires no smart contracts +charges zero gas/fees +enhances security, usability, and human readability +neutralizes dozens of address-based attack vectors +remains fully compatible with TRON’s existing architecture +Its goal is to create a trustworthy, human-readable identity layer that eliminates address confusion, phishing, and UI-level manipulation. +🧩 Username Structure +All TRON usernames must begin with uppercase TR and follow one of three valid patterns using lowercase ASCII letters (a–z) and digits (0–9). +Mode 1 +TR + two English words + four-digit number +Example: TRsunboy1185 +Mode 2 +TR + first word + four-digit number + second word +Example: TRsun7217boy +Mode 3 +TR + four-digit number + two English words +Example: TR7516sunboy +Rules: +No special characters, spaces, or underscores +100% ASCII +100% LTR storage and rendering +Uppercase TR prefix is mandatory and part of the username identity +🔠 LTR Enforcement & Visual Anti-Spoofing +Usernames must always be stored and displayed Left-to-Right (LTR). +This eliminates: +Homograph attacks +RTL/LTR direction-switch attacks +Font-based spoofing +Display manipulation in Persian/Arabic/Hebrew UI environments +⚙️ Core Rules +The TR prefix is mandatory and stored on-chain exactly as is. +Wallets must display the full username (including TR) and the full address before signing any transaction. +Wallets may not shorten or hide any part of the username. +The system operates entirely at the Account Layer, with zero cost and no protocol burden. +🔥 Full Elimination of All Known Address-Based Attacks +(Highest Security Level Achievable in Blockchain Username Systems) +TIP-796 neutralizes every major attack vector involving addresses, including: +1. Clipboard Hijacking +Malware replacing clipboard addresses → +Mismatch with destination username immediately exposes the attack. +2. Address Spoofing / Look-Alike Generation +Attackers generate thousands of similar addresses → +Username is non-spoofable and breaks the attack. +3. Homograph Attacks +Swapping characters like "0" with "٠" → +Disallowed entirely by ASCII-only enforcement. +4. RTL/LTR Direction Attacks +Manipulating direction to flip parts of the address → +LTR-only rendering disables this attack type completely. +5. UI-Layer Manipulation Attacks +Fake wallets hiding or visually slicing an address → +Mandatory full username display prevents deception. +6. Social Engineering on Non-Technical Users +Human-readable usernames + enforced visibility → +Human error nearly eliminated. +7. Spam-Activation & Transaction Injection Attacks +Spammers send micro-transactions to appear in “recent activity” → +A consistent, unfakeable username breaks this deception model. +🔥 Username Assignment — Anti-Bot & Anti-Abuse Mechanisms +To prevent large-scale automated account creation or username farming: +1. Time-Delay Assignment (Cooldown Window) +A username is assigned only after a configurable delay following account activation. +Default: 24 hours +Nodes may increase to 48 hours or more for stricter anti-abuse. +2. Minimum Balance Requirement +A username is assigned only if the account maintains a minimum balance during the cooldown. +Suggested default: 2 TRX (or equivalent frozen balance) +Can be increased to 10 TRX for stronger protection. +3. Mandatory Wallet Onboarding Before Display +Before showing the username, the wallet must display a multilingual onboarding panel explaining: +what the username is +how it is generated +how it is bound to the account +how it protects the user +where it is displayed +how to use it safely +User must scroll and explicitly confirm. +4. Optional Anti-Bot Challenge (Local CAPTCHA / PoW) +Wallets may require a lightweight challenge. +Network only verifies the result; execution remains wallet-side. +Combined effect: +Bots must: +wait 24–48 hours +hold real TRX +complete onboarding +solve CAPTCHAs +repeat this for every account +➡️ Economically impossible +➡️ Fully kills username-mining bots +📊 Namespace Capacity +With over 650,000 English words, the system supports: +12.6 quadrillion unique usernames +🎯 Purpose +To provide TRON with a native, decentralized, visually safe, and non-spoofable identity layer — +eliminating human-layer vulnerabilities without gas, fees, or smart contracts. +🔮 Future Extensions +Additional structural modes +Expanded character sets +Special categories for NFTs, MemeCoins, or ecosystem tags +📄 License +MIT © 2025 +🔗 References +Primary Issue: #799 +Updated Pull Request: #803 diff --git a/tips/tip-796.md b/tips/tip-796.md new file mode 100644 index 00000000..85e5e42e --- /dev/null +++ b/tips/tip-796.md @@ -0,0 +1,59 @@ +--- +tip: 796 +title: Dual-Word + 4-Digit Username System for TRON Accounts +author: ali&chatgpt (alichatme) +discussions-to: https://github.com/tronprotocol/tips/issues/ (to be linked after Issue creation) +status: Draft +type: Standards Track +category: TRC +created: 2025-10-09 +--- + +## Simple Summary +A new **dual-word + 4-digit username system** designed to make TRON account transfers safer and easier while keeping decentralization principles. + +## Abstract +This proposal introduces a human-readable username format based on **two meaningful English words followed by four digits** (e.g., `skyline2458`). +This approach prevents copy-paste mistakes, enhances user confidence, and supports massive scalability (up to **3.6 quadrillion usernames**) using over 650,000 English words. + +## Motivation +One of the biggest risks in blockchain transfers is **copy/paste error** or **address replacement by malware**. +By linking TRON accounts to short, meaningful, and unique usernames, senders can visually confirm that they’re sending to the correct account — reducing human error and potential loss of funds. + +## Specification + +### Username Format +- Structure: **Two meaningful English words + four digits** +- Examples: `bluebird1974`, `silvergate2048` +- Case-insensitive (`SkyGate2048` = `skygate2048`) +- Only ASCII letters and digits allowed +- Each username must be unique across the TRON network + +### Registration Rules +1. Usernames are optional; addresses still remain valid and functional. +2. Registration can be handled on-chain (TRC smart contract) or derived deterministically from address (implementation choice). +3. Ownership of a username is **linked to the owner’s wallet**. +4. Usernames are **non-transferable**, preserving decentralization and privacy. + +### System Features +- Prevents copy-paste mistakes and address spoofing. +- 650,000 × 650,000 × 10,000 = **~3.6 quadrillion** possible combinations. +- No need for centralized name management. +- Lightweight implementation compatible with TRON’s current account structure. + +## Rationale +This design ensures TRON remains **fully decentralized**, while helping users verify recipients easily and avoid copy/paste or malware address swaps. + +## Implementation +- Minimal on-chain footprint: mapping or deterministic derivation. +- Wallet developers should show both address and username in confirmation modal. +- Optional: a small on-chain registry to lock username↔address mapping when needed. + +## Security Considerations +- Use strict ASCII-only words and a vetted wordlist to avoid homograph attacks. +- Confirmation modal must display both full address and username prior to signature. +- For large transfers, require stronger confirmation (2FA or hardware wallet). + +## Copyright +Copyright © 2025 ali&chatgpt +Licensed under Apache-2.0 diff --git a/tp/README.md b/tp/README.md index e51b5a12..583b7667 100644 --- a/tp/README.md +++ b/tp/README.md @@ -1,25 +1,55 @@ -## What is a TP? -A TRON protocol (TP) is a design document describing a particular protocol, -standard, or feature which is already implemented in TRON but not published as a TIP. -A TP should list the properties of the standard, explain the design rationale, and -provide a concise but comprehensive technical specification that can guide developers to implement it conveniently with any other languages. -A TP should not be used for indicating a specific implementation(such as java-tron) or debating governance proposals. - -## Components -A TP and TIP have similar components, which include a header, a concise summary, an abstract, the motivation, the specification, the rationale, the implementation and a copyright notice. TP is an implemented protocol, so the implementation module can include a core code of java-tron. -All top-level sections are required. -References should be included inline as links or tabulated at the bottom of the section if necessary. - -## Formatting -### General -TP specifications must be written in GitHub Flavoured Markdown. - -### Language -TP specifications should be written in simple English, avoiding obscure terminologies and unnecessary jargons. -The keywords “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). -### Pseudocode -Pseudocode in specifications should be language-agnostic and formatted in a simple standard, with line numbers, variables, simple conditional blocks, for loops, and -the English fragments are necessary to explain further functionality. -## Copyright -All content herein is licensed under [Apache2.0](https://www.apache.org/licenses/LICENSE-2.0). +TIP: Native Username System for TRON Accounts +Abstract +This proposal introduces a native username system for TRON blockchain accounts. Each account may register a unique human-readable username, reducing the risk of misdirected transactions caused by complex alphanumeric addresses. The system will be implemented at the protocol level to ensure universality across wallets, exchanges, and dApps. + +Motivation +One of the main usability issues in blockchain networks is the reliance on long, complex addresses (e.g., TXY9uZs...). Sending assets to an incorrect address due to copy-paste errors or mistyped characters can result in permanent loss of funds. + +By allowing TRON users to register a unique username, the network becomes more user-friendly, more secure, and more attractive to both individuals and businesses. Similar systems have proven successful in Web2 (social usernames, email handles) and in Web3 (ENS, etc.), but TRON lacks a native, protocol-level solution. + +Specification + +Username Registration +- Each TRON account may register a single unique username. +- Usernames are case-insensitive and must be unique across the network. +- Once registered, a username cannot be deleted. + +Change Policy +- A registered username may only be changed once per year. +- This balances flexibility with protection against abuse and impersonation. + +Length and Availability Rules +- 8 characters or more: open to individuals. These usernames are non-tradable and permanently bound to the account. +- 7 characters or fewer: reserved for companies, institutions, and brands. These usernames may be transferable and can be reserved officially via TRON DAO. + +Corporate Reservations +- Companies and verified organizations can reserve short usernames (≤7 characters). +- TRON DAO manages the reservation process. +- Payments may be made in installments over 1 year, making it accessible to both startups and enterprises. + +Protocol-Level Integration +- Username mapping will be implemented natively within the TRON blockchain, not as an external contract. +- Wallets, exchanges, and dApps must display both the username and the underlying TRON address when making transfers. +- **When a user pastes an address, the system should automatically fetch and display the associated username before confirming the transaction. This ensures the sender can visually verify the recipient and avoid mistakes.** + +Rationale +- Security: Reduces misdirected transfers caused by complex addresses. The auto-display of usernames when pasting addresses adds a crucial verification step. +- Adoption: Simplifies user onboarding and encourages mainstream adoption. +- Brand Protection: Companies can secure official usernames, preventing fraud and phishing. +- Governance: TRON DAO manages corporate reservations, ensuring fairness and transparency. + +Governance +- TRON DAO will oversee and govern the allocation of corporate usernames (≤7 characters). +- Community voting may be used to decide pricing models, installment options, and dispute resolution. +- Individuals’ usernames (≥8 characters) remain fully decentralized and non-transferable. + +Backward Compatibility +- No changes to existing TRON addresses. +- Addresses remain the core identifier at the protocol level. +- Usernames act as a human-readable overlay. + +Implementation +- Requires protocol-level update to support account-to-username mapping. +- Wallets, exchanges, and dApps will need to implement display and search functionality for usernames. +- **Transaction interfaces must resolve addresses to usernames in real time, ensuring users see both before approving transfers.**