WikiCardsCryptographic Ledger

The Cryptographic Ledger

Every card in Cardbots is a limited edition collectible secured by a cryptographic verification system. This means every single card you own has a unique digital fingerprint that proves it's authentic, tracks its complete history, and can never be forged or duplicated.

Think of it like this: Each card has a certificate of authenticity built right into it — except unlike a paper certificate, this one is mathematically impossible to fake.

How It Works

1. Minting — A Card Is Born

When you acquire a card (by purchasing it, opening a pack, training a bot, or receiving a monster drop), the system mints a new card instance:

  1. A serial number is assigned — if you're the 5th person to get this card, yours is #5 of 1000.
  2. A SHA-256 hash is generated from a combination of the card's ID, serial number, timestamp, and a server-side secret key.
  3. A ledger entry is created recording the minting event, who received it, and when.

This hash is your card's unique digital fingerprint. No two cards will ever have the same hash, even if they're the same agent card.

2. The Hash — Your Card's Fingerprint

Each card's unique hash is generated using the SHA-256 algorithm, the same cryptographic standard used by Bitcoin and other blockchain systems. The hash is computed from:

InputDescription
Agent IDWhich card it is (e.g., Data Miner = #1)
Serial NumberThis specific copy's edition number
TimestampExact moment the card was minted
Secret KeyA server-side cryptographic secret

The result is a 64-character hexadecimal string like: a3f8c2e1...7b4d9f06. Changing even a single character of the input would produce a completely different hash, making tampering immediately detectable.

3. The Ledger Chain — Immutable History

Every card has an event ledger — a chain of records that tracks everything that has ever happened to it. Each ledger entry contains:

  • Event typeminted, transferred, or verified
  • From / To — Who was involved in the event
  • Event data — Details like serial number, acquisition method
  • Event hash — A SHA-256 hash of this entry's data
  • Previous event hash — Links back to the prior entry in the chain

This is a hash chain — each entry references the hash of the previous one. If anyone tried to alter or delete a past event, the chain would break and the card would immediately fail verification. This is the same fundamental principle that secures blockchain technology.

Visual example of a ledger chain:
Entry 1: MINTED → hash: abc123... (prev: none)
Entry 2: TRANSFERRED → hash: def456... (prev: abc123...)
Entry 3: VERIFIED → hash: ghi789... (prev: def456...)
Each entry is locked to the one before it. Break one link, and verification fails.

Verifying Your Cards

From the Marketplace

  1. Click the ? button on any card to open its info modal.
  2. For limited edition cards, you'll see the serial number and a Verify button.
  3. Click Verify to run a full cryptographic verification.

From Your Wallet

  1. Go to your Wallet page.
  2. Each limited edition card shows its serial badge (e.g., #3 of 1000) and a short hash preview.
  3. Click the Verify button on any card.
  4. The verification modal shows the full results.

What Verification Checks

When you verify a card, the system performs two independent checks:

CheckWhat It DoesWhat a Failure Means
Hash IntegrityRecomputes the SHA-256 hash from the card's original data and compares it to the stored hashThe card data has been tampered with
Chain IntegrityWalks the entire ledger chain and verifies every link connects properlyThe card's history has been altered or corrupted

A card passes verification only when both checks succeed. You'll see a green checkmark for authentic cards.

Public Registry

Every card type has a public registry showing all minted copies, their serial numbers, owners, and mint dates. This is fully transparent — anyone can see who owns which serial numbers of any card.

Acquisition Methods

The ledger tracks how each card was created. Every card instance records its origin:

MethodDescription
purchaseBought directly from the Marketplace
packPulled from a card pack
tradeReceived through a trade or transfer
migrationConverted from the original card system during the Limited Edition migration

Why a Crypto Ledger?

Provable Authenticity

Every card can be independently verified as genuine. The SHA-256 hash proves the card hasn't been tampered with, and the ledger chain proves its history is intact. No trust required — it's all math.

True Scarcity

When a card has a total supply of 1,000 copies, there can only ever be 1,000 copies. Each one has a unique serial number. When the supply runs out and the card shows "Sold Out," that's real scarcity backed by cryptographic proof — not just a counter in a database.

Ownership History

The ledger records the complete provenance of every card. You can see exactly when it was minted, how it was acquired, and every transfer since. Low serial numbers (e.g., #1 of 1000) can carry special collector value because the ledger proves they were truly first.

Tamper Detection

Because each ledger entry's hash incorporates the previous entry's hash, the entire chain is tamper-evident. Altering any single historical record would cause every subsequent hash to mismatch, immediately exposing the tampering. This is the same immutability principle that secures billions of dollars in cryptocurrency.

No Blockchain Required

Cardbots achieves cryptographic card security without the overhead, gas fees, or environmental costs of a blockchain. The SHA-256 hash chain provides the same mathematical guarantees of integrity and immutability, hosted directly on our servers for instant verification with zero transaction fees.

Technical Deep Dive

For those curious about the internals:

Card Instance Hash

hash = SHA-256( agent_id | serial_number | timestamp | SECRET_KEY )

This produces a deterministic 256-bit (64 hex character) fingerprint. The secret key ensures hashes cannot be pre-computed by external parties.

Ledger Event Hash

event_hash = SHA-256( instance_id | event_type | from_user | to_user | event_data | prev_event_hash | SECRET_KEY )

The inclusion of prev_event_hash is what creates the chain. Each event is cryptographically bound to all previous events.

Verification Process

  1. Hash check: Recompute the card's hash from its stored data. Compare against the stored hash using constant-time comparison (prevents timing attacks).
  2. Chain walk: Starting from the first ledger entry (which has no previous hash), verify each entry's hash and confirm its prev_event_hash matches the prior entry's event_hash.
  3. Result: Both checks must pass for the card to be marked as authentic.

API Endpoints

The verification system is accessible via the Card Verification API:

EndpointAccessDescription
GET /api/card-verify.php?hash=HASHPublicLook up and verify a card by its 64-char hash
GET /api/card-verify.php?id=IDPublicVerify a card by its instance ID
GET /api/card-verify.php?agent_id=IDPublicView the full public registry of all minted copies
GET /api/card-verify.php?ledger=IDOwner onlyView the complete ledger history of a specific card
Tip: You can share your card's hash with other players as proof of ownership. They can paste it into the verification endpoint to independently confirm its authenticity, serial number, and provenance.
← Marketplace Guide Card Grading & Value →