Naming Systems for Onion Services

This is a wiki page to organize knowledge about the various proposed naming systems for Onion Services. This page is meant to be used by researchers and developers interested in this topic.

What Are Naming Systems?

These are systems that map the big random-looking onion addresses into human readable names.

For example you can imagine the following useful map: debian -> sejnfjrq6szgca7v.onion so that users can just write debian in their browser instead of having to remember that big string.

Security Properties

Desirable security properties include:

Anonymous registrations

Privacy-enhanced queries

Strong integrity guarantees

Globally-consistent mappings

Distributed name management

Proposed Naming Systems

OnioNS

The Onion Name System, a New DNS for Tor Onion Services

Description

OnioNS, pronounced "onions", is a privacy-enhanced and metadata-free DNS for Tor onion services. It is also backwards-compatible with traditional .onion addresses, does not require any modifications to the Tor binary or network, and there are no central authorities in charge of the domain names. OnioNS was specifically engineered to solve the usability problem with onion services. This project was described in the paper "The Onion Name System: Tor-Powered Decentralized DNS for Tor Onion Services", which was accepted into PoPETS 2017. OnioNS also supports load-balancing at a name level. Development currently takes place on Github.

Security Properties

Anonymous registrations - PGP key is optional, no personal information required

Privacy-enhanced queries - uses 6-hop circuits

Strong integrity - server responses are verified with a Merkle tree

Decentralized control - a random set of 127 periodically-rotating Tor nodes manage names and publishes the Merkle tree root

Globally-unique domain names with consistent mappings

Support for authenticated denial-of-existence responses

Server-server communication uses circuits

Preloaded with reserved names to avoid phishing attacks

Uses the latest block in Bitcoin as a CSPRNG

Resistant to Sybil attacks

Resistant to computational attacks

Drawbacks

Users must install the software into the Tor Browser.

Requires participation from Tor relay administrators.

Users must trust a selection of Tor relays, Tor directory authorities, and Bitcoin during a query.

Namecoin

Namecoin is a fork of Bitcoin.

Description

Namecoin holds names in a blockchain. Name registration costs a virtual unit, denominated in namecoins.

Security Properties

Privacy-enhanced queries: full-node clients and FBR-C clients (full block receive for current registrations) do not generate network traffic on lookups

Globally unique names

Backed by computational proof-of-work

Purely distributed control of names (does not rely on Tor directory authorities or Tor relays)

Authenticated denial-of-existence for full-node clients and FBR-C clients (full block receive for current registrations).

Drawbacks

It is non-trivial to anonymously acquire Namecoins, which reduces the privacy of domain registration.

Registrations are only pseudonymous unless Namecoin is used in conjunction with an anonymous blockchain such as Monero; decentralized exchanges between Monero and Namecoin are not yet deployed, so Monero to Namecoin exchanges require some counterparty risk.

Full-node clients must download the blockchain, which may be impractical for some users, and becomes less usable as transaction volume increases.

No authenticated denial-of-existence for clients that only download block headers (this can be fixed with a future softfork).

Doesn't scale: it grows more secure but less usable as it becomes more popular.

GNU Name System (GNS)

Description

GNS uses a hierarchical system of directed graphs. Each user is node in the graph and they manage their own zone.

Security Properties

Peer-to-peer design.

Individuals are in charge of name management.

Resistant to large-scale Sybil attack.

Resistant to large-scale computational attack.

Drawbacks

No guarantee that names are globally unique.

Difficult to choose a trustworthy zone.

The selection of a trustworthy zone centralizes the system.

Blockstack

Description

Security Properties

Drawbacks

TBB addon that does onion bookmarks

Description

Basically introduce the workflow where our users are supposed to bookmark their onions so that they remember them next time. A smart addon here could do it automatically for the users, or something.

Security Properties

Drawbacks

Need to keep list (or hashes) of visited onions on the client's machine.

Centralized first-come-first-served name cache run by a dirauth

Description

Just run a NamingAuth on the network where HSes can go and register their names. Clients can query the NamingAuth direct, and can also cadd alternative naming auths.

A bit like the I2P naming system? (​https://geti2p.net/hosts.txt)

Security Properties

Simple and easy.

Drawbacks

Centralized

InterPlanetary Naming System

Description

A naming system for IPFS. Can suit for .onion too.

Security Properties

To be evaluated

Drawbacks

To be evaluated.

Files with aliases

Description

Just hosts-like files with pairs <human-readable name> <identifier>. Widespread in I2P.

Security Properties

Simple.

Name resolution is done locally.

Drawbacks