Namecoin was stillborn, I had to switch off life-support

libcoin
Posts: 4
Joined: Mon Feb 20, 2012 7:47 am
os: mac

Namecoin was stillborn, I had to switch off life-support

Post by libcoin »

This is the postmortems and obituary over namecoin. In fact it never really existed, but by block: 139872 it became clear. However, if you haven' t noticed yet read on...

Namecoin has always been my favorite alt-coin - it had a clear purpose, different from Bitcoin, offering a nice way to keep a de-central registry of key-value pairs. About a month ago I had a closer look at namecoin, to integrate it into libcoin. Libcoin is a complete other story, it is a library supporting bitcoin as well as several of the alt coins, enabling easy construction of anything from light weight wallets to full server wallet solutions for exchanges and merchant sites. However, back to namecoin...

I have integrated several alt coins, and I know the machinery pretty well by now. The engine of any bitcoin based crypto currency is the ConnectBlock / ConnectInputs methods in main.cpp. They keep the rules of when to accept a block and when to reject a block, and it is there you make patches to enable anything from alternative hashing algorithms (litecoin) to merged mining (namecoin and others) as well as add new features and rules. Namecoin keep a reasonable separation through the definitions of hooks, implementing the actual rules in a separate file, namecoin.cpp.

So the real interesting stuff in namecoin is happening in namecoin.cpp in the ConnectInputs method. This one is called from ConnectInputs in main.cpp and hence have the ability to change and add rules.

All namecoin rules are kept hidden from the bitcoin script rule engine through OP_DROP opcodes, i.e. some special opcodes and data is entered, followed by a matching chain of OP_DROP commands, so the normal script rule engine will simply ignore anything namecoin'ish. The special op codes of namecoin are:

Code: Select all

OP_NAME_NEW
OP_NAME_FIRSTUPDATE
OP_NAME_UPDATE
The reason for the

Code: Select all

OP_NAME_NEW/OP_NAME_FIRSTUPDATE
setup is to avoid domain opportunists listening for new domain reservations and issuing competing reservations to later sell the domain back. So first you issue a:

Code: Select all

OP_NAME_NEW << hash << OP_2DROP
Where the hash is composed of a random number and the domain, hashed. You are not allowed to issue a first-update, finally registering the domain, before after 12 blocks, ensuring no block reorganizations can enable a domain opportunists to steal your domain. In the name_new/name_firstupdate RPC calls this rule is nicely enforced, however, when you look in the ConnectInputs method you find rules enforcing a fee, rules enforcing the 12 blocks, but NO RULES ENFORCING THE HASH! [namecoin.cpp line 1874-1907] ]. So any name_new can be used as input for ANY name. This means that the domain reservation is not enforced at all leaving namecoin completely open for domain opportunists.

Clearly the patient is bleeding and in urgent need for help, but brace yourselves, this is not affecting already registered domains so it is fixable by a proper patch, and a recommendation to not reserve any new domains before the patch is in effect. Relieved that there was a cure I continued with the standard examination, to check if the rest was ok.

The key lines in namecoin.cpp are probably 1930 to 1949, this is the very core of namecoin. This is the enforcing of a name_update - a name update is the script:

Code: Select all

OP_NAME_UPDATE << vchName << vchValue << OP_2DROP << OP_DROP
So, take an already registered name and update that with a new value. Now you would expect some code enforcing that only an input of that name can be update to another value - but NO! Again there is no enforcing of the core ruleset. So you can in fact update the value of any name in namecoin by any other input name. And after that you own it, or well, as much as you can actually own a name who anyone can update.

The final test was to try it out - (sorry) - I might had overlooked something, so, I changed the name_update algorithm to enable such takeovers, and did a:

Code: Select all

./namecoind name_fakeupdate d/postmortem d/bitcoin "Namecoin died October the 15th 2013, coinslayer"
Try name_history on d/bitcoin and see for yourselves - there is no enforced integrity of the key value pairs in namecoin. So namecoin looses its entire purpose. The problem is that there is no fix to this - it is similar to being able to randomly take ownership of other peoples money, all the value is gone. I tried, initially, a silent fix contacting namecoin developers and key users more than a month ago, but I never got any answers back. Perhaps, the best future for namecoin now is a rebirth with a new genesis, or just a cancel of all the name reservations starting from some future block ?

I should also notice that up until block 139872, no one have exploited the bugs. The libcoin code actually enforced the above rules, and I was able to download and verify the entire chain, now I have added a flag, ignore_rules, to get pass block 139872.

Coinslayer

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Namecoin was stillborn, I had to switch off life-support

Post by domob »

Wow ... I never imagined that such important checks could be missing, and never bothered to check (but actually I've so far not looked at any coin's client code base). But does that mean we could fix the rules and restart the history at block 139871? That's not too far in the past, is it? Or is this impossible?

BTW, did you also include me in the "developers and users contacted"? If yes, sorry that I missed it ... but I don't recall seeing anything like this mentioned so far.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

snailbrain
Posts: 309
Joined: Tue Jul 19, 2011 9:33 pm

Re: Namecoin was stillborn, I had to switch off life-support

Post by snailbrain »

we also never received anything.. but can have a look at least

libcoin
Posts: 4
Joined: Mon Feb 20, 2012 7:47 am
os: mac

Re: Namecoin was stillborn, I had to switch off life-support

Post by libcoin »

domob wrote:Wow ... I never imagined that such important checks could be missing, and never bothered to check (but actually I've so far not looked at any coin's client code base). But does that mean we could fix the rules and restart the history at block 139871? That's not too far in the past, is it? Or is this impossible?

BTW, did you also include me in the "developers and users contacted"? If yes, sorry that I missed it ... but I don't recall seeing anything like this mentioned so far.
Nope - only the ones that was listed as main devs, I first aimed for a silent, fast and coordinated patch, but I also realized that if anyone heard about it it would be to late.

Going back to block 139871 is not something you want - and I guess it would also be hard to sell that idea to miners (they would loose their already collected bounty). Before a patch is ready and properly reviewed you would end up with a block reorganization of several 100 blocks.

virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Re: Namecoin was stillborn, I had to switch off life-support

Post by virtual_master »

libcoin wrote:This is the postmortems and obituary over namecoin. In fact it never really existed, but by block: 139872 it became clear. However, if you haven' t noticed yet read on...

Namecoin has always been my favorite alt-coin - it had a clear purpose, different from Bitcoin, offering a nice way to keep a de-central registry of key-value pairs. About a month ago I had a closer look at namecoin, to integrate it into libcoin. Libcoin is a complete other story, it is a library supporting bitcoin as well as several of the alt coins, enabling easy construction of anything from light weight wallets to full server wallet solutions for exchanges and merchant sites. However, back to namecoin...

I have integrated several alt coins, and I know the machinery pretty well by now. The engine of any bitcoin based crypto currency is the ConnectBlock / ConnectInputs methods in main.cpp. They keep the rules of when to accept a block and when to reject a block, and it is there you make patches to enable anything from alternative hashing algorithms (litecoin) to merged mining (namecoin and others) as well as add new features and rules. Namecoin keep a reasonable separation through the definitions of hooks, implementing the actual rules in a separate file, namecoin.cpp.

So the real interesting stuff in namecoin is happening in namecoin.cpp in the ConnectInputs method. This one is called from ConnectInputs in main.cpp and hence have the ability to change and add rules.

All namecoin rules are kept hidden from the bitcoin script rule engine through OP_DROP opcodes, i.e. some special opcodes and data is entered, followed by a matching chain of OP_DROP commands, so the normal script rule engine will simply ignore anything namecoin'ish. The special op codes of namecoin are:

Code: Select all

OP_NAME_NEW
OP_NAME_FIRSTUPDATE
OP_NAME_UPDATE
The reason for the

Code: Select all

OP_NAME_NEW/OP_NAME_FIRSTUPDATE
setup is to avoid domain opportunists listening for new domain reservations and issuing competing reservations to later sell the domain back. So first you issue a:

Code: Select all

OP_NAME_NEW << hash << OP_2DROP
Where the hash is composed of a random number and the domain, hashed. You are not allowed to issue a first-update, finally registering the domain, before after 12 blocks, ensuring no block reorganizations can enable a domain opportunists to steal your domain. In the name_new/name_firstupdate RPC calls this rule is nicely enforced, however, when you look in the ConnectInputs method you find rules enforcing a fee, rules enforcing the 12 blocks, but NO RULES ENFORCING THE HASH! [namecoin.cpp line 1874-1907] ]. So any name_new can be used as input for ANY name. This means that the domain reservation is not enforced at all leaving namecoin completely open for domain opportunists.

Clearly the patient is bleeding and in urgent need for help, but brace yourselves, this is not affecting already registered domains so it is fixable by a proper patch, and a recommendation to not reserve any new domains before the patch is in effect. Relieved that there was a cure I continued with the standard examination, to check if the rest was ok.

The key lines in namecoin.cpp are probably 1930 to 1949, this is the very core of namecoin. This is the enforcing of a name_update - a name update is the script:

Code: Select all

OP_NAME_UPDATE << vchName << vchValue << OP_2DROP << OP_DROP
So, take an already registered name and update that with a new value. Now you would expect some code enforcing that only an input of that name can be update to another value - but NO! Again there is no enforcing of the core ruleset. So you can in fact update the value of any name in namecoin by any other input name. And after that you own it, or well, as much as you can actually own a name who anyone can update.

The final test was to try it out - (sorry) - I might had overlooked something, so, I changed the name_update algorithm to enable such takeovers, and did a:

Code: Select all

./namecoind name_fakeupdate d/postmortem d/bitcoin "Namecoin died October the 15th 2013, coinslayer"
Try name_history on d/bitcoin and see for yourselves - there is no enforced integrity of the key value pairs in namecoin. So namecoin looses its entire purpose. The problem is that there is no fix to this - it is similar to being able to randomly take ownership of other peoples money, all the value is gone. I tried, initially, a silent fix contacting namecoin developers and key users more than a month ago, but I never got any answers back. Perhaps, the best future for namecoin now is a rebirth with a new genesis, or just a cancel of all the name reservations starting from some future block ?

I should also notice that up until block 139872, no one have exploited the bugs. The libcoin code actually enforced the above rules, and I was able to download and verify the entire chain, now I have added a flag, ignore_rules, to get pass block 139872.

Coinslayer
This is all technical gibberish.
If he could undergrab some registered domains he surely would show us a demonstration transferring a domain to him and back to the owner. But I guess he is not doing it because Namecoin has always been his favorite alt-coin. 'Namecoin has always been my favorite alt-coin'
Probably he was a secret fun of Namecoin until now because this is his first post.
All the other alt-coin (which were created without any sense) supporters and those who are spamming the Bitcoin blockchain with some claimed features (which are since long time solved by Namecoin) are interested to blackmail us.
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Namecoin was stillborn, I had to switch off life-support

Post by phelix »

libcoin wrote:I tried, initially, a silent fix contacting namecoin developers and key users more than a month ago, but I never got any answers back.
Who did you contact? Not me and I guess none of the other active Namecoiners...

Thanks for bringing it up, though.

As proof of your claims would you mind changing d/wav ? This is a domain I own.


What to do if coinslayer's claims are true?

A) Ignore all name_ops >139872 until fix in place
B) Ignore bad name_ops >139872 until fix in place

I think B will cause less disruption.

The fix would be a hard fork so we would have to give pool ops etc. some time.


Remember: All publicity is good publicity ;)
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

cassini
Posts: 336
Joined: Sun May 26, 2013 6:36 pm

Re: Namecoin was stillborn, I had to switch off life-support

Post by cassini »

virtual_master wrote: This is all technical gibberish.
I've just had a quick look at the blockchain, and I am wondering:

http://explorer.dot-bit.org/n/1

The very day a second NAME_NEW was issued for d/bitcoin (2013-06-17), moa pointed out there ist something fishy with namecoin.com:
https://bitcointalk.org/index.php?topic ... msg2488538

virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Re: Namecoin was stillborn, I had to switch off life-support

Post by virtual_master »

cassini wrote:
virtual_master wrote: This is all technical gibberish.
I've just had a quick look at the blockchain, and I am wondering:

http://explorer.dot-bit.org/n/1

The very day a second NAME_NEW was issued for d/bitcoin (2013-06-17), moa pointed out there ist something fishy with namecoin.com:
https://bitcointalk.org/index.php?topic ... msg2488538
Of course anything can happen but I am still not convinced in this. May be he hacked somehow d/bitcoin. They are still some contradictions in his behavior.
But if he can change d/wav then I must recognize there is really a bug.
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Namecoin was stillborn, I had to switch off life-support

Post by domob »

virtual_master wrote:This is all technical gibberish.
If he could undergrab some registered domains he surely would show us a demonstration transferring a domain to him and back to the owner. But I guess he is not doing it because Namecoin has always been his favorite alt-coin. 'Namecoin has always been my favorite alt-coin'
Probably he was a secret fun of Namecoin until now because this is his first post.
All the other alt-coin (which were created without any sense) supporters and those who are spamming the Bitcoin blockchain with some claimed features (which are since long time solved by Namecoin) are interested to blackmail us.
Well, yes, it is. But I just took a look at the source (grepping for OP_NAME_UPDATE), and couldn't really find any checks there. It was the first time for me to take a look at any coin's code, so I could just have missed them (since the code is very unreadable).

Can anyone who knows how the code works have a look, and point me to the check if it is indeed there?
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

libcoin
Posts: 4
Joined: Mon Feb 20, 2012 7:47 am
os: mac

Re: Namecoin was stillborn, I had to switch off life-support

Post by libcoin »

virtual_master wrote: Of course anything can happen but I am still not convinced in this. May be he hacked somehow d/bitcoin. They are still some contradictions in his behavior.
But if he can change d/wav then I must recognize there is really a bug.
Well try a name_history on d/wav now ;)

I could post the code here, but I see no point in all of you starting to hijack domains. d/bitcoin was chosen as it is was the first registered domain.

I find it bad style to list names of whom I contacted, lets just put it this way that the main contacts on the dot-bit page are apparently not representing the namecoin project that well. Further, in the future post your emails, with pgp keys if you feel you really represent the project. Sorry, to those who I didn't write and who could have helped, but given the nature of the bug it wouldn't really matter. Fixing this can never be an elegant solution, you need a grace period, in which people could exploit the bug.

Again I am happy to help!

Post Reply