The people who designed the internet in the late 80s and early 90s dreamed of a fully distributed network. In a network without central exchanges, everybody could speak and be heard without having to get permission from some authority. This decentralization would make the web resilient against authoritarian censorship and control, as well as against technical problems that bring down parts of the network.
This has been a mixed success. The modern internet is a remarkable packet-switching network that is very resistant to localized damage. If there is a blackout in one part of the world, internet traffic routes around it quite seamlessly.
But the internet, to say the least, is complex. It contains many systems, all depending on each other. The most centralized, and therefore most vulnerable, is DNS.
DNS stands for Domain Name Service, and it is the internet’s phonebook. If I know someone’s name, and want to call them on a telephone, I look up their name in a phonebook. The phonebook tells me the corresponding number and I use that to connect to them. Likewise, when I look up the URL of a website, DNS finds a number called an IP address, which looks like 126.96.36.199, and dials that to connect me to the site.
While other systems of the internet are too decentralized, having too many parts in too many different countries, to be realistically taken down, DNS is centralized in just a few companies, and an attack targeted at them could conceivably take down the whole web. Indeed, someone has been exploring the possibility of such an attack, and on Oct 21, 2016, the Mirai botnet overwhelmed some key DNS providers, and succeeded in taking many of the world’s biggest websites down, including Twitter, Reddit, Netflix, Airbnb, and GitHub. When governments want to block a site, they often do so by blocking DNS access to it.
The centralization and vulnerability of DNS is a problem that has been recognized for a long time, and several fixes have been proposed. In my opinion, the most promising alternative is Blockstack, which registers domain names on a blockchain. As most readers will know, a blockchain is a distributed database, kept in sync by users all over the world. The Blockstack whitepaper elegantly characterizes a blockchain as “logically centralized (all nodes on the network see the same state), but organizationally decentralized (no central party controls the log)”.
Instead of registering a domain name into a centralized system, as currently happens, Blockstack allows you to stamp it into a blockchain for a fee. When people need to look up a domain name (as happens every time you load a web page), that data could be found in any copy of the blockchain. It is decentralized DNS.
Let’s jump from blockchains and DNS to another iconic cryptography project: TOR. TOR is a network that anonymizes internet traffic by routing it through a random series of nodes. No node on the path knows the source and destination of the traffic they’re routing; they just pass it along.
TOR doesn’t have any DNS. The URLs are cryptographic proofs of the identity of the site. They look like this – jwgkxry7xjeaeg5d.onion – in a word, ugly.
The TOR team are considering implementing some sort of DNS to create readable, memorable names for TOR sites. They have not yet made a decision about what system to use, but Blockstack is one thing under consideration.
Blockstack implements some well thought-out defenses that would make it a very secure DNS system for TOR. For instance, one of the most dangerous attacks in cyberspace is called the ‘man-in-the-middle attack’. This is where a hacker intercepts a request for data and sends something phony instead. For example, if I request an online banking website, and the attacker sends me a page that looks like my bank’s website, but actually sends the data to him.
Blockstack prevents man-in-the-middle attacks with hash-based addressing. When I register a name on Blockstack, that gets turned into a ‘hash’, which is a mathematical abbreviation of the data contained in the file. No other data will have the same hash, which means that anyone who looks up the name will get exactly what they asked for.
Blockstack evolved from an earlier project called Namecoin. Namecoin was a project to register domain names on a purpose-built blockchain. The developers abandoned this when they discovered one miner had control of as much as 75% of the blockchain, defeating the purpose of decentralization. Blockstack is now hosted on the Bitcoin blockchain instead.
TOR and Blockstack are two projects that need each other. TOR has done everything well, and become very popular, but the complex addresses make it hard to use. Blockstack has done everything well, and evolved a lot since it was Namecoin, but it lacks a use-case. Using Blockstack to solve TOR’s naming problem would benefit both projects.