Last week, Onename co-founder and Blockstack developer Muneeb Ali gave a talk on decentralized DNS using blockchains at Princeton University. The talk was hosted at Princeton's Center for IT Policy, which is focused on the interaction of digital technologies with society and is also a powerful voice for Internet security and privacy.
The talk mainly focused on:
- Motivation for this work and background on blockchains
- Lessons from a production deployment of decentralized DNS (starts at 19:36)
- Design and implementation of Blockstack (starts at 41:00)
(Download PDF slides)
Abstract: Cryptocurrency blockchains like Bitcoin and Namecoin and their respective P2P networks have seen significant adoption in the past few years, and show promise as naming systems with no trusted parties. Users can register human-readable names and securely associate data with them; only the owner of a particular private-key can write or update the name/value pair. In theory, many decentralized systems can be built using these cryptocurrency networks, such as new, decentralized versions of DNS or PKI. As the technology is relatively new and evolving rapidly, however, little production data or experience is available to guide design tradeoffs.
In this talk, we describe our experience operating a large, real-world deployment of a decentralized PKI service built on top of the Namecoin blockchain. We present various challenges (network reliability, throughput, security issues) that we needed to overcome while registering/updating over 33,000 entries on the blockchain which involved over 200,000 transactions on the Namecoin network. Further, we discuss how our experience informed the design of a new blockchain-based naming system, Blockstack. We detail why we changed from Namecoin to the Bitcoin network for the new system, as well as operational lessons from this migration. Blockstack is released as open source and currently powers a production PKI system for 46,000 users.