[ZIP 302] Memo field format specification

[nathan-at-least]

DRAFT ZIP: #105 - This ticket is being addressed by a draft ZIP specification. If you are interested in this topic, please contribute to that specification.

Our current memo field content specification reads like this in the protocol spec version 2016.0-beta-1.10:

The usage of the memo field is by agreement between the sender and recipient of the note. The memo field SHOULD be encoded either as:

• a UTF-8 human-readable string [Unicode], padded by appending zero bytes; or
• an arbitrary sequence of 512 bytes starting with a byte value of 0xF5 or greater, which is therefore not a valid UTF-8 string.

In the former case, wallet software is expected to strip any trailing zero bytes and then display the resulting UTF-8 string to the recipient user, where applicable. Incorrect UTF-8-encoded byte sequences should be displayed as replacement characters (U+FFFD).

In the latter case, the contents of the memo field SHOULD NOT be displayed. A start byte of 0xF5 is reserved for use by automated software by private agreement. A start byte of 0xF6 or greater is reserved for use in future Zcash protocol extensions.

Let's begin a use case study with early users, eg exchanges, wallets, embedded apps, wrt to how they would like to use the memo field and begin proposing a standard.

Is it true that third parties wishing to implement their own "app specific / non-standard" protocols should use 0xF5 as the initial byte with no further restrictions on subsequent bytes?

[nathan-at-least]

@whyrusleeping was playing with use of the memo, and pointed out IPFS is working on a standard for self-describing data that may be relevant: https://github.com/multiformats/multicodec/blob/master/multicodec-packed.md

[zookozcash]

Is it true that third parties wishing to implement their own "app specific / non-standard" protocols should use 0xF5 as the initial byte with no further restrictions on subsequent bytes?

Yes: "A start byte of 0xF5 is reserved for use by automated software by private agreement."

[zookozcash]

To close this ticket, write a formatting convention and put it into the Zcash protocol spec that answers the following questions:

1. How do you indicate whether your memo matches the rest of this specification or not?
2. How do you indicate what is the length of your memo?
3. How do you indicate what is the encoding, codec, or type of the data in your memo?
4. Should you display it to the user, and if so how?

(Note: according to https://en.wikipedia.org/wiki/UTF-8#Description, any sequence whose first byte is 0xF8–0xFF is not a valid UTF-8 sequence. The current protocol spec (v2016.0-beta-1.10), says "starting with a byte value of 0xF5 or greater, which is therefore not a valid UTF-8 string", but I wonder if that is an error, because https://en.wikipedia.org/wiki/UTF-8#Description seems to indicate that a byte sequence whose first byte is 0xF0–0xF7 can be a valid UTF-8 encoding for a 4-byte-encoded codepoint.)

Here's a proposal:

• If the first byte (byte 0)'s value is 0xF7 or smaller, then the reader should:

  • strip any trailing zero bytes,
  • decode it as UTF-8 (replacing any incorrect UTF-8-encoded byte sequences with the replacement character U+FFFD), and display it to the user as a human-readable string.

  (Note that this is correcting an error in Zcash protocol v2016.0-beta-1.10, which said to use 0xF5 instead of 0xF7 as the upper end of this range.)

• If byte 0's value is 0xF8, then:

  • interpret the first 9 bits from byte 1 and byte 2 as an unsigned integer, and let that be the length of the payload in bytes (between 0 and 512); If this length is 510 or greater then treat this memo as invalid (i.e. do not display anything to the user except an error message saying that the memo is invalid.) Inspect the padding after the end of the indicated length, and if it contains anything other than 0 bytes treat the memo as invalid.
  • take the remaining 7 bits from byte 1 and byte 2, and treat that as an arbitrary application-defined "type" field
  • deliver to the application a 3-tuple of the following data:
    • the type (an unsigned integer between 0 and 127 inclusive on both ends)
    • the length (an unsigned integer between 0 and 509 inclusive on both ends)
    • a byte string of that length with contents equal to the payload

• If the first byte's value is between 0xF9 and 0xFE inclusive on both ends, then this memo is from the future, because first byte of 0xF9–0xFE are reserved for future specifications of this protocol.

• If byte 0's value is 0xFF then the reader should not make any other assumption about it. If you want to put data into a memo field which is inconsistent with this spec, then just put 0xFF as the first byte, and then do whatever you want with the remaining 511 bytes.

[whyrusleeping]

How about for the case of 0xf8, we use a varint for length, and a varint for the type field. That way, for small messages, we only take one byte for the length (and two bytes for longer messages) and we don't limit ourselves to only 128 message 'types'.

[jbenet]

Proposal: use multiformats varint TLV

In https://github.com/multiformats, we use the construction:

<varint-type><varint-len><value>

with an associated "codec table" that maps <varint-type> to the types you care about. These tables can be:

• system or use-case specific (we started this way, one per system/use-case, like multihash)
• universal (we'll be moving to a single table soon)

It's a "compact and extensible" TLV thing. I think it could fit here too. It would use up at least 2 bytes per value, but it would make sure:

• length is always unambiguous.
• type is unambiguous (if in the codec table)
• type is extensible forever
• types can offer both agreement-based types (common table, shipped with software) and permissionless innovation (reserved ranges, as in zooko's proposal above, for people to extend themselves)

cons:

• varints (i dont think this is a big deal, but some do)
• codec table (must maintain a table. but i think this is unavoidable, as "range X represents Y" is another form of "table" hardcoded in the software).

Proposal Qs answered

1. How do you indicate whether your memo matches the rest of this specification or not?

• the type codec table is infinitely extensible.
• the type codec table can have one entry to say "raw binary"
• the type codec table can have one entry to say "explicitly NOT TLV".
  • This could be done with and without the length. i would keep the length, but for completeness, <varint-code-saying-NOT-TLV><value> would not specify the length,. This would abandon the invariant that "length is always specified", but there may be valid cases for this.

1. How do you indicate what is the length of your memo?

• a varint length in the prefix. L in TLV.

1. How do you indicate what is the encoding, codec, or type of the data in your memo?

• a varint code in the prefix. mapping to an agreed-upon codec table, which may or may not have reserved ranges.

1. Should you display it to the user, and if so how?

(assuming this means "users of the code)

• Yes, i would return the entire TLV value to the user, so they can make use of the type and length information in applications. An optional "without prefix" accessor could exist that removes the prefix for convenience, but this is a utility function, that leverages only the knowledge that there's two varints at the beginning.

Subproposal: mutlicodec-packed table

You can further choose to use the "multicodec-packed" table as the "codec table", if our types are desirable to you. But this is strictly a separate concern. basically:

<multicodec-packed><varint-len><value>

where <multicodec-packed> means a code in the multicodec table, being defined in this PR. You are very welcome to come and add your types to the table as needed. But "which types we care about" and "keeping the codec table small to avoid wasting one more byte" can be a contentious detail. (i personally think it's not very serious thing, given just 2 bytes = 16K types... and i dont expect to get to 3 in 10 years).

[zookozcash]

Okay, here's an update of https://github.com/zcash/zcash/issues/1849#issuecomment-260093393 with the varint/TLV suggestions from @whyrusleeping and @jbenet

• If the first byte (byte 0)'s value is 0xF7 or smaller, then the reader should:

  • strip any trailing zero bytes,
  • decode it as UTF-8 (replacing any incorrect UTF-8-encoded byte sequences with the replacement character U+FFFD), and display it to the user as a human-readable string.

  (Note that this is correcting an error in Zcash protocol v2016.0-beta-1.10, which said to use 0xF5 instead of 0xF7 as the upper end of this range.)

• If byte 0's value is 0xF8, then:

  • Interpret the next few bytes (1 to 9 of them) as a 64-bit unsigned varint/ULEB, and use it as an arbitrary application-defined "type" field.
  • Interpret the next bytes (1 to 2 of them) as a 16-bit unsigned ULEB, and use it as the length field. If 1 + the number bytes used for the type field + the number of bytes used for the length field + the length > 512 then error out, i.e. do not do any further processing, and do not return any information about the memo to the caller other than that it was incorrectly formatted.
  • Inspect the padding after the end of the indicated length, and if it contains anything other than 0 bytes treat then error out.
  • Return to the caller a 3-tuple of the following data:
    • the type — an integer in [0…2^64)
    • the length — an integer in [0 and 509]
    • a byte string of that length which contains the payload

• If the first byte's value is between 0xF9 and 0xFE inclusive on both ends, then this memo is from the future, because first byte of 0xF9–0xFE are reserved for future specifications of this protocol.

• If byte 0's value is 0xFF then the reader should not make any other assumption about it. If you want to put data into a memo field which is inconsistent with this spec, then just put 0xFF as the first byte, and then do whatever you want with the remaining 511 bytes.

[daira]

The specification is correct in saying that the range of valid UTF-8 start bytes is from 0 to 0xF4 inclusive. @zookozcash, you may not have taken into account that the most significant 3 bits of a 21-bit code point are necessarily 100, because code points only go up to 0x10FFFF.

[zookozcash]

Okay here's an update of https://github.com/zcash/zcash/issues/1849#issuecomment-260151170 with the correct value of the lowest number that can't be a valid first byte for a UTF-8 encoded string:

• If the first byte (byte 0)'s value is 0xF4 or smaller, then the reader should:
  • strip any trailing zero bytes,
  • decode it as UTF-8 (replacing any incorrect UTF-8-encoded byte sequences with the replacement character U+FFFD), and display it to the user as a human-readable string.
• If byte 0's value is 0xF5, then:
  • Interpret the next few bytes (1 to 9 of them) as a 64-bit unsigned varint/ULEB, and use it as an arbitrary application-defined "type" field.
  • Interpret the next bytes (1 to 2 of them) as a 16-bit unsigned ULEB, and use it as the length field. If 1 + the number bytes used for the type field + the number of bytes used for the length field + the length > 512 then error out, i.e. do not do any further processing of the memo, and do not return any information about the memo to the caller other than the fact that it was incorrectly formatted.
  • Inspect the padding after the end of the indicated length, and if it contains anything other than 0 bytes then error out.
  • Return to the caller a 3-tuple of the following data:
    • the type — an integer in [0…2⁶⁴)
    • the length — an integer in [0…510)
    • a byte string of that length which contains the payload
• If the first byte's value is between 0xF6 and 0xFE inclusive on both ends, then this memo is from the future, because first byte of 0xF6–0xFE are reserved for future specifications of this protocol.
• If byte 0's value is 0xFF then the reader should not make any other assumption about the memo. If you want to put data into a memo field that doesn't use the type-length-value scheme above, then put 0xFF as the first byte, and then do whatever you want with the remaining 511 bytes.

[zookozcash]

@whyrusleeping: Would you please update https://github.com/whyrusleeping/zmsg/blob/master/main.go#L43 to reflect https://github.com/zcash/zcash/issues/1849#issuecomment-260169726 and tell me, based on that implementation, if you think https://github.com/zcash/zcash/issues/1849#issuecomment-260169726 is good enough?

[whyrusleeping]

@zookozcash Updated! And yeah, that makes sense to me, i'll go ahead and implement your proposal in zmsg's message parsing

[jbenet]

https://github.com/zcash/zcash/issues/1849#issuecomment-260169726 LGTM! 👍

[nathan-at-least]

I haven't reviewed @jbenet or @zookozcash s' proposals yet. Instead I want to brain dump some potential use cases:

Sender's Address: encode the sender's preferred address in the memo field.

• basic scheme to support two-way relationships.
• A common use might be refunding incorrect amounts, over payments, etc…
• Vendors may be able to use this as a rudimentary customer tracking system (wallet UIs should obviously make this a clear opt in/out feature). Eg: Customer sends deposit, vendor misses it due to a transient db failure, customer says "I want a refund", vendor says: "If you a wallet that supports the Standard Sender's Address Scheme, tell us your address and we can scan the blockchain to find your deposit." (There is a lot of room for better ways to manage this.)
• Other uses might be to bootstrap a two-way relationship, such as when Alice sends Bob a tip to his public tipping address, then Bob uses something like a 'Z message app' to tell Alice 'Thanks!'.

[whyrusleeping]

Chatting with @nathan-at-least today, I think with the length prefixed codes, we can have multiple in a given memo field. This would allow us to do things like have a zmsg and a return address (using a standardized return address format) in the same memo.

[zawy12]

I'm a little confused or maybe concerned about Zooko's comments above beginning with

If byte 0's value is 0xF5, then:....

I hope the memo field when beginning with 0xF5 remains a free-for-all (unrestricted binary). I'm working on a English compression scheme for it for private messaging. It appears 3x compress (1500 bytes of ascii text) is the best that can be done because it's too short to hardly benefit from message-specific lookup tables in the stream.