The GNU Name System Specification

Introduction This document contains the GNU Name System (GNS) technical specification for secure, censorship-resistant and decentralised name resolution. This document defines the normative wire format of resource records, resolution processes, cryptographic routines and security considerations for use by implementors.

Zones A zone in GNS is defined by a public/private ECC key pair (x,x*P), where P is the generator of an elliptic curve, x is the private key and x*P the corresponding public key. The keys are constructed using the Curve25519 ECC scheme as defined in . The public key "x*P" is used to uniquely identify and refer to the zone. Records published in the zone are signed using a private key derived from the private key "x" as described in .

Resource records A GNS resource record holds the data of a specific record in a zone. The resource record wire format is defined as follows:

where:

EXPIRATION: Denotes the absolute expiration date of the record. In microseconds since midnight (0 hour), January 1, 1970 in network byte order.
DATA SIZE: The resource record data length in bytes and network byte order.
TYPE: The resource record type. This type can be one of the GNS resource records as defined in or a DNS record type as defined in or any of the complementary standardized DNS resource record types.
FLAGS: Resource record flags. Flags are defined in .
DATA: The resource record data payload. The contents are defined by the respective type of the resource record.

Flags Flags indicate metadata surrounding the resource record. A flag value of 0 indicates that all flags are unset. The following illustrates the flag distribution in the 32-bit flag value of a resource record:

where:

SHADOW: If this flag is set, this record should not be used unless all (other) records with an absolute expiration time have expired.
EXPREL: The expiration time value of the record is a relative time and not an absolute time. This flag can be ignored by a resolver.
PRIVATE: This is a private record of this peer and it should thus not be handed out to other peers. This flag should never be encountered by a resolver.

GNS resource record types The a PKEY DATA entry has the following format:

Publishing records GNS resource records are published in a distributed hash table (DHT). Resource records are grouped by their respective labels and published together in a single block in the DHT. A resource records block is published under a key which is derived from the respective label of the contained records. Given a label, the DHT key "q" is derived as follows: We use a hash-based key derivation function (HKDF) as defined in . We use HMAC-SHA512 for the extraction phase and HMAC-SHA256 for the expansion phase.

h: is key material retrieved using an HKDF using the string "key-derivation" as salt and the public key "x*P" as initial keying material. The label and string "gns" are concatenated and used in the HKDF expansion phase.
d: is a private key derived from the zone key "x" using the keying material "h" (512 bit) and "p" is a prime as defined in .
q: Is the DHT key under which the resource records block is published. It is the SHA512 hash over the public key "d*P" corresponding to the derived private key "d".

Resource records block GNS records are grouped by their labels are published as a single block in the DHT. The contained resource records are encrypted using a symmetric encryption scheme. A GNS resource records block has the following format:

where:

SIGNATURE: A 512-bit ECDSA signature. This field contains a 512-bit ECDSA signature over the data following the PUBLIC KEY field. The signature is create using the derived private key "d".
PUBLIC KEY: The 256-bit ECC public key "d*P" to be used to verify SIGNATURE.
BDATA SIZE: A 32-bit value containing the length of the following data (PURPOSE, EXPIRATION, BDATA) in network byte order.
PURPOSE: A 32-bit signature purpose flag. This field MUST be 15 (in network byte order).
EXPIRATION: The resource records block expiration time. This is the expiration time of the resource record contained within this block with the smallest expiration time. This is a 64-bit absolute date in microseconds since midnight (0 hour), January 1, 1970 in network byte order.
BDATA: The encrypted resource records with a total size of "BDATA SIZE".

Block data encryption Given a GNS record block a symmetric encryption scheme is used to en-/decrypt "BDATA". The keys are derived from the record label and a public key "d*P", where "d" is an ECDSA private key and "P" is the EC generator. "d" is derived from the private key "x" of a GNS zone. Both label and public key and "x*P" are implicity known by a GNS resolver while "d*P" is provided within the resource records block. The keying material "K" and initialization vector "IV" are derived as follows: We use a hash-based key derivation function (HKDF) as defined in . We use HMAC-SHA512 for the extraction phase and HMAC-SHA256 for the expansion phase. The output keying material is 64 octets (512 bit) for the symmetric keys and 32 octets (256 bit) for the initialization vector. We divide the resulting keying material "K" into a 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo":

Similarly, we divide "IV" into a 128-bit initialization vector IVaes and a 128-bit initialization vector IVtwo:

The symmetric keys and IVs are used for a AES+TWOFISH combined cipher. Both ciphers are used in Cipher FeedBack (CFB) mode. The decrypted RDATA has the following format:

where:

RR COUNT: A 32-bit value containing the number of resource records which are following.

is followed by a set of resource records with the respective wire formats defined in .

Internationalization and Character Encoding TODO

Security Considerations TODO

Record Resolution TODO

Namespace Revocation TODO

IANA Considerations This will be fun