Decentralized naming and certificate authority

An experimental peer-to-peer root naming system.

Source Code: Multiple implementations may exist. Initial code: GitHub, Download

GUI Full Node Wallet: Bob Wallet, Source Code

Claim HNS for FOSS developers:
Claim here and register names.

Please be careful when using other software to claim.

Technical Info: Install, Design notes, Docs.


Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems. Names on the internet (top level domains, social networking handles, etc.) ultimately rely upon centralized actors with full control over a system which are relied upon to be honest, as they are vulnerable to hacking, censorship, and corruption. Handshake aims to experiment with new ways the internet can be more secure, resilient, and socially useful with a peer-to-peer system validated by the network's participants.

Handshake is an experiment which seeks to explore those new ways in which the necessary tools to build a more decentralized internet. Services on the internet have become more centralized beginning in the 1990s, but do not fulfill the original decentralized vision of the internet. Email became Gmail, usenet became reddit, blog replies became facebook and Medium, pingbacks became twitter, squid became Cloudflare, even gnutella became The Pirate Bay. Centralization exists because there is a need to manage spam, griefing, and sockpuppet/sybil attacks. Previous decentralized systems largely stopped working due to spam. If it were more costly to grief on the internet using decentralized systems, the need for trusted centralized corporations to manage these risks decrease. Internet services and platforms may benefit from building on top of a decentralized system which is specifically designed for resilience against sybil attacks.
As we may redecentralize.

Web of Network Nodes


By running Handshake, one can participate in a decentralized open naming platform secured by a decentralized peer-to-peer network.

Read the project design notes
Documentation here
Initial code on GitHub

  • A base layer for the decentralized internet. The internet is arranged in layers, to decentralize the internet, we need to start at the lowest layers of the stack. Secure naming ensures user agents are talking to the right endpoints.
  • The place for minimal global consensus. Decentralization is most successful if we have minimal areas to reach complete global agreement. Names and signing certificates may be one of the few (if only) places of global agreement for a decentralized web. Handshake is an experimental structure for reaching that agreement via software.
  • True decentralization, no official singular Foundation, Committee, Corporation, or entities in permanent unitary control of the protocol.
  • Economic incentives enable decentralized agreements to form via a transparent name auction process. Without some kind of economic cost function, one person could register all names. Economic incentives enable decentralized sybil resistance which would otherwise be centralized and corrupted.
  • Alternative to certificate authorities, using a decentralized trust anchor to prove domain ownership
  • Distributed and permissionless zone file to which any participant has the right to add an entry or serve as host and validator
  • Light clients via merkelized proofs and proof-of-work allow for lightweight name resolutions and certificates. The initial protocol enables cryptographic name proofs, with the potential for decentralized proof lookups to be usually within the MTU limit.
  • A platform for sybil resilience. WoT can/should be used as an augmentation, but it is often not a global agreement of resources for individual decentralized services. By using Handshake names, one can know that some kind of economic limits exist for the use of the name. This can be leveraged whenever one is concerned about resource exhaustion, and reaching global agreement on moderation alone is too costly.


Handshake is a piece of software (and a loose consensus on agreement of the software itself). This software's primary function is for people to come to agreement on names and cryptographic keys authorized to represent that names in a decentralized way. To do this in a decentralized way, we need to prevent a single party from claiming all the names. Therefore, a unit of account is needed to prevent that single party from claiming all names.

Handshake uses a coin system for name registration. The Handshake coin (HNS) is the mechanism by which participants transfer, register, and update internet names. The community will be able to initiate auctions and place bids for top-level domains using HNS or trade their HNS as they see fit, with differing value per name.

Therefore, Handshake allocates the majority of its initial coins towards the FOSS community with absolutely no obligation attached, as it is this community most relevant with decentralized software and tools. The goal of the initial design was to account for all possible stakeholders. More info.

Handshake's incentive design assumptions relies upon Metcalfe's Law (Beckstrom's Law, etc.). While Bitcoin's value is derived from it being a costly store of value, Handshake's value is derived from its network of users. Metcalfe's Law asserts that an increase in userbase increases the value of the network (sub)exponentially. This means that allocation of value to potential developers and users of this system be a benefit to everyone, with network effect derived benefiting all users.

Free and Open Source Developers

Majority ownership of HNS can be claimed by Free and Open Source Software contributors directly to the network itself on-chain. Read more here.

Top github users and PGP WoT Strong Set are the primary set (along with several other communities). This list is not a "toplist of FOSS developers and advocates" and inclusion does not imply that one is a top contributor, this was a list optimized towards availability of scrapeable unique public keys, as the keys are claimed in a decentralized way after the list was generated, and cannot be modified after Handshake goes live without a subsequent hard-fork allocation.