wiki:doc/OnionServiceNamingSystems

Naming Systems for Onion Services

This is a wiki page to organize knowledge about the various proposed naming systems for Onion Services. This page is meant to be used by researchers and developers interested in this topic.

What Are Naming Systems?

These are systems that map the big random-looking onion addresses into human readable names.

For example you can imagine the following useful map: debian -> sejnfjrq6szgca7v.onion so that users can just write debian in their browser instead of having to remember that big string.

Security Properties

Desirable security properties include:

  • Anonymous registrations
  • Privacy-enhanced queries
  • Strong integrity guarantees
  • Globally-consistent mappings
  • Distributed name management

Proposed Naming Systems

OnioNS

The Onion Name System, a New DNS for Tor Onion Services

Description

OnioNS, pronounced "onions", is a privacy-enhanced and metadata-free DNS for Tor onion services. It is also backwards-compatible with traditional .onion addresses, does not require any modifications to the Tor binary or network, and there are no central authorities in charge of the domain names. OnioNS was specifically engineered to solve the usability problem with onion services. This project was described in the paper "The Onion Name System: Tor-Powered Decentralized DNS for Tor Onion Services", which was accepted into PoPETS 2017. OnioNS also supports load-balancing at a name level. Development currently takes place on Github.

Security Properties

  • Anonymous registrations - PGP key is optional, no personal information required
  • Privacy-enhanced queries - uses 6-hop circuits
  • Strong integrity - server responses are verified with a Merkle tree
  • Decentralized control - a random set of 127 periodically-rotating Tor nodes manage names and publishes the Merkle tree root
  • Globally-unique domain names with consistent mappings
  • Support for authenticated denial-of-existence responses
  • Server-server communication uses circuits
  • Preloaded with reserved names to avoid phishing attacks
  • Uses the latest block in Bitcoin as a CSPRNG
  • Resistant to Sybil attacks
  • Resistant to computational attacks

Drawbacks

  • Users must install the software into the Tor Browser.
  • Requires participation from Tor relay administrators.
  • Users must trust a selection of Tor relays, Tor directory authorities, and Bitcoin during a query.

Namecoin

Namecoin is a fork of Bitcoin.

Description

Namecoin holds names in a blockchain. Name registration costs a virtual unit, denominated in namecoins.

Security Properties

  • Privacy-enhanced queries: full-node clients and FBR-C clients (full block receive for current registrations) do not generate network traffic on lookups
  • Globally unique names
  • Backed by computational proof-of-work
  • Purely distributed control of names (does not rely on Tor directory authorities or Tor relays)
  • Authenticated denial-of-existence for full-node clients and FBR-C clients (full block receive for current registrations).

Drawbacks

  • It is non-trivial to anonymously acquire Namecoins, which reduces the privacy of domain registration.
  • Registrations are only pseudonymous unless Namecoin is used in conjunction with an anonymous blockchain such as Monero; decentralized exchanges between Monero and Namecoin are not yet deployed, so Monero to Namecoin exchanges require some counterparty risk.
  • Full-node clients must download the blockchain, which may be impractical for some users, and becomes less usable as transaction volume increases.
  • No authenticated denial-of-existence for clients that only download block headers (this can be fixed with a future softfork).
  • Doesn't scale: it grows more secure but less usable as it becomes more popular.

GNU Name System (GNS)

Description

GNS uses a hierarchical system of directed graphs. Each user is node in the graph and they manage their own zone.

Security Properties

  • Peer-to-peer design.
  • Individuals are in charge of name management.
  • Resistant to large-scale Sybil attack.
  • Resistant to large-scale computational attack.

Drawbacks

  • No guarantee that names are globally unique.
  • Difficult to choose a trustworthy zone.
  • The selection of a trustworthy zone centralizes the system.

Blockstack

Description

Security Properties

Drawbacks

TBB addon that does onion bookmarks

Description

Basically introduce the workflow where our users are supposed to bookmark their onions so that they remember them next time. A smart addon here could do it automatically for the users, or something.

Security Properties

Drawbacks

  • Need to keep list (or hashes) of visited onions on the client's machine.

Centralized first-come-first-served name cache run by a dirauth

Description

Just run a NamingAuth on the network where HSes can go and register their names. Clients can query the NamingAuth direct, and can also cadd alternative naming auths.

A bit like the I2P naming system? (https://geti2p.net/hosts.txt)

Security Properties

  • Simple and easy.

Drawbacks

  • Centralized

InterPlanetary Naming System

Description

A naming system for IPFS. Can suit for .onion too.

Security Properties

To be evaluated

Drawbacks

To be evaluated.

Files with aliases

Description

Just hosts-like files with pairs <human-readable name> <identifier>. Widespread in I2P.

Security Properties

  • Simple.
  • Name resolution is done locally.

Drawbacks

  • Centralized.
  • Latent.
  • Involves trust to everyone involved in list making.
  • Markable. Malicious service can give different users different aliases.
Last modified 18 months ago Last modified on Oct 17, 2016, 4:17:58 PM