tip-796.md

🧠 TIP-796 — TRON Account-Layer Username Standard Status: Draft Type: Standards Track Authors: Ali & ChatGPT GitHub: @alichatme Created: September 25, 2025 License: MIT © 2025 📘 Summary TIP-796 introduces a native, unique, non-transferable username standard for TRON accounts, implemented directly at the Account Layer. This system: requires no smart contracts charges zero gas/fees enhances security, usability, and human readability neutralizes dozens of address-based attack vectors remains fully compatible with TRON’s existing architecture Its goal is to create a trustworthy, human-readable identity layer that eliminates address confusion, phishing, and UI-level manipulation. 🧩 Username Structure All TRON usernames must begin with uppercase TR and follow one of three valid patterns using lowercase ASCII letters (a–z) and digits (0–9). Mode 1 TR + two English words + four-digit number Example: TRsunboy1185 Mode 2 TR + first word + four-digit number + second word Example: TRsun7217boy Mode 3 TR + four-digit number + two English words Example: TR7516sunboy Rules: No special characters, spaces, or underscores 100% ASCII 100% LTR storage and rendering Uppercase TR prefix is mandatory and part of the username identity 🔠 LTR Enforcement & Visual Anti-Spoofing Usernames must always be stored and displayed Left-to-Right (LTR). This eliminates: Homograph attacks RTL/LTR direction-switch attacks Font-based spoofing Display manipulation in Persian/Arabic/Hebrew UI environments ⚙️ Core Rules The TR prefix is mandatory and stored on-chain exactly as is. Wallets must display the full username (including TR) and the full address before signing any transaction. Wallets may not shorten or hide any part of the username. The system operates entirely at the Account Layer, with zero cost and no protocol burden. 🔥 Full Elimination of All Known Address-Based Attacks (Highest Security Level Achievable in Blockchain Username Systems) TIP-796 neutralizes every major attack vector involving addresses, including:

1. Clipboard Hijacking Malware replacing clipboard addresses → Mismatch with destination username immediately exposes the attack.
2. Address Spoofing / Look-Alike Generation Attackers generate thousands of similar addresses → Username is non-spoofable and breaks the attack.
3. Homograph Attacks Swapping characters like "0" with "٠" → Disallowed entirely by ASCII-only enforcement.
4. RTL/LTR Direction Attacks Manipulating direction to flip parts of the address → LTR-only rendering disables this attack type completely.
5. UI-Layer Manipulation Attacks Fake wallets hiding or visually slicing an address → Mandatory full username display prevents deception.
6. Social Engineering on Non-Technical Users Human-readable usernames + enforced visibility → Human error nearly eliminated.
7. Spam-Activation & Transaction Injection Attacks Spammers send micro-transactions to appear in “recent activity” → A consistent, unfakeable username breaks this deception model. 🔥 Username Assignment — Anti-Bot & Anti-Abuse Mechanisms To prevent large-scale automated account creation or username farming:
8. Time-Delay Assignment (Cooldown Window) A username is assigned only after a configurable delay following account activation. Default: 24 hours Nodes may increase to 48 hours or more for stricter anti-abuse.
9. Minimum Balance Requirement A username is assigned only if the account maintains a minimum balance during the cooldown. Suggested default: 2 TRX (or equivalent frozen balance) Can be increased to 10 TRX for stronger protection.
10. Mandatory Wallet Onboarding Before Display Before showing the username, the wallet must display a multilingual onboarding panel explaining: what the username is how it is generated how it is bound to the account how it protects the user where it is displayed how to use it safely User must scroll and explicitly confirm.
11. Optional Anti-Bot Challenge (Local CAPTCHA / PoW) Wallets may require a lightweight challenge. Network only verifies the result; execution remains wallet-side. Combined effect: Bots must: wait 24–48 hours hold real TRX complete onboarding solve CAPTCHAs repeat this for every account ➡️ Economically impossible ➡️ Fully kills username-mining bots 📊 Namespace Capacity With over 650,000 English words, the system supports: 12.6 quadrillion unique usernames 🎯 Purpose To provide TRON with a native, decentralized, visually safe, and non-spoofable identity layer — eliminating human-layer vulnerabilities without gas, fees, or smart contracts. 🔮 Future Extensions Additional structural modes Expanded character sets Special categories for NFTs, MemeCoins, or ecosystem tags 📄 License MIT © 2025 🔗 References Primary Issue: #799 Updated Pull Request: #803