Zooko's triangle

Zooko's triangle (Engl. Zooko's triangle ) is a theory of Zooko Wilcox-O'Hearn , after a namespace in a computer network , only two of the three properties decentralized , sure can meet and meaningful at the same time.

In a namespace, names are mapped to addresses or other values. The three properties mentioned are typically considered desirable in large, public namespaces.

Decentralized

There is no central authority that issues names or decides on their validity. The namespace is administered by several authorities who do not all trust each other to the same extent. The decisive criterion is that there is no hierarchical trust relationship, but trust networks built up in any way .

For sure

The integrity of name mappings is preserved. An attacker cannot manipulate an assignment without the manipulation attempt being recognized.

Meaningful

The expressiveness of a name includes, on the one hand, that a name can be read by humans and, on the other hand, that a person can derive a meaning from a name. Self-selected names are meaningful, but not automatically generated, seemingly random strings.

According to theory, when designing a namespace, a compromise must be made in which one of the three properties is dispensed with. Examples:

• The Domain Name System uses meaningful names in a hierarchical structure. With DNSSEC , the integrity and authenticity can be checked by name mappings. The namespace is distributed, but not decentralized due to the hierarchical relationship of trust.
• The ".onion" names of TOR Hidden Services are derived from hash values ​​of the server key. This means that they are tamper-proof and do not need a central instance for generation or validation, but they are not meaningful and cannot be freely selected.
• Nicknames in the Internet Relay Chat are - within the scope of the character and length restrictions - freely selectable and meaningful and require i. d. Usually no central instance for generation. However, they are not safe as any user can choose any nickname that is currently unused. In some IRC networks there is a central instance (NickServ) where you can register nicks. Then they are safe, but this security is then dependent on this central authority.

Attempted solutions

Aaron Swartz described a naming system based on Bitcoin in January 2011 that, according to him, fulfills the three properties of Zooko's triangle. Dan Kaminsky criticized Swartz's naming system for its vulnerability due to delays in information dissemination and Sybil attacks . He questions whether such a system still does justice to Zooko's triangle due to the weaker security guarantees, and compares the security model with that of SSH .

The concept described by Swartz is similar to Namecoin, which was published as a fork of Bitcoin in April 2011 .

Individual evidence

1. ↑ Zooko Wilcox-O'Hearn: Names: Decentralized, Secure, Human-Meaningful: Choose Two ( Memento of the original from October 20, 2001 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (English), accessed January 16, 2011 @1@ 2Template: Webachiv / IABot / zooko.com
2. Jump up ↑ Squaring the Triangle: Secure, Decentralized, Human-Readable Names , Aaron Swartz, January 6, 2011
3. ↑ Spelunking the Triangle: Exploring Aaron Swartz's Take On Zooko's Triangle Dan Kamninsky's blog, Dan Kaminsky , January 13, 2011
4. ↑ vinced: Namecoin - a distributed naming system based on Bitcoin , April 18, 2011. Retrieved January 17, 2013.