Here’s how a cryptocurrency name service could work. Instead of using a cryptocurrency address in a payment request, you would use a name. That name would resolve in standard DNS to a web page. That web page would also offer an API for a wallet to retrieve a real address.
Let’s take a look at how this would work. The resolver site registers a standard domain such as cyphername.com. The web site allows users to register an account whose username becomes a web page.
Of course, a top-level domain could be acquired for this purpose, with enough support, but that requires more centralization. With independent sites, anyone anywhere could set up a name service. No need to centralize this.
Companies could also operate their own services on their own domain (pay.companyname.com could be their address). So when a company wants to be paid in Bitcoin, for example, they would provide pay.companyname.com as the address, and the wallet receiving the payment request would go to that address and get back a Bitcoin address to use in the payment.
The web page
Stepping back to a simple service hosted on a web site. Let’s say the username chosen is dave. The web page dave.cyphername.com goes live. As a person if you visit that page you can request an address. If the person has more than one cryptocurrency it could ask you to first request the currency and then generate the address. It could present the address in a few different ways. It could simply present the address, or it could present a QR Code with the address, or you could provide additional information such as how much you plan to send to the address, what the payment is for, and it could generate a payment URI (and accompanying QR Code).
Wallet API
Now let’s say you’re using a wallet. You want to send Dave BTC. Instead of entering a BTC address, you enter dave.cyphername.com (probably prefaced by a character to indicate to the wallet to connect to that site without having to do much analysis – maybe an @ or a #). The wallet interprets this as a name resolver, and through an API requests an address for BTC from dave.cyphername.com, which returns the address to the wallet, which will now use the returned address to send the BTC. The wallet could ask the user to enter a description of what is being paid for which would be sent to the resolver (and on to the owner of the name). The transaction on the Bitcoin blockchain would use the address provided by the API, so even though the user sending the payment knows the address is associated with the username, no one else does.
The technicalities
There would need to be some standardization so wallets would know how to access the API, but the simplest way to do this is probably a REST API at a defined port number. The wallet could authenticate for the person who owns the name, or just allow access to addresses for everyone else.
When accessing the API, the client (the wallet) could ask for more than one address, perhaps to help obfuscate a payment. The results could be returned in JSON, either with a single address or a series of them if requested. The API could also allow requesting addresses for different currencies, but it could default to a specific one.
The web interface wouldn’t really need any standardization. Developers who build on this concept could offer whatever features they want. QR Codes and payment URIs don’t need to be supported, but could be if they wanted to. The web interface could also allow the owner to access the back-end and see what addresses have been given out, and if there were memos associated with them. From a security point of view, however, it might be better to erase mention of any addresses given out in the past. The name owner would have a way to receive information about those given out (through their wallet, or even to an e-mail address), and then the information would be removed from the server.
Where do the addresses come from?
There are existing sites that allow a person to hand out a web page URL to enable the user to give out a human-readable address, and then have the web site give out your address(es). Those sites can offer multiple coins, but always offer the same address for each coin, which is a problem. Best practice is to never re-use an address (for those coins that support multiple addresses).
Here’s where things get interesting. The person setting up the name could provide a public key and chain code from an HD wallet, which would allow the resolver to generate new public keys, and thus addresses, at will. If you’re sure the resolver is going to be secure, this is a great solution. If you’re not sure, it can be a risk, since someone who has both public keys and the chain code can determine the private key, compromising all the addresses generated by the site. Not ideal.
A prefered solution to this is to allow the user to upload keys to use. If using a wallet that can connect via API, then the resolver receiving a request from the user who created the page could respond that it’s running out of addresses, and request more. The wallet could then generate a 100 more addresses, and send them to the resolver to use. The name owner’s wallet could regularly connect to the resolver to check if more names are required, and to retrieve any memos added when the addresses were given out.
Let’s say you don’t have a wallet that can connect via API. Instead you could create a bulk wallet, generating 10,000 addresses, and just upload the CSV to the resolver site to use. If you wanted to you could manually get addresses from your wallet app and add them to the resolver. This could allow complete anonymity (assuming you connect to the resolver site through a VPN) as there is never a need to connect to the site to update it. You set it and forget it. Just don’t lose your private keys.
Leave a comment