Blockstack Talk at Princeton CITP

Transcript

1. Decentralized DNS & PKI Muneeb Ali

2. • Problem • Background • Lessons from Namecoin • Design

   of Blockstack • Future Work Outline

3. Problem

4. Step 1: How do I talk to facebook.com? Step 2:

   Is this the correct facebook.com? — DNS gives route to facebook.com — PKI verifies authenticity of facebook.com

5. Step 3: How do I login to facebook.com? — Facebook

   does account management — Facebook gives usernames/passwords

6. DNS PKI Centralized User Data Authentication

7. Problems with the centralized model: — “Golden key” access

8. Problems with the centralized model: — “Golden key” access —

   Central point of failure

9. Problems with the centralized model: — “Golden key” access —

   Central point of failure — Data breaches

10. Decentralized User Data Decentralized Auth Decentralized DNS +PKI

11. Problems with DNS + PKI: — Internet censorship

12. Problems with DNS + PKI: — Internet censorship — Central

    points of trust and failure

13. Problems with DNS + PKI: — Internet censorship — Central

    points of trust and failure — Ease of use and deployment

14. Problems with DNS + PKI: — Internet censorship — Central

    points of trust and failure — Ease of use and deployment Goals for a decentralized DNS + PKI: — Extremely hard to censor — No central points of trust or failure — Low cost, keypair ownership by default

15. Background

16. How Blockchains Work: — It’s a file! — Append-only global

    log — Every node on the network has a consistent copy — Writes are slow, reads are fast Blockchain

17. Blockchain Bitcoin’s P2P Network

18. How Blockchains Work: 1 2 3 ….. 3000 Register hash(name)

    Update name

19. Lessons from Namecoin

20. None
21. None

22. Production system on Namecoin: — Used u/ namespace — Live

    between March 2014 and August 2015 — 33,000 registrations — Over 200,000 transactions

23. Security of blockchain:

24. Network latency:

25. Throughput:

26. Potential Selfish-mining:

27. Lessons from Namecoin: — Storage limitations (blockchain bloat) — Introducing

    new features (hard fork) — Failure of merged-mining — Security / throughput of blockchain — Other engineering challenges

28. Our Approach

29. General Challenges with Blockchains: — Storage limitations (blockchain bloat) —

    Introducing new features (hard fork) — Introducing new features (hard fork) — Slow writes — Endless ledger problem

30. Blockstack Network bitcoin node (bitcoind) blockstack server bitcoind peer connection

    rpc connection to bitcoind

31. name_op, hash name_op, hash name_op, hash name_op, hash name_op, hash

    Cryptocurrency Blockchain Virtual Blockchain DHT (routing info) Storage System A (data) Storage System B (data) lookup route lookup data lookup data Layer-1 Layer-2 Layer-3 Layer-4 Data Routing

32. Blockchain name_op, hash name_op, hash name_op, hash name_op, hash name_op,

    hash Bitcoin Blockchain Virtual Blockchain Control Plane Data Plane Storage Drivers S3 Dropbox Linux Unlimited Data Storage:
33. None
34. None

35. 300,000 200,000 100,000 Blockstack bytes written — Largest non-financial production

    system on Bitcoin

36. Fast Bootstrapping: (1) Records are organized into a Merkle tree

    (2) whose root is fed into the consensus hash, (3) along with a geometric series of prior consensus hashes

37. Light Nodes:

38. General Challenges with Blockchains: — Storage limitations (blockchain bloat) —>

    Unlimited data — Introducing new features (hard fork) — Introducing new features (hard fork) —> Virtualchain — Slow writes —> Get updates off blockchain path — Endless ledger problem —> Fast bootstrapping Goals for a decentralized DNS + PKI: — Extremely hard to censor —> state level actor — No central points of trust or failure —> check — Low cost, keypair ownership by default —> check

39. Blockstack CLI Blockstack gives you fast, secure, and easy-to-use DNS,

    PKI, identity management, and custom namespaces on the blockchain
40. None

41. Future Work

42. Pricing Models for Namespaces:

43. General-purpose State Machines:

44. In the pipeline: — Securing DHTs with Blockstack — Unbound

    (DNS server) integration — Bootstrapping trust for cloud infrastructure (OpenCloud) — Identity and authentication services (Blockstack Auth) — Stateless servers (blogging, email, etc)

45. plus open-source contributors and 600+ community members

46. None

47. Thank You! Web: http://blockstack.org Code: github.com/blockstack