What does Handshake do?

Handshake is an experiment on collaborating to create a decentralized network which results in a global allocation of names. Think of the handles or usernames you use on services such as social networks, and domain names identifying the URI for websites. Nearly all of these services were provided by trusted third parties which prevent the web from truly being decentralized. Handshake provides a means, including key management and server/service authentication, for decentralized web services to experiment. The Internet currently relies upon a single trust root DNS zone and an amalgamation of private companies providing trusted Certificate Authorities to secure the internet, Handshake is an experiment and exploration in alternatives. By providing a way to do decentralized lookup of name records, one can produce hashes and keys to identify resources over decentralized networks without a trusted Certificate Authority corporation.

Why is canonicalization of naming within namespaces important?

Having a unique name on a particular namespace or zone is incredibly important for the security of the internet. Having a decentralized unique namespace could enable decentralized internet technologies. If you have a username on a social network, you may want a unique URI to view your profile. Similarly, for domain TLDs and other resources, it is helpful to know that you're correctly communicating with the desired endpoint. Without a unique namespace, the internet is vulnerable to either everyone having to type in the cryptographic key (making name lack usefulness), or a lack of agreement on the relationship between a resource and name. This has very severe security implications. Handshake's goal is decentralization, canonicalization of names, and security. With the root zone in use as of the time of this writing (2019), internet naming does not provide decentralization, nor secure authenticated canonicalization of names (the Certificate Authority system).

How does Handshake work?

Handshake needs to reach global agreement on names and its owners. To do this, we need to develop ordering of when a name has already been registered in a decentralized way. In essence, we need decentralized global agreement on ordering. Handshake uses its own blockchain to do so. While there has been much misunderstanding on the purpose of a blockchain, the purpose is primarily to ordering events which occur over time (did A happen before B?). If no ordering of events are necessary, a blockchain is not needed. The Handshake blockchain creates an ordering of name registrations, so one knows when a name has already been registered. Without a global decentralized agreement on the order of registrations, we cannot know whether Alice owns the name or Bob does (did Bob make a false claim of registration after Alice already made one). Handshake has everyone run the same software rules so everyone can programmatically come to agreement on name ownership. When a name is registered, the owner has a cryptographic key which is under their control, which assigns ownership to themselves, and can write records on Handshake which identifies, authorizes, and locates resources associated with their name. As these records are also ordered, one can have greater assurance on whether the records are expired or current.

Does this promote carbon emissions?

Handshake uses proof-of-work mining, as it is currently the most reliable way to do compact light client proofs. Proof of work uses computational power, a lot of it. However, the overwhelming majority of this computational power is produced using renewables, currently wind and hydro. The reason proof-of-work is currently primarily renewables is that the competitive cost has driven down to places with excess energy, which are remote hydro and wind farms. While there are no guarantees this will persist, the percentage which uses renewables is increasing. In the future, it is possible to have it be a contributor to subsidizing off-grid solar power. As the grid becomes less viable due to local generation, it is possible that miners securing the network can provide an additional revenue stream. This isn't certain, but a theory is that if mining is secured by solar, the network security would be much higher, as that would mean that it requires significant investment in physical infrastructure to attack. This benefits people with off-grid solar panels, as their electricity is otherwise worthless after their batteries are fully charged. While it is uncertain if this will prove to be the case and alternatives should be ready, currently the overwhelming majority of proof of work mining using renewables is increasing.

When is the first handshake?

On the 615817th Bitcoin block height, the BTC blockhash will be committed into the Handshake genesis block. While it can be immediately mined, the genesis block is only locked in after six confirmations. After the first six confirmations of valid Bitcoin blocks, the genesis block will not change, even with a deep reorg. The code is available for download. Transactions will enabled after two weeks worth of blocks.


How do Internet names currently work?

When a domain name is resolved to a corresponding server in the IP space, it uses a recursive DNS resolver such as Google's Public DNS server. DNS servers query a number of root servers maintained by one of 12 centralized entities. These root servers serve the "root zone". The root zone is the collection of Top Level Domains (TLDs) like .com, .net, .org, etc.

Why does the Certificate Authority system benefit from decentralization?

Compromised certificate authorities threaten SSL. Billions of dollars are currently being moved around on potentially insecure websites. If you’re personally identifiable as the owner of a valuable asset, there’s a risk to your personal safety. Even though WHOIS records have been scrubbed of private information — with the current naming system, your information can still be subpoenaed from a domain registrar.

What issues have occured with the centralized nature of the root zone and DNS as it currently stands?

Certificate authorities and private owners of TLDs impose fees while often compromising the security of SSL by issuing bad certificates or cooperating with government attempts to spy on encrypted traffic or censor undesirable content. One common mechanism of Internet censorship that has been used with increasing and alarming frequency is DNS filtering and redirection. Another area where the centralized nature of Internet names has come to a head is domain registration privacy. Additionally, the way DNS is currently centered at a handful of choke points allows for DDoS attacks like we saw in the 2016 attack on Dyn.

Does Handshake replace DNS?

No. Handshake is meant to replace the root zone file, not DNS. Browsing the web with human readable names is what Internet users have gotten acclimated to. Our solution allows for a seamless transition between a centralized name root zone file controlled by private parties to a decentralized root zone file controlled by actual Internet users. The Handshake blockchain itself is essentially one big distributed zone file in which anyone has the right to add an entry in.

What can you do with Handshake and DNS now?

Using OpenSSH, it’s possible to store SSH fingerprints in DNS. This means that if you're using a Handshake Name System (HNS) resolver, you can actually already verify SSH fingerprints in a decentralized way. This is possible without needing to install any additional, special SSH software.

DNS has an additional feature that allows you to verify TLS certificates by storing a hash of your ‘SubjectPublicKeyInfo’. This means that there is now a P2P way to trust self-signed certificates, as long as they have a valid DNSSEC trust chain set up. Anyone can set up a valid trust chain without having to ask anyone's permission to do so.

How is Handshake different from other decentralized naming projects?

Many other decentralized naming systems did not allow for secure “light clients” (simple payment verification mode), forcing every potential user to run a full node, equivalent to saving all the domains in the world on your computer. Another key differentiator is that Handshake is the first to pre-reserve names for existing trademark name holders.


Why is there a grant of $10.2 million to nonprofits and free/open source projects?

Handshake’s original incubators, Purse.io and Private Internet Access, provided enough support to build and launch the platform without additional funding. The pre-launch project contributors don’t require additional capital from subsequent investors, but what was needed is their deep expertise in early stage technology venture valuation. Accepting their investment at mutually agreed upon terms ensures Handshake launches at a reasonable valuation and enables the network to immediately bootstrap the decentralized market for Internet names. Beyond that Handshake has everything needed and that capital is better deployed by the FOSS organizations to which have been pledged to contribute it.

Why are free and open source contributors receiving the majority of the initial HNS?

The Internet, and civilization as a whole, would not be where it is today without the hard work of the free software and open source community and the projects that they work on. The Handshake blockchain will start with an initial supply of 1.36 billion coins, of which ~67.5% will be gifted to FLOSS developers and projects, as well as non profit organizations, universities.

Read more about it on the FLOSS Pledge Page.


How can trademark holders claim their names on HNS?

Handshake is holding a ninety day sunrise period before launch to allow existing rights-holders to claim their trademarked names. This is in order to help the seamless transition from a centralized root zone file to a decentralized root zone file. Read more in our Handshake Name Trademark Disclaimer.

Why is Handshake pre-reserving the top tens of thousands of domain names according to Alexa.com?

Existing TLDs and over 100,000 Alexa websites are reserved on the Handshake blockchain. Upon removing collisions, generic, and exclusions (e.g. 1 or 2 character names), approximately 80,000 names remain. Using the root key and DNSSEC, domain owners can cryptographically prove ownership to the Handshake blockchain to claim names. 100,000 was chosen as a number which the ownership is clear and has already gone through policy and process.

Why is Handshake allowing trademark holders to claim their names on HNS?

Handshake is holding a sunrise period before launch to allow existing rights-holders to claim their trademarked names. This is in order to help the seamless transition from a centralized root zone file to a decentralized root zone file. Read more in the Handshake Name Trademark Disclaimer.

What is the challenge with secure name resolution?

The largest challenge is the “key exchange problem.” This can be solved by putting the certificate and names on the blockchain and tying their ownership to private keys. This is Handshake’s key innovation on the root zone file.

How do I register a Handshake name?

Handshake leverages a blockchain based on unspent transaction output (UTXO) and proof-of-work (PoW) similar to Bitcoin for naming capabilities. The naming system features an on-chain smart contract-like functionality called covenants which restrict the future use of outputs of a transaction. Because covenants are built in at the blockchain layer via the consensus protocol, the handshake system enables different types of smart contracts which is used to develop an auction system for individuals to bid on domain naming rights.

What does the Handshake names auction process look like?

Users can buy or register domains through a Vickrey auction using HNS coins. All possible names are released weekly over the first year after launch. Users may submit blinded bids on the Handshake blockchain anytime after a name is released for auction. Bidding is open to everyone for ~5 days after the reveal period, and have ~10 days to reveal their bid price. A winner is assigned the name and, as it is a Vickrey auction, pays the second highest bid at the end of the reveal period. The winning bid amount of HNS coins is burned and permanently removed from circulation. Losing bids are returned and not burned.

How long are my names good for?

Handshake names are registered for two years at a time. Names can be renewed biannually by paying a standard network fee. There are no social or technical guarantees with the renewability or ownership, this is an experimental system, please read the code to see details of how it currently works.

Who gets the renewal fee?

Renewals for names are bi-annual and cost a standard network fee. Currently, miners will receive the transaction fee as part of their block reward.

How do I transfer ownership of a name?

The name owner sends a TRANSFER transaction to the receiver, and that transaction is confirmed in a block on the blockchain. After 288 blocks (~2 days), the name owner can send a FINALIZE transaction. Once that is confirmed, the new owner controls the name. Transferring ownership may also have payments embedded, so the recipient will receive coins if and only if the transfer is successful. This means that users do not need to use 3rd party escrow to pay for transfer.