Namecoin: The First Altcoin
In 2010, Aaron Swartz realized that a blockchain-based Domain Name System (DNS) would be a secure, decentralized, and human-friendly, readable naming system. In other words, it could square Zooko's triangle. Internet users had limited choices because friendly naming on the Internet was a necessity, so compromises had to be made.
Namecoin is the first blockchain-based initiative to offer an alternative to the current DNS, with all the inherent political and security issues of the status quo. Namecoin is the only full-featured alternative at the time of this writing that is in operation, although more are coming soon.
The Value of Namecoin
According to Namecoin developer Zachary Lym, "Namecoin provides the basis for building a trust-free public key infrastructure, starting with domain names, identity management, and code signing." This is the core strength of Namecoin - securely binding names, such as domains and personal IDs, to digital identifiers like PGP keys or server certificates.
The DNS feature alone creates value, as the first noncurrency application of blockchain technology. Namecoins have intrinsic value due to their role in paying for domain registrations. But Namecoin is not about currency; it is about building a free and secure Internet.
Namecoin is also suitable for building applications. That is partly due to Namecoin’s ability to function as a key-value store, with a value large enough to hold the core of a decentralized database.
Namecoin defines a top-level domain, .bit, whose domain names can be resolved using the blockchain. This is the primary feature of Namecoin due to the substantial advantages to decentralizing the DNS.
Identity management has special built-in support in Namecoin via the id/ (identity) namespace. This key innovation allows you to register an identity just as you register a domain, including whatever information you want in the identifier.
How It Works
Namecoin started life as a Bitcoin clone, with some changes to accommodate naming systems like the Domain Name System (DNS). Namecoin also comes with an identity management system baked in.
It mimics how the Bitcoin blockchain operates, in all the important details such as the issuance of tokens and the mining of blocks. But new features were added to Namecoin, such as operations for reserving and updating names.
The .bit top-level domain uses the d/ (domain) namespace. The stored value for a domain name might include information about a domain’s IP v4/v6 addresses or nameserver entries, certificate fingerprints, etc.
In the case of the id/ namespace for identity management, social identifiers can be stored. Identifiers might include e-mail addresses, PGP fingerprints, Bitcoin and Namecoin addresses, website URLs, Bitmessage addresses, Twitter handles, and so on.
Namecoin is merge-mined with Bitcoin, and shares a common lineage. Namecoin also was the first to define a specific relationship between blockchains. Merged mining is important for Namecoin because it keeps the namechain secure.
Namecoin uses the same proof-of-work (PoW) algorithm as Bitcoin. The way merged mining works is that Bitcoin miners can also assemble Namecoin blocks that reference the same PoW already done for a Bitcoin block at a sufficient difficulty level. So Namecoin will allow the Bitcoin miner to add a Namecoin block by reusing the same PoW; the same amount of work now gets more coins for the reward.
Since Namecoin is merge-mined with Bitcoin, there is a strong incentive to continue using the same SHA256 PoW scheme and basic timing as big brother Bitcoin.
Both Namecoin and Bitcoin will ultimately have 21 million total coins issued. Both started by awarding 50 coins per block, halving every 4 years. Both adjust the difficulty levels to target the same 10-minute average for block discovery times. Here are some Namecoin metrics and stats.
Domain names ending in .bit are reserved by choosing the second-level domain, the string that goes before .bit. They cost just one 1/100th of a Namecoin, sometimes called a name cent.
Every namespace has 3 basic attributes:
- a name
- a URL pointing to the named resource
- security info
To reserve the domain name HablamosBitcoin.bit you would register d/hablamosbitcoin. To associate this domain name with a website, you would provide an IP address or nameserver so the domain can be resolved.
To use HTTPS for your site, you should store the TLS (transport layer security) fingerprint from the certificate you intend to use on that web server. A secure connection can be established after verifying that the certificate presented by the webserver matches the certificate hash stored in the blockchain.
→ Namecoin Wiki: Domain Name Specification
To reserve an identity you might provide a group of resources such as an e-mail address, Twitter handle, website, photo, etc. You can also choose to insert your PGP info, including a URL to a key server, and a hash of your public key.
→ Namecoin Wiki: Identity Specification
Resolving .bit Domains
Many businesses can run nameservers to resolve .bit domains. Software is available, called NamecoinToBind, that takes domains from the blockchain and creates bind-compatible zone files.
There is also NMControl, a nameserver that will resolve .bit domains locally. That is, before doing a forward lookup on a conventional domain name, it will look up a .bit domain in the local blockchain. NMControl runs on any platform with python, and it is my understanding that an executable for Windows will be distributed soon.
For home and small business users, a wireless router would seem to be the perfect place to put a next-generation DNS resolver, talking to a local namecoind instance. Phones and tablets would all be able to resolve .bit domains. But routers are not so friendly. For now, another option for tinkerers is to set up a Raspberry Pi to be the name server on their home network. Perhaps a turnkey appliance like this will show up soon in the market.
At the individual level, there are also choices for resolving .bit names. One would be to change your machine DNS settings to point to a nameserver run by someone you trust. In case it was not obvious from my previous article, this still leaves you vulnerable to a man-in-the-middle attack, unless your trusted DNS server is signing the responses, like the DNSChain design.
There is also a Firefox plug-in called FreeSpeechMe - more on that next.
You can also use proxies when you are unable to change the settings of a machine, like when traveling. The operator of the bit.pe website has set up a proxy there, for example. Just append '.pe' onto the end of a .bit URL to use it. This is never recommended for use in a home or business, since security is out of your control.
The lightweight Firefox plug-in called FreeSpeechMe allows you to visit .bit websites by catching .bit queries and resolving them locally. If there is a fingerprint stored in the blockchain for the domain you are visiting, that fingerprint will be compared to the hash of the certificate presented by the website.
Namecoin developer Jeremy Rand thoughtfully sums up the individual user's situation as follows:
So far, users have had a choice to make when it comes to locally resolved .bit software: either use FreeSpeechMe and be forced to use Firefox (and no other applications), or use NMControl's DNS server and have a difficult time setting up man-in-the-middle protections.
He worries that many users just install NMControl carelessly, and do not configure it correctly. But Jeremy has the solution coming:
FreeSpeechMe will be available as a stand-alone application which operates as a standard proxy server. Any software which can talk to a proxy will be able to access websites with the full security of FreeSpeechMe's blockchain-based certificate verification, as well as support for DNS for Tor and I2P services. This code is on GitHub right now, and is currently undergoing beta testing.
This will allow users to install the FreeSpeechMe bundle. Most common applications will be able to resolve .bit domains and validate the website certificate before establishing a secure connection. In fact, it should be possible to perform this same check on a Tor hidden service or eepsite by using a .bit alias. No more depending on browser white lists, no more getting confusing warnings about self-signed certificates - just security.
Identity has always been a bit slippery on the Internet. Identity managment is a natural fit with Namecoin, where identities can be registered and stored in a decentralized ledger.
We could all use secure identifiers that do not live on a central server. Daniel Kraft, a Namecoin developer, implemented this feature using the id/ namespace.
Sometimes we do not want to give away identifying information, while sometimes we want identifying information to be exactly correct. If I tell someone that my correct contact info can be found on id/mikeward, then they can be sure that the e-mail address, PGP keys, Bitmessage address, etc. are all valid. Since I alone have complete control of that identity (i.e. private key), it stands to reason that I added the e-mail address. This can be verified, if need be, by signing a message with my private key - which can then be checked using the public key indicated in the blockchain.
The idea is to allow people or groups to register identities that are strings, just like billysmith and denvergolfleague. These identity strings can be used by anyone on the Internet to look up public information, like a bitcoin address for Billy Smith, or an e-mail address for the Denver Golf League.
Common things to include in an identifier are:
- e-mail and Bitmessage addresses
- social media accounts
- crypto-payment addresses
- a public key fingerprint
- a photo
The Current State of Namecoin
Namecoin is in transition, moving from being an early Bitcoin clone to being a modern Libcoin-based blockchain app. Libcoin is a completely re-factored and simplified version of the Bitcoin codebase with support for other cryptocurrencies. It should simplify maintenance and allow the team to focus on the Namecoin feature set.
Libcoin not only offers a simplified codebase to be used by developers, it also supports an UTXO implementation that enables the building of very lightweight clients. This has implications for creating Namecoin software for personal and mobile devices, where the bulkiness of a full blockchain is an issue. Currently this port is fully functional for read operations, meaning that a DNS resolver can be written, but a full featured wallet would still lack some functionality.
Applications have started to appear that build on or leverage Namecoin's abilities. One example is Monegraph, a site that lets artists stake a digital claim to their creative works. Another site, bit.co.in, links easy URLs to individual's cryptocurrency tipping addresses. For a fresh take on identity management, check out onename.io. And what discussion of Namecoin apps would be complete without mentioning nameid.org, which is a blockchain-based way to do OpenID authentication?
The core dev team continues to seek new ways to support Tor and i2p hidden services, too. Let's face it, .onion addresses are about as memorable as IP addresses. Tor presents the same kind of opportunity as does the original domain-to-IP issue, to associate easy monikers like domob.bit with difficult ones like wivfwn64tm3uaeig.onion. Currently you can associate these, but interesting new ideas clearly show the potential for further innovation.
Considerable interest also exists in exploring new ways to achieve true anonymity for domain owners. Blockchains are pseudonymous in that their outputs can be tracked back through history, but amazing new technologies like Zerocoin offer the possibility of substantially improving the status quo.
Namecoin is an open-source project, and needs help realizing funding goals. If you received value from this article, or just think the project has merit and want to support people building a more free and secure Internet, please consider donating a small amount to the Namecoin project.
|Donate to Namecoin Project:
|Fund Namecoin Bounties:
Quite a BIT of thanks to Jeremy Rand, Zachary Lym, and Daniel Kraft for their assistance with the content, and thanks to Sudo Wonder for the main artwork for this article.