Developers attempt to resurrect Namecoin after fundamental flaw discovered

hood
28 October 2013

Namecoin, the basis of a decentralised domain name system (DNS), has been found to have a fundamental flaw which allows any .bit domain to be taken over … by anyone.

There are over 103,000 .bit domains, and while evidence suggests none of them have been maliciously taken over, the protocol that governs those domains cannot be trusted until fixed.

While Namecoin was a coin that could be traded like any other cryptocurrency, it had a much nobler function in life than being a mere commodity to trade and spend.

The raison d’etre of Namecoin was to provide a decentralised and cryptographically strong way of storing and transmitting pairs of keys and values.

Its application was an alternative domain name system DNS that could not be controlled by any government or corporate organisation – the first (and so far only) top level domain (TLD) of which was .bit. For more information, see our full explanation of Namecoin.

The notion of a DNS system that no one party could control had serious implications for those with a need to publish information that would otherwise be suppressed or censored.

For example, Wikileaks has a .bit domain too – wikileaks.bit. For most people, that link wouldn’t work, precisely because the .bit TLD is separate to the DNS network that millions of people use every day. To browse .bit websites, users would have to install browser extensions that could handle this alternative naming system.

So there we have established the importance of Namecoin. However, it is a cryptocurrency that can be traded for other currencies too – which is why its fatal flaw was eventually discovered by a cryptoexchange developer.

Michael Gronager is the chief operating officer for Payward Inc, the company behind the Kraken exchange. Gronager also goes by the name of “libcoin” on the Bitcoin Talk forum, so named for the function library, used by Kraken, that he develops.

Gronager told us: “At Kraken, we give all assets we include thorough scrutiny – we don’t want to trade in an asset where its value could disappear overnight. So it was in the process of checking Namecoin and enabling libcoin to also support Namecoin that I found the issues.”

The two issues that Gronager discovered surrounded the enforcement of rules that should have protected the integrity of the protocol.

The first problem encountered was that the name reservation system that is used in the process of registering a new domain could easily be overridden.

The biggest problem that Gronager discovered, though, was that anyone can take ownership of any .bit domain. This means that, as Gronager put it to us: “The protocol as originally envisioned is dead, stone dead.”

He added: “That was based on only allowing value updates if the transaction input name matched the transaction output name, which is no longer the case and still can be exploited. Further, you cannot vacuum this away from the block chain again.”

For people who have already purchased .bit domains with Namecoin (which is the only way to purchase .bit domains), Gronager assured us that existing domains are safe – everything up to Namecoin block 139,872 to be precise.

He claims this based on having written his own implementation of Namecoin which is currently monitoring the integrity of the Namecoin block chain: “The libcoin implementation of Namecoin can monitor the Namecoin block chain and check rule inconsistencies, so I know for sure that it has never been exploited before.”

As for how to move forward, given that there are currently over 103,000 .bit domains, Gronager remains optimistic. He suggested a way forward for Namecoin:

“You can base the consistency of the names on the first name reservation and then a cryptographically unbroken chain of transactions. So basically, the names in the name transaction becomes superfluous, except for the first name reservation. This is the new kind of check needed. I have added this to libcoin, which was easy as libcoin stores all its state in a relational database.

Namecoin, like the Bitcoin Satoshi client, uses a key-value database (BerkeleyDB) so it is a bit harder to patch, I have however sketched a full patch for the namecoin devs and they are working on it. Of course, one could restart Namecoin with rules properly enforced from the start, but I think the patch mentioned above is a more viable solution.”

Kraken bitcoin exchangeImage source: Kraken

He went on to add, “I still believe in Namecoin, and we at Kraken still plan to introduce it as one of our assets, but we need to see the patch first, however, once a proper patch is there, we are ready to trade.”

While the area of cryptoexchanges has been a regulatory minefield, when I spoke to Kraken’s CEO Jesse Powell, earlier this year, he made a point of explaining how compliance was at the top of his priorities for Kraken.

Gronager added to this: “Kraken aims at full legal compliance, and we try to keep a high business ethic, so disclosing information about bugs is critical information that will affect the rate, further, it is not ideal as an exchange to have such information about an asset once you start trading – risking accusations of not leaking it in a fair way for all.”

The state of the Namecoin fix was echoed by Gronager on the forum thread: “Current status is – don’t buy a domain from someone, and don’t trust any important key-value pair in Namecoin before the fix has been rolled out! – Will update once it is there, but could take days to deploy at miners.”

Ultimately, it looks as if Namecoin will be brought back from the dead, with several patches being tested by the development team. But until it is ready, the cryptocurrency that backs the world’s alternative DNS system has to be regarded as being in quarantine.

We can be sure that Gronager et al will be keeping an eye on the integrity of the existing Namecoin block chain. Clearly it’s a setback, but it seems as if the cryptocurrency that might help to preserve freedom of speech will pull through after some work from dedicated developers.