By David Gilson
Namecoin, the basis of a decentralised domain name system (DNS), has been found to have a fundamental flaw which allows any .bit domain to be taken over … by anyone.
There are over 103,000 .bit domains, and while evidence suggests none of them have been maliciously taken over, the protocol that governs those domains cannot be trusted until fixed.
While Namecoin was a coin that could be traded like any other cryptocurrency, it had a much nobler function in life than being a mere commodity to trade and spend.
The raison d’etre of Namecoin was to provide a decentralised and cryptographically strong way of storing and transmitting pairs of keys and values.
Its application was an alternative domain name system DNS that could not be controlled by any government or corporate organisation – the first (and so far only) top level domain (TLD) of which was .bit. For more information, see our full explanation of Namecoin.
The notion of a DNS system that no one party could control had serious implications for those with a need to publish information that would otherwise be suppressed or censored.
For example, Wikileaks has a .bit domain too – wikileaks.bit. For most people, that link wouldn’t work, precisely because the .bit TLD is separate to the DNS network that millions of people use every day. To browse .bit websites, users would have to install browser extensions that could handle this alternative naming system.
So there we have established the importance of Namecoin. However, it is a cryptocurrency that can be traded for other currencies too – which is why its fatal flaw was eventually discovered by a cryptoexchange developer.
Michael Gronager is the chief operating officer for Payward Inc, the company behind the Kraken exchange. Gronager also goes by the name of “libcoin” on the Bitcoin Talk forum, so named for the function library, used by Kraken, that he develops.
Gronager told us: “At Kraken, we give all assets we include thorough scrutiny – we don’t want to trade in an asset where its value could disappear overnight. So it was in the process of checking Namecoin and enabling libcoin to also support Namecoin that I found the issues.”
The two issues that Gronager discovered surrounded the enforcement of rules that should have protected the integrity of the protocol.
The first problem encountered was that the name reservation system that is used in the process of registering a new domain could easily be overridden.
The biggest problem that Gronager discovered, though, was that anyone can take ownership of any .bit domain. This means that, as Gronager put it to us: “The protocol as originally envisioned is dead, stone dead.”
He added: “That was based on only allowing value updates if the transaction input name matched the transaction output name, which is no longer the case and still can be exploited. Further, you cannot vacuum this away from the block chain again.”
For people who have already purchased .bit domains with Namecoin (which is the only way to purchase …read more