June 25, 2017

An empirical study of Namecoin and lessons for decentralized namespace design

[Let’s welcome to Freedom to Tinker first-year grad student Miles Carlsten, who, with fellow first-years Harry Kalodner and Paul Ellenbogen, worked on a neat study of Namecoin. — Arvind Narayanan]

Namecoin is a Bitcoin-like cryptocurrency that aims to create a secure decentralized namespace — that is, an online system that maps names to values, but without the need for a central authority to manage the mappings [1]. In particular, Namecoin focuses on establishing a censorship-resistant alternative to the current centralized Domain Name System (DNS).

In a new paper to be presented at WEIS 2015, we report the results of an empirical study of Namecoin. Our primary finding is that so far Namecoin hasn’t succeeded at this goal — out of about 200,000 registered names, only 28 represent non-squatted domains with non-trivial content. We argue that there’s a crucial game-theoretic component to namespaces that must be designed properly for such systems to be successful.

What is Namecoin? Namecoin is the first alternative cryptocurrency or “altcoin” to be created based off of the original Bitcoin source code. In addition to standard Bitcoin features such as sending coins, Namecoin includes support for additional operations which allow users to register names and associate values with those names. For example, someone could register the name “john-doe” and associate it with their email address. The Namecoin creators and developers expected the Namecoin name/value store to be used as a censorship-resistant DNS alternative, among other uses. Namecoin (arguably) enables this because it is decentralized, secure, and supports human-memorable names. These three features together are known as Zooko’s triangle, and until a block chain was suggested as the medium for storing name/value mappings, it was conjectured to be impossible for a system to have all three.

Our empirical analysis of Namecoin reveals a system in disrepair. Despite its technical merits, Namecoin has failed to achieve its goal of creating an alternative to the current DNS. Our analysis shows that of 196,023 registered domain names in Namecoin, only 28 are nontrivial domains based on the criteria set out in Section 4 of our paper. We found that the vast majority of domains in the system are held by squatters, many of whom use the block chain to advertise that they will sell the names to other users. Of the 745 names that appear to be owned by legitimate users, the vast majority either redirect to regular DNS domains, or offer content that is cloned from an DNS domain.

Figure: evidence that most Namecoin domains are controlled by squatters. This plot represents the percentage of names whose value is shared by at least n other names. As we explain in Section 4 of our paper, if a names is associated with a commonly repeated value that typically means it’s squatted, because a squatter copies the same value into all of their names. The plot shows that not only are most names squatted, the majority of names are in fact owned by prolific squatters who control thousands of names.

Furthermore, we found that there’s no active market for exchanging names between individuals. We explain in the paper why such a market is an important attribute of a healthy namespace. By analyzing the block chain, we arrived at a lower bound of 14 and an upper bound of about 250 for the total number of transfers of domain names from squatters to regular users that have ever happened.

Why study decentralized namespaces? Although Namecoin hasn’t had much adoption, such systems are important and we need more research on namespaces. It’s true that users today aren’t fed up with DNS and aren’t looking to jump ship to censorship-resistant alternatives. But the existence of such alternatives provides a valuable hedge against a potentially abusive central authority. Besides, domain names are just one application of namespaces. Centralized directories for user public keys have fared much less well than DNS, and the service OneName, which we discuss in Section 8 of our paper, is an interesting alternative. Decentralized namespaces could also be applied to trading of digital assets and perhaps even management of existing Internet assets, and the latter is a follow-on research direction that we’re currently pursuing.

A conceptual foundation for namespaces. Namecoin didn’t get it right; we need to understand why that is and how to do it better if we were starting afresh. Our key insight is that in addition to the technical details of security, name transfer, etc., a viable namespace has to get the game theory right because there’s inevitably a competition for a valuable resource (names). This requires applying knowledge from the field of mechanism design. In Sections 3 and 6 we lay a conceptual foundation for namespaces. We hope that this will give future designers of namespaces a mental toolbox for thinking about the problem and the design choices. For example, we introduce the idea of a market that has regular users on one side and a distributed “algorithmic agent” on the other side. This distributed agent emerges from the miners executing the protocol, rather than residing on an individual node.

Do Namecoin-like systems have a future? Putting aside Namecoin for a minute, let’s look at other systems that aim to repurpose block chains for something other than currency. We see a dichotomy of approaches, reflecting the old debate between putting the application logic into the network versus leaving it to the nodes. On the one hand we have projects like CounterParty and Mastercoin that treat the Bitcoin block chain as a dumb data store and implement all the transaction rules at the nodes. On the other hand we have Ethereum which puts a frightening amount of expressive power (Turing-completeness) into the network itself.

Both extremes have downsides. If the block chain is a mere data store, you’re failing to utilize the full value that miners could provide, and you can’t have light-weight client applications. In the context of domain names, this would (roughly) mean that to be able to securely look up a domain name, you need to download and validate the database of all domains ever registered. Ethereum, representing the opposite approach, has a long list of potential problems as well, including development complexity.

The ideas behind Namecoin represent an elegant middle ground. But to be viable, such a system should support a broad enough set of uses to be interesting yet narrow enough to be simple and tractable for developers and users. In addition, it needs to get the game theory right. It won’t be easy, but we hope that we haven’t seen the last of this type of cryptocurrency.

[1] Terminological note. In computer science, a namespace is simply a container for a set of names, so that names in a single namespace must be unique but the same name can exist in different namespaces. We have chosen to use the term in a related but different way: it’s a system that includes client and server software, users, a mechanism, and so on. In fact, Namecoin contains namespaces in the computer science sense, which we term sub-spaces in our paper.

Comments

  1. Steven Schear says:

    Another possibly problematic aspect of Namecoin is its scalability. DNS, despite all its issues, has proven to be robust and responsive enough in most usage situations. Dr. Paul Vixie told me as much after his talk at Defcon 22.

    It would be interesting to see a cryptographic TLD, not just DNSSEC but also domain name itself being based on secret knowledge. Encrypted DNS calls and parallel DNS hierarchies both, of course are already in the making, like DNScurve. A possible usage:
    1.) cryptographic tld… would allow you to get stuff like hash(pubkey).tld as a permanent domain that cannot be taken over by any means. it should ideally be combined with a epoch counter that is cryptographically secured so that it cannot be rolled back.

    It would be interesting to see a cryptographic TLD, not just DNSSEC but also domain name itself being based on secret knowledge. Encrypted DNS calls and parallel DNS hierarchies both, of course are already in the making, like DNScurve. A possible usage:

    1.) Cryptographic TLD would allow you to get stuff like hash(pubkey).tld as a permanent domain that cannot be taken over by any means. It should ideally be combined with a epoch counter that is cryptographically secured. so that it cannot be rolled back

    2.) Parallel DNS hierarchies. Today everything builds on the standard root servers. We need more of those and specifically some that can be duplicated. Meaning it comes with the same TLDs, but a parallel hierarchy. It should make censorship a bit harder.

    3.) DNSCurve can do a lot against spying on DNS, active censorship via DPI etc. NSCurve + DNSSec is a pretty good way to do stuff like DANE but it still has no backstop for high-level attacks.