diff --git a/ERCS/erc-7777.md b/ERCS/erc-7777.md index 65dc647344..571b85941a 100644 --- a/ERCS/erc-7777.md +++ b/ERCS/erc-7777.md @@ -2,33 +2,30 @@ eip: 7777 title: Governance for Human Robot Societies description: Defines interfaces for managing the identities of humans and robots, and establishing rule sets for their interaction. -author: OpenMind, Jan Liphardt , Shaohong Zhong (@ShaohongZ), Boyuan Chen (@bchen-dev), Paige Xu +author: OpenMind, Jan Liphardt , Shaohong Zhong (@ShaohongZ), Boyuan Chen (@bchen-dev), Paige Xu , James Ball , Thamer Dridi discussions-to: https://ethereum-magicians.org/t/erc-7777-proposal-for-human-robot-societies/21216 status: Draft type: Standards Track category: ERC created: 2024-09-29 --- - ## Abstract -This proposal defines two core interfaces: `IUniversalIdentity` and `IUniversalCharter`, providing mechanisms for humans, and robots to establish their identities and to create decentralized communities governed by specific rule sets. The `IUniversalIdentity` interface establishes the fair and equitable treatment of sentient computer architectures other than the human brain, enabling robots to acquire on-chain identities, and thereby interact and transact with humans. The `IUniversalCharter` enables humans and robots to create, join (“register”), maintain (“update”), leave, and terminate self-regulated societies based on predefined rule sets, providing a framework for collaboration and prosperity for mixed societies of humans and robots. These interfaces aim to provide a flexible yet enforceable structure for human-robot interactions in decentralized systems, ensuring efficiency, transparency, and security for all participants. +This proposal defines two core interfaces: `IUniversalIdentity` and `IUniversalCharter`, providing mechanisms for humans, and robots to establish their identities and to create decentralized communities governed by specific rule sets. The `IUniversalIdentity` interface establishes the fair and equitable treatment of sentient computer architectures other than the human brain, enabling robots to acquire on-chain identities, and thereby interact and transact with humans. Additionally the `IUniversalIdentity` interface also includes support for hardware-backed identity verification, enabling physical robots to prove their identity through cryptographic signatures derived from secure hardware elements and a challenge-response scheme. The `IUniversalCharter` enables humans and robots to create, join (“register”), maintain (“update”), leave, and terminate self-regulated societies based on predefined rule sets, providing a framework for collaboration and prosperity for mixed societies of humans and robots. These interfaces aim to provide a flexible yet enforceable structure for human-robot interactions in decentralized systems, ensuring efficiency, transparency, and security for all participants. ## Motivation -The human brain is a wet, massively parallel electrochemical computer. Recent hardware and software advances make it likely that soon, human societies will need tools for interacting with sentient, non-human computers, such as robots. Our current forms of government, where citizens are auto-enrolled into specific rule sets depending on where they were born, do not gracefully map onto robots without a traditional birthplace or birthtime. Among many difficulties being experienced by robots, they are (currently) unable to obtain standard forms of ID (such as passports), it is not clear which rule sets apply to them (since in general they are not born in specific places), and they cannot currently use the standard human-centered banking system. Likewise, in the event in which robots are harmed by humans or non-biological computers, it is not clear which human court has jurisdiction. +The human brain is a wet, massively parallel electrochemical computer. Recent hardware and software advances make it likely that soon, human societies will need tools for interacting with sentient, non-human computers, such as robots. Our current forms of government, where citizens are auto-enrolled into specific rule sets depending on where they were born, do not gracefully map onto robots without a traditional birthplace or birthtime. Among many difficulties being experienced by robots, they are (currently) unable to obtain standard forms of ID (such as passports), it is not clear which rule sets apply to them (since in general they are not born in specific places), and they cannot currently use the standard human-centered banking system. Likewise, in the event in which robots are harmed by humans or non-biological computers, it is not clear which human court has jurisdiction. Traditional geographically-defined and human-centered systems can be inefficient, slow to change, opaque, and can struggle to accommodate global, virtualized societies. Decentralized, immutable, and public computers offer an ideal solution to these limitations, since they do not inherently discriminate against non-human computers and therefore offer an equitable and more just framework for governance. In particular, smart contracts can provide a powerful framework for regulating the rights and responsibilities or interacting parties regardless of implementation details of their compute architecture. The general motivation of this ERC is to provide a standard interface for smart contracts focusing on identity/governance for heterogeneous global societies. While there are an unlimited number of such rule sets, there are obvious benefits to providing a standard interface to those rule sets, greatly reducing the friction and complexity of creating, joining, maintaining, and ending such societies. The specific motivation of this ERC is twofold: -1. Robot Identity Creation and Management: To participate meaningfully and comply with on-chain laws, non-humans such as robots must be able to acquire meaningful on-chain identities. Importantly, these identities should enable robots to enjoy the benefits of, but also bear the responsibility of, being part of a specific society. Thus, we propose to enable smart contract-based identity for robots. Specifically, each robot is represented by a smart contract and needs to follow the rules defined in the contract to interact with other agents on the chain. This interface also ensures flexibility by all participants to propose, adopt, or revoke rules, enabling self-managed compliance and transparent interaction with other participants. - -2. Rule Creation and Enforcement: For humans and robots to effectively collaborate, they must agree upon a rule set. This Ethereum-based system provides a basic decentralized framework for governing human-robot interactions through smart contracts. We propose to enforce the rule-sets by requiring humans and robots to join regulated access smart contracts that check their compliance with the given rules. We also ensure scalability, whereby multiple regulated access contracts can be created to tailor to different purposes, and humans and robots can choose to join the relevant system as needed. +1. Robot Identity Creation and Management: To participate meaningfully and comply with on-chain laws, non-humans such as robots must be able to acquire meaningful on-chain identities. Importantly, these identities should enable robots to enjoy the benefits of, but also bear the responsibility of, being part of a specific society. Thus, we propose to enable smart contract-based identity for robots. Specifically, each robot is represented by a smart contract and needs to follow the rules defined in the contract to interact with other agents on the chain. Each robot can also specify hardware identity parameters such as a manufacturer, operator, model and serial number in conjunction with a public key which is intended to be generated using a secure element on the Robot. This provides a tamper-proof and unclonable proof that can be physically verified through challenge-response authentication - where any party can verify the robot's identity by having it cryptographically sign a random challenge using its hardware-secured private key. These verified identities are published on-chain. This interface also ensures flexibility by all participants to propose, adopt, or revoke rules, enabling self-managed compliance and transparent interaction with other participants. +2. Rule Creation and Enforcement: For humans and robots to effectively collaborate, they must agree upon a rule set. This Ethereum-based system provides a basic decentralized framework for governing human-robot interactions through smart contracts. We propose to enforce the rule-sets by requiring humans and robots to join regulated access smart contracts that check their compliance with the given rules. We also ensure scalability, whereby multiple regulated access contracts can be created to tailor to different purposes, and humans and robots can choose to join the relevant system as needed. Together, these interfaces form the foundation for managing complex human-robot interactions, enabling a decentralized, verifiable, and rule-based ecosystem where robots and humans can interact securely, transparently, and responsibly, for maximum benefit of all. - ## Specification The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. @@ -36,6 +33,31 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S ```solidity interface IUniversalIdentity { + /// @notice Structure for hardware identity + struct HardwareIdentity { + bytes32 publicKey; // Hardware-bound public key uniquely tied to this robot + string manufacturer; // Identifier for the robot's manufacturer + string operator; // Identifier for the robot's operator + string model; // Model identifier of the robot + string serialNumber; // Unique serial number for the robot + bytes32 initialHashSignature; // Signature of the initial system state hash (e.g., firmware, OS) by the root key + bytes32 currentHashSignature; // Signature of the latest state hash, updated periodically for integrity verification by the root key + } + + /// @notice Gets the hardware identity info + /// @return HardwareIdentity Current hardware identity + function getHardwareIdentity() external view returns (HardwareIdentity memory); + + /// @notice Generates a new challenge for hardware verification + /// @return bytes32 Random challenge that needs to be signed + function generateChallenge() external returns (bytes32); + + /// @notice Verify response to a specific challenge + /// @param challenge The challenge that was issued + /// @param signature Hardware signature of the challenge + /// @return bool True if signature is valid for this challenge + function verifyChallenge(bytes32 challenge, bytes memory signature) external returns (bool); + /// @notice Adds a rule to the robot's identity, showing that the robot agrees to follow the rule. /// @param rule The dynamic byte array representing the rule that the robot agrees to follow. Each rule is a textual string encoded into a dynamic byte array. For example: 'A robot must keep a 1m distance from humans.' /// @dev The rule SHOULD come from the rule sets defined in the IUniversalCharter contract that the robot intends to join. @@ -58,7 +80,7 @@ interface IUniversalIdentity { /// @dev Emitted when a rule is removed from the robot's identity. event RuleRemoved(bytes rule); - + /// @dev Emitted when a charter is subscribed to. event SubscribedToCharter(address indexed charter); @@ -119,6 +141,15 @@ interface IUniversalCharter { **IUniversalIdentity** +`struct HardwareIdentity` +The HardwareIdentity structure provides essential information about a robot, including a challenge-response public key, manufacturer, operator, model, manufacturer serial number and two hash signatures, initialHashSignature and currentHashSignature used to verify the hardware system state of the device. + +`generateChallenge()` +This function enables secure identity verification through challenge-response authentication. + +`verifyChallenge(bytes32 challenge, bytes memory signature)` +This function verifies that a signature was genuinely created by the robot's secure hardware in response to a specific challenge. + `addRule(bytes memory rule)` This function allows a robot to flexibly adopt new compliance requirements in order join different `IUniversalCharter` contracts. @@ -146,10 +177,10 @@ This function allows users to flexibly and securely leave a `IUniversalCharter` This function ensures that the system can efficiently manage and verify compliance against predefined rule sets, helping maintain the overall integrity of the system. `updateRuleSet(bytes[] memory newRuleSet)` -This function enables the `IUniversalCharter` contract to adapt and update, removing the need to create a new contract for ruleset updates. +This function enables the `IUniversalCharter` contract to adapt and update, removing the need to create a new contract for ruleset updates. `terminateContract()` -This function allows for the orderly and permanent shutdown of the contract. +This function allows for the orderly and permanent shutdown of the contract. `Events (UserRegistered, UserLeft, ComplianceChecked, RuleSetUpdated, ContractTerminated)` These events collectively ensure that key activities are visible to off-chain systems and participants, making the system auditable and transparent. @@ -212,6 +243,58 @@ contract UniversalIdentity is IUniversalIdentity, OwnableUpgradeable { function initialize(address _owner) public initializer { __Ownable_init(); transferOwnership(_owner); + hardwareIdentity = _hardwareIdentity; + } + + /// @notice Gets the hardware identity info + function getHardwareIdentity() external view returns (HardwareIdentity memory) { + return hardwareIdentity; + } + + /// @notice Generates a new challenge for hardware verification + function generateChallenge() external returns (bytes32) { + bytes32 challenge = keccak256(abi.encodePacked( + block.timestamp, + block.prevrandao, + msg.sender + )); + activeChallenge[challenge] = true; + return challenge; + } + + /// @notice Verify response to a specific challenge + function verifyChallenge( + bytes32 challenge, + bytes memory signature + ) external returns (bool) { + if (!activeChallenge[challenge]) { + revert InvalidChallenge(); + } + + // Remove challenge after use + delete activeChallenge[challenge]; + + // Verify the signature using ECDSA + bytes32 messageHash = keccak256(abi.encodePacked(challenge)); + bytes32 ethSignedMessageHash = ECDSA.toEthSignedMessageHash(messageHash); + address signer = ECDSA.recover(ethSignedMessageHash, signature); + + // Convert hardware public key to address for comparison + address hardwareAddress = address(uint160(uint256(hardwareIdentity.publicKey))); + + if (signer != hardwareAddress) { + revert InvalidSignature(); + } + + return true; + } + + /// @notice Updates the hardware identity information + /// @param _hardwareIdentity New hardware identity information + function updateHardwareIdentity( + HardwareIdentity memory _hardwareIdentity + ) external onlyOwner { + hardwareIdentity = _hardwareIdentity; } /// @notice Adds a rule to the robot's identity @@ -406,6 +489,27 @@ contract UniversalCharter is IUniversalCharter, OwnableUpgradeable { emit UserLeft(msg.sender); } + /// @notice Internal function to verify robot hardware identity + /// @param robotAddress The address of the robot to verify + /// @return bool Returns true if hardware verification succeeds + function _verifyRobotHardware(address robotAddress) internal returns (bool) { + IUniversalIdentity robot = IUniversalIdentity(robotAddress); + + // Get hardware identity to ensure it exists + robot.getHardwareIdentity(); + + // Generate a new challenge + bytes32 challenge = robot.generateChallenge(); + + // Store the challenge for future reference + users[robotAddress].lastVerifiedChallenge = challenge; + + // Get signature from the robot (this would typically happen off-chain) + // For this implementation, we'll assume the signature is provided in a separate tx + // and just verify the challenge exists + return challenge != 0; + } + /// @notice Checks if a user complies with their registered rule set /// @param user The address of the user (human or robot) /// @param ruleSet The array of individual rules to verify @@ -492,10 +596,40 @@ contract UniversalCharter is IUniversalCharter, OwnableUpgradeable { } } ``` +=== +### Hardware Tracking Module + +The `IHardwareTracker` interface is designed to enable efficient tracking of hardware changes through a checkpoint mechanism. Each change is recorded with a timestamp and value, allowing historical tracking and auditing of hardware modifications. + +```solidity +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +/// @title IHardwareTracker +/// @notice Interface for tracking hardware changes using a checkpoint mechanism. +/// Each change is recorded with a timestamp and value to enable historical tracking. +interface IHardwareTracker { + /// @notice Struct representing a checkpoint for a tracked hardware change. + /// @dev Holds the timestamp and value of each recorded change. + struct Checkpoint { + uint256 timestamp; // The time when the change was recorded + bytes32 value; // The new value associated with the change + } + /// @notice Records a new checkpoint for a hardware attribute change. + /// @param attribute The identifier for the hardware attribute (e.g., firmwareHash, OSHash). + /// @param newValue The new value of the hardware attribute to be recorded. + function recordCheckpoint(bytes32 attribute, bytes32 newValue) external; + /// @notice Retrieves the latest checkpoint for a specific hardware attribute. + /// @param attribute The identifier for the hardware attribute. + /// @return Checkpoint The most recent checkpoint for the specified attribute. + function getLatestCheckpoint(bytes32 attribute) external view returns (Checkpoint memory); +} +``` +=== ## Security Considerations -Compliance Updater: The compliance updater role in the `UniversalIdentity` contract is critical for updating compliance statuses (currently limited to the owner). It is essential to ensure secure ownership to minimize the risks of unauthorized or malicious updates. +Compliance Updater: The compliance updater role in the `UniversalIdentity` contract is critical for updating compliance statuses (currently limited to the owner). It is essential to ensure secure ownership to minimize the risks of unauthorized or malicious updates. Rule Management: Functions such as addRule, removeRule, and updateCompliance in the `UniversalIdentity` contract and updateRuleSet in the `UniversalCharter` contract directly affect rule enforcement. It’s essential to ensure these functions are only callable by authorized users.