资源描述:
Blockstack Technical WhitepaperMuneeb Ali Ryan Shea Jude Nelson Michael J. FreedmanBlockstack A New Internet for Decentralized Applications https//blockstack.org Technical Whitepaper Version 1.1 October 12, 2017Copyright 2017 Blockstack PBC -- a Public Benefit Corp. All rights reserved.Parts of this whitepaper were published earlier in the following peer-reviewedconferences and magazineM. Ali, J. Nelson, R. Shea and M. J. Freedman, \Blockstack A GlobalNaming and Storage System Secured by Blockchains, 2016 USENIX AnnualTechnical Conference, Denver, CO, June 2016.J. Nelson, M. Ali, R. Shea and M. J. Freedman, \Extending Existing Blockchainswith Virtualchain, Workshop on Distributed Cryptocurrencies and Consen-sus Ledgers, Chicago, IL, July 2016.M. Ali, J. Nelson, R. Shea and M. J. Freedman, \Bootstrapping Trust inDistributed Systems with Blockchains, USENIX ;login Issue Vol. 41, No.3, Pages 52-58, Fall 2016.DISCLAIMER The Blockstack Tokens are a crypto asset that is currently being developed by Block-stack Token LLC, a Delaware limited liability company, whose website can be found at .This whitepaper does not constitute an o er or sale of Blockstack Tokens the Tokens or any other mech-anism for purchasing the Tokens such as, without limitation, a fund holding the Tokens or a simple agree-ment for future tokens related to the Tokens. Any o er or sale of the Tokens or any related instrumentwill occur only based on de nitive o ering documents for the Tokens or the applicable instrument.Blockstack A New Internet for Decentralized ApplicationsMuneeb Ali Ryan Shea Jude Nelson Michael J. Freedmanyhttp//blockstack.orgWhitepaper Version 1.1October 12, 2017AbstractThe traditional internet has many central points of failure and trust, like a the Do-main Name System DNS servers, b public-key infrastructure, and c end-user datastored on centralized data stores. We present the design and implementation of a newinternet, called Blockstack, where users don’t need to trust remote servers. We removeany trust points from the middle of the network and use blockchains to secure criticaldata bindings. Blockstack implements services for identity, discovery, and storage andcan survive failures of underlying blockchains. The design of Blockstack is ined bythree years of experience from a large blockchain-based production system. Blockstackgives comparable perance to traditional internet services and enables a much-neededsecurity and reliability upgrade to the traditional internet.1 IntroductionThe internet was designed more than 40 years ago and is showing signs of age. Criticalinternet services can be taken o ine by attacks like the DDoS attack on DNS servers [1].Further, in the current internet architecture users implicitly trust certain hidden servicesand intermediaries like domain name servers and certi cate authorities CAs. Thesetrust points can be exploited to trick users into connecting to malicious websites likethe recent incident where a Turkish CA issued false security certi cates for Google [2].Over the last decade, we’ve seen a shift from desktop apps that run locally tocloud-based apps that store user data on remote servers. These centralized services area prime target for hackers and frequently get hacked. In 2016, Yahoo admitted tolosing ination for 500 million people [3]. Security problems with the core internetCo-primary author.yProfessor of Computer Science at Princeton University and an advisor to Blockstack.1infrastructure and the centralized data models of web services built on top have exposedaws in the internet’s original design.Blockstack is an open-source e ort to re-decentralize the internet; it builds a newinternet for decentralized applications and enables users to own their application datadirectly [4]. Blockstack uses the existing internet transport layer TCP or UDP andunderlying communication protocols and focuses on removing points of centralizationthat exist at the application layer. Alternate transport layer protocols, like new meshnetworking protocols [5], can be supported with Blockstack.There are many fundamental technical challenges with creating a fully decentral-ized replacement for core internet components like DNS, public-key infrastructure, andstorage backends. New users/nodes need to establish trust on the network and discoverthe relevant data without relying on any remote servers. The decentralized solutionsneed to give comparable perance to the traditional internet and scale accordinglyas well. Our implementation of Blockstack has three components1. A blockchain, implemented using virtualchains [6], is used to bind digital property,like domain names, to public keys. Blockstack’s blockchain solves the problem ofbootstrapping trust in a decentralized way i.e., a new node on the network canindependently verify all data bindings.2. A peer network, called Atlas, gives a global index for discovery ination and3. A decentralized storage system, called Gaia, provides high-perance storagebackends without introducing central trusted parties.Blockstack is deployed in production and, to date, 74,000 new domains have beenregistered on it with several companies and open-source contributors actively developingnew services using Blockstack [4]. We’ve released Blockstack as open-source [7].2 System ArchitectureBlockstack has the following design goals1. Decentralized Naming Discovery End-users should be able to a registerand use human-readable names and b discover network resources mapped tohuman-readable names without trusting any remote parties.2. Decentralized Storage End-users should be able to use decentralized storagesystems where they can store their data without revealing it to any remote parties.3. Comparable Perance The end-to-end perance of the new architec-ture including name/resource lookups, storage access, etc. should be comparableto the traditional internet with centralized services.Until recently, decentralized naming systems with human-readable names were con-sidered impossible to build see Zooko’s Triangle in Section 3 and decentralized storage2systems like BitTorrent, etc. don’t o er perance/bandwidth comparable to central-ized services [8]. Blockstack presents a solution to these problems.Design Decision 1 Survive Failures of Underlying BlockchainsOur architecture does not put any limitations on which blockchain can be used withit. Any blockchain can be used, as long as it provides total ordering of operationswhich all blockchains do, but the security and reliability properties are directly de-pendent on the underlying blockchain. We believe that enabling the ability to migratefrom one blockchain to another is important as it allows for the larger system to survive,even when the underlying blockchain is compromised. Our architecture also allows ultiple underlying blockchains and treats blockchains as communication channels thatdeliver totally-ordered operations; any number of underlying communication channelscan work as long as they can individually deliver totally-ordered operations.Design Decision 2 Keep Complexity and Logic Outside of BlockchainsMany blockchains, like Namecoin [9] or Ethereum [10], implement both the control logicand the data storage plane at the blockchain level although they leave open the possibil-ity of using external data stores in the future. We believe that not using blockchains fordata storage is necessary for scalability and keeping complex logic outside of blockchainsis important for both security and scalability. Nodes on the network should not be re-quired to compute complex untrusted programs just to stay synced with the network.Further, it’s hard to introduce new features to blockchains after they’ve been deployedand gained real-world usage. We introduce the concept of virtualchains Section 4 thatcan build arbitrary state machines on top of blockchains without requiring any modi -cations to the underlying blockchains. The abstraction of total ordering of operations,on top of the underlying blockchains. serves as the \narrow waist of our architectureand keeps complexity outside of blockchains.Design Decision 3 Scalable Index for Global DataAny decentralized network requires an index to the data stored by it. Going back to theearly days of peer networks, Napster introduced a centralized index with decentralizedle transfer in 1999. BitTorrent started with centralized trackers inds as welland later introduced DHT-based decentralized inds. DHT-based peer networks aresusceptible to Sybil-attacks and have historically been unreliable and hard to scale,especially under a lot of churn. We experienced these problems rst-hand as our initialpeer network for Blockstack was based on the Kademlia DHT. We introduced a newunstructured peer network, called the Atlas network, that solves a particular case ofdecentralized storage using peer networks{the case where a the data set is small insize and, b there is a global list of all indd items available to the network. In Atlas,nodes maintain a 100 state replica. The unstructured approach is easier to implement,has no overhead for maintaining routing structure and is resilient against targeted nodeattacks every node has a full copy of data.3local DBn n1 n2 n3 n4Transactions are parsed as updates to the name DBZone fileZone file hashURI’s in zone filespoint to stored dataZone file hashPublic keyDomain nameAmazon S3DropboxMicrosoft AzureFreeNAS ServerGoogle DriveBlockchainStoragePeer NetworkFigure 1 Overview of the Blockstack architecture.2.1 Blockstack LayersBlockstack’s architecture has three layers as shown in Figure 1, with one layer theblockchain layer in the control plane and two layers the peer network and data-storagein the data plane. The control plane deals with smaller volumes of data and is mostlyconcerned with bootstrapping trust [11] and de ning the mapping between human-readable names and network resources. The data plane contains ination on howto discover data routes/pointers to data and the actual storage backends. Data iswidely replicated and it doesn’t matter from what source clients read data; clients canindependently verify from the control plane if they received the correct data or not.Layer 1 BlockchainIn our architecture the blockchain occupies the lowest layer, and serves two purposesit provides the storage medium for operations and it provides consensus on the order inwhich the operations were written. Virtualchain encodes operations in transactions onthe underlying blockchain. The blockchain provides an abstraction of totally-orderedoperations to virtualchain and serves as the \narrow waist of our architecture. A lotof complexity, like mining operations, consensus algorithms, cryptocurrency uctua-tions etc., are hidden underneath this abstraction. The higher layers only care aboutreading/writing totally ordered operations and can operate on top of any blockchain.The blockchain layer also includes a virtualchain, which de nes new operations with-out requiring changes to the underlying blockchain. Nodes of the underlying blockchains4are not aware of this layer. Virtualchains are like virtual machines, where a speci cVM like Debian 8.7 can run on top of a speci c physical machine. Di erent types ofvirtualchains can be de ned and they run on top of the speci c underlying blockchain.Virtualchain operations are encoded in valid blockchain transactions as additional meta-data. Blockchain nodes do see the raw transactions, but the logic to process virtualchainoperations only exists at the virtualchain level.The rules for accepting or rejecting virtualchain operations are de ned in the spe-ci c virtualchain, e.g., a virtualchain which de nes a single state machine implementingoperations for a global naming system. Operations accepted by rules de ned in ourvirtualchain are processed to construct a database that stores ination on the globalstate of the naming system along with state changes at any given blockchain block.Layer 2 Peer NetworkBlockstack uses a peer network for discovery. The peer network is part of the dataplane. Our architecture separates the task of discovering resources i.e., routes to datafrom the actual storage of data. This avoids the need for the system to adopt anyparticular storage service from the onset, and instead allows multiple storage providersto coexist, including both cloud storage and P2P systems.The Blockstack implementation uses zone les for storing routing ination, whichare identical to DNS zone les in their at. The zone les are stored in the discoverylayer, implemented as a peer network by Blockstack. Users do not need to trustthe discovery layer because the integrity of any data record in the discovery layercan be veri ed by checking the respective hash of that data record in the control plane.In Blockstack’s current implementation, nodes a peer network, called the Atlasnetwork Section 5, for storing zone les. The peer network only allows zone les to bewritten if hashzonefile was previously announced in the blockchain. This e ectivelywhitelists the data that can be stored in the peer network. Data records represent-ing routes irrespective of where they are fetched from can be veri ed and thereforecannot be tampered with. In the current implementation of the Atlas network, peernodes maintain a full copy of all zone les since the size of zone les is relativelysmall 4KB per le. Keeping a full copy of all routing data introduces only a marginalstorage cost on top of storing the blockchain data which is in the order of several GBs.Layer 3 StorageThe top-most layer layer-3 is the storage layer, which hosts the actual data values andis part of the data plane. All stored data values are signed by an owner key de ned inthe control plane. By storing data values outside of the blockchain, Blockstack allowsvalues of arbitrary size and allows for a variety of storage backends. Users do notneed to trust the storage layer and can verify their integrity in the control plane.Our design bene ts from the perance and reliability of the backend cloud storagesystems used and o ers comparable perance to traditional internet services.Blockstack implements a decentralized naming system, called the Blockchain Name5System BNS by de ning operations in a new virtualchain and storing discovery datain a peer network called the Atlas Network Section 5. Our virtualchain uses theunderlying blockchain to achieve consensus on the state of BNS and binds names todata records. Relying on the consensus protocol of the underlying blockchain, ourvirtualchain can provide a total ordering for all operations supported by BNS, likename registrations, name updates and name transfers. Our virtualchain represents theglobal state of BNS, including who owns a particular name and what dat
展开阅读全文