Namecoin As Alternative to the Domain Name System
Total Page:16
File Type:pdf, Size:1020Kb
Namecoin as alternative to the Domain Name System Xander Lammertink Author, UvA System and Network Engineering [email protected] Marco Davids Supervisor, SIDN Labs bstract: This paper researches if Name- discovered over time. coin could be used as an alternative Numerous additions have been implemented to Ato the DNS. Namecoin offers the same keep the DNS running. Anycast is used to distribute functionality as Bitcoin, but is also able to the load of the 13 static root-server addresses over store data. It is used to store domains, iden- multiple servers spread all over the world, DNSSEC tities, product meta data, etc. We have seen has been specified to ensure the authenticity of the that the DNS is suffering from weaknesses response data, DNS Curve provides authorisation and Namecoin is able to address these under and encryption of DNS responses and many more certain conditions. Organisational roles will additions can be added to this list. be affected by switching from the DNS to Instead of continuing to fix all the \problems" that Namecoin: some will change, some will dis- have been encountered over time, some thought it appear but new roles will arise as well. The might be better to start from scratch or from a whole switch has been discussed as well, we found different perspective to address all these challenges. two transition scenarios that are possible. An example of a system that tries to do this is Namecoin, a distributed open-source information registration and transfer system based on the Bitcoin 1. Introduction cryptocurrency. The Domain Name System (DNS) has been specified 1.1. Research Questions in 1983 and has been the de facto naming system on the Internet ever since. It has proven its robustness This research is all about the potential of Namecoin and sustainability, but some weaknesses have been being an alternative to the Domain Name System. Research Project 2 • UvA System and Network Engineering • SIDN Labs page 1 of 17 We would like to know the differences between the weaknesses of the DNS can be addressed by using DNS and Namecoin, if it can match the robustness Namecoin. of the DNS and what the consequences are for the roles in the DNS. 2. Bitcoin The main research question is: What is the poten- tial of Namecoin as an alternative for the Domain Namecoin is a fork of Bitcoin, the distributed digital Name System? cryptocurrency, with minor changes (± 400 lines of This question has been divided in multiple sub- code) and extra functionality [4]. To understand questions that together answer the main research Namecoin it is important that the Bitcoin concept is question. The sub-questions are: familiar. Therefore a start will be made by describing the Bitcoin concept. In section 3 the differences • How does Namecoin work? between Namecoin and Bitcoin will be discussed. • What are the current shortcomings of the DNS This explanation is not intended to cover all the system? ins and outs of Bitcoin, but that's also not necessary • Which of the shortcomings of the DNS does for the understanding of Namecoin. The interested Namecoin address? reader is advised to read [5] to get a more detailed explanation of Bitcoin. • Can Namecoin match the robustness of the In Bitcoin there are four topics that form the core DNS? of the cryptocurrency: transactions, wallets, mining • What are the consequences for the different or- and the blockchain. Transactions are used to transfer ganisational roles like DNS operators, registrars, Bitcoins (the currency in Bitcoin, also denoted as (root) registries, etc.? BTC) from one to another. A wallet is no more than a set of keys used to sign certain transactions. All • How would a transition scenario from the DNS transactions are stored in blocks, created by miners to Namecoin look like? that compete with each other to submit their blocks first to retrieve Bitcoins. Every block links to the 1.2. Related Work previous block using hashes and contain transactions that link to transactions from other blocks. Up to now there is not much related work on this As one might have noticed already, there is no topic. Some research has been done on using Name- database that stores how much money is in a wallet. coin for certain purposes and an informational RFC Instead, by looking at all historical transactions that (Request for Comment) has been written about the are related to a wallet, a total amount of Bitcoins weaknesses of the DNS. can be calculated. This can be done by others as F. Jacobs [1] did research about Namecoin and well, because all transactions in Bitcoin are available MinimaLT to provide better confidentiality and au- to everyone. thentication on the Internet. Instead of improving the currently used protocols like DNSSEC, TACK 2.1. Transactions and DANE, they proposed to use MinimaLT with Namecoin. Transactions are used to transfer Bitcoins from one T. Melin and T. Vidhall [2] researched if Namecoin to another. This is done by using addresses that are could be used as an authentication mechanism for usually based on public keys. The owner approves public-key cryptography. They investigated the flaws a transaction by signing it with its private key. By and consequences in current public-key cryptography using the public key of the owner, everyone is able and presented Namecoin as alternative to replace the to check the signature and thereby confirm a trans- currently used certificate authority system. action. Most addresses are RIPEMD-160 encoded In RFC 3833 [3] some of the well-known weak- SHA-256 hashes of the public key. Some transactions nesses of the DNS have been discussed. At the time contain unlocking or locking scripts to set conditions this RFC was published, DNSSEC was being devel- on processing the transaction or spending it (e.g. oped although no real design goals were set. By stating the transaction can only take place after a discussing the weaknesses of the traditional DNS certain date or when M out of N keys have signed it was possible to see what DNSSEC improved on the transaction). the current situation. Although Namecoin was not A transaction exists out of (multiple) inputs and discussed in this RFC, it can be useful to see what (multiple) outputs. The inputs are unspent trans- Research Project 2 • UvA System and Network Engineering • SIDN Labs page 2 of 17 actions outputs (UTXO) gathered from previous in- Creating blocks is a compute intensive task. Every coming payments. Like in physical money, one takes block is made by adding transactions from the queue one or more UTXOs totalling the amount to spend to a new block, including a transaction that contains (or more) as input. The outputs are the amount of the mining award and transaction fees. The next Bitcoins to spend to the address of the receiver, pos- step is to calculate a hash over the header repeatedly, sibly more amounts to other receivers and the change changing one parameter (the nonce) every time. This minus a transaction fee to the originating address. process is repeated until the hash is matching the The sum of all transaction inputs minus the sum of criterion that is set. When the hash matches the all transaction outputs is the transaction fee that is criterion, the block is mined and can be distributed taken by the miners that include the transaction into throughout the network. the blocks they produce. The current transaction There is one criterion that the hash should match: fee is 0.0001 Bitcoin per kilobyte. To prioritize a be below a certain value. This value is determined transaction it is possible to increase the fee. by the difficulty. When the difficulty is increased, the hash should match a lower value. Increasing the 2.2. Wallets difficulty will lower the chance that a hash matches the criterion, requiring more time and/or processing Wallets contain one or more cryptographic keys. Us- power. This is called the \proof-of-work" system. A ing these keys transactions can be made or unlocked. miner that can provide a block with a nonce that There are deterministic, undeterministic and hierar- matches the difficulty can prove it has done a lot chical deterministic wallets. The first type contains of work to calculate that block. Because the total private keys that are derived from a single key using a processing power in the Bitcoin network differs, the one-way hash function. Undeterministic wallets have difficulty is re-adjusted every 2.016 blocks to make a collection of randomly generated private keys. The sure every 10 minutes a block will be mined. hierarchical deterministic wallets have parent keys that are used to derive multiple child keys. From 2.4. Blockchain the child keys it is possible to generate grandchild keys. This is done using a one-way function, making When a block has been mined and is sent to the it impossible to derive the parent key from the child network, nodes will try to verify if the nonce results keys. in a matching hash. If the hash matches and the When transactions are made, the transactions transactions are valid as well, the block is considered will be submitted to the connected neighbours (can to be valid and will be added to the blockchain. be any node within the Bitcoin network) and the Because the transactions in a block are linking to neighbours send it to their neighbours, spreading transactions in previous blocks and the new block it through the peer-to-peer network. Every node contains the hash of the previous one, we can say receiving a transaction will check the signature of that the blocks are chaining together, forming the the transaction before sending it to his neighbours.