부산대학교 도서관

Public key infrastructures (PKIs), or more generally secure naming systems, lie at the foundation of the security of any communication system. Without a trustworthy binding between user-facing names, such as domain names, and cryptographic identities, such as public keys, all security guarantees against active attackers come crashing down like a house of cards. Blockchains such as Bitcoin, by offering a decentralized yet secure public ledger, show promise as the root of trust for naming systems with no central trusted parties, greatly increasing their security compared to traditional centralized PKIs. Yet blockchain PKIs such as Namecoin and Blockstack tend to significantly sacrifice scalability and flexibility in pursuit of decentralization, hindering large-scale deployability on the Internet. We propose Bitforest, a secure naming system with an architecture combining a centralized yet only partially trusted name server with efficiently queryable verification data embedded in a novel data structure inside a cryptocurrency blockchain. Bitforest achieves decentralized trust and security as strong as existing blockchain-based naming systems while retaining most of the flexibility and performance of centralized PKIs, allowing fully validating thin clients to look up and verify name bindings with comparable efficiency to traditional systems. We use both numerical simulation and real-world experiments to evaluate the performance of Bitforest compared with other naming systems, both centralized and blockchain-based, showing that its performance goals are indeed achieved.