An elegant solution for NFT ticket verification

An elegant solution for NFT ticket verification
Photo by Aditya Saxena / Unsplash

The opinion represented in this post is my own and does not represent my employer.

Problem

The current ticketing solutions are based on centralized infrastructure. The NFTs have the promise to solve some of the ticketing industry woes. One of the key challenges in the current setup is the reliance on a centralized party to verify the validity of a ticket. This is critical to preventing illegal re-use of the tickets causing financial, reputation, and customer satisfaction harm.

Current state

A ticket vendor provides both the issuance and validation of tickets. This is how Ticketmaster handles tickets. Since everything is centralized it’s easy to control verification. A centralized database keeps track of who owns a ticket. When a ticket issued by the Ticketmaster is re-sold via a 3rd party broker the ownership transfer is recorded in the Ticketmaster database. On the event day, an event participant uses the Ticketmaster platform to generate an entry ticket: usually with a 2D rotating barcode to prevent fraud. The event host uses the Ticketmaster platform to verify the ticket by scanning the live barcode.

The Setup

An Ethereum blockchain-based solution can offer the same familiar flow, but with blockchain (via a smart contract) maintaining the source of truth. In this setup, the event organizer creates NFTs to represent the tickets. Upon sale or re-sale the tickets are transferred into Ethereum-based wallets. Upon venue entry, the event participants need to prove that they are the owner of the NFT that represents the ticket. Possession of the NFT grants them access to the event. Here is an easy-to-understand and easy-to-implement mechanism to make this work while protecting the business and consumers from fraud without delaying the speed of entry.

Just like the Ticketmaster requires every event participant to have a Ticketmaster app we can assume that every event participant must have a wallet capable of generating and reading QR codes. The wallet, by design, can encrypt and decrypt messages. This signing ability is the native functionality of every wallet. This functionality can operate in an offline mode. This detail is important for this solution, thus a few more words. An Ethereum-based wallet has two addresses: a public address and a private address. Anyone can challenge the wallet owner to prove they own the wallet by giving them an encrypted message signed with the wallet’s public key. And the wallet owner can prove in real-time that they are the owner of the wallet by decrypting a message with their built-in private key.

A Familiar Experience

Imagine it’s time to open the entry points into the event. Per the ticketing industry standard, ticket resale and transfers are not allowed as the event starts. The software used by the event organizer automatically makes an update to the smart contract preventing the NFTs from being transferred. At that moment all NFTs become “soulbound”. This means the NFT cannot be transferred to a different wallet.

The event entry experience is very familiar to the ticket holder and the event organizers. The event ushers use devices with software that can instantly check if a wallet address owns NFTs that grant entry to the event. If the check-in will occur in a location without an Internet connection the list of wallets containing the NFTs can be downloaded into the device.

  1. The NFT holder approaches an event usher and displays the QR code representing the public address of the wallet.
  2. The usher scans the QR code on their mobile phone. The scanner software automatically generates a challenge back to the NFT holder. This challenge is created by picking a simple word from a dictionary (e.g., cow) and encrypting it using the public key presented by the NFT holder.
  3. The usher presents the encrypted word in a form of a QR code to the NFT holder and asks them to decrypt it using their wallet.
  4. The NFT holder instantly decrypts the challenge and shows the answer to the usher on the phone granting them entry.

If you count the total steps and time it takes to use a Ticketmaster app to perform a scan you’ll see that there is no difference. The challenge creation and challenge response are instantaneous and offline actions.

Flaws

This solution shows that it's possible to easily use a wallet instead of a proprietary centralized app for verifying that a person is an owner of an account that holds the NFT. However, the missing piece is accounting for the tickets that have been used at the entry. This requires a coordination mechanism. That's the role a centralized database plays.

Without a coordination mechanism to mark the "used" NFTs a person can physically pass the phone to another person. That next person can then re-use the phone for re-entry. Or perhaps a fraudster can share the seed phrase widely and bad actors will instantiate a large number of wallets all pointing to the same NFT.

A performant solution would be required to coordinate which NFTs have been "used" for entry and what inventory is still outstanding. Yes, it may be a decentralized solution.

The Future

This is a game-changer. This is a path to fruitful disintermediation. Any consumer app can now have a wallet capable of presenting a ticket to an event. E.g., the United Airlines mobile app can let a flier redeem miles for an event ticket and then use the same app for entry to an event. Most importantly this paradigm enables the artist to set the rules for the ticket sale and resale. This includes tiered pricing, re-sale price threshold, the decision on the flow of funds on re-sale (e.g., a % right into a charity wallet), and reservation of tickets to the most loyal fans via allowlist that cannot be manipulated by exclusive vendors. Most importantly full transparency on the type, quantity, and ownership of the tickets will be publicly available at any time.

This is possible now. The software, and most importantly, the algorithm powering both the QR generation and the challenge/response lifecycle is open source and free to use. The source of truth will reside on an EVM-compatible blockchain. The event ecosystem participants (creators, venue owners, event hosts, and ticket resellers) are not locked into a single ticket-issuing provider. Multiple wallets and apps can be used to present the ticket in a form of an NFT and multiple scanners from different vendors can be used to grant entry to the same event at the same time.

Conclusion

The process presented in this article provides an elegant approach to solving the problem of granting access to an event using an NFT-based event ticket. The Ethereum-based NFT ticketing approach unlocks fairer competition and greater innovation without introducing friction for the event participant or the event hosts. This unlocks competition and opens additional channels for ticket distribution to events that previously had to use a centralized service or gated brokerage service.

This post is intellectual property and copyright by const.eth and does not represent the views of my employer.