网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (2): 19-34.doi: 10.11959/j.issn.2096-109x.2020024

• 专栏:区块链技术 • 上一篇    下一篇

面向跨域可信的泛中心化区块链DNS架构研究

雷凯1,2(),束方兴1,2,黄磊1,2,章奇超1,2   

  1. 1 北京大学深圳市内容中心网络与区块链重点实验室,广东 深圳 518055
    2 北京大学互联网研究院(深圳),广东 深圳 518055
  • 修回日期:2020-02-12 出版日期:2020-04-15 发布日期:2020-04-23
  • 作者简介:雷凯(1976- ),男,湖南长沙人,博士,北京大学副教授,主要研究方向为信息中心网络、区块链、联邦学习与知识图谱|束方兴(1990- ),男,宁夏银川人,北京大学硕士生,主要研究方向为区块链系统|黄磊(1993- ),男,江苏扬州人,北京大学硕士生,主要研究方向为分布式系统和区块链系统|章奇超(1994- ),男,浙江杭州人,北京大学硕士生,主要研究方向为区块链系统
  • 基金资助:
    深圳市科技创新基金资助项目(ZDSYS201802051831427)

Research on cross-domain trustable blockchain based decentralized DNS architecture

Kai LEI1,2(),Fangxing SHU1,2,Lei HUANG1,2,Qichao ZHANG1,2   

  1. 1 Shenzhen Key Lab for Information Centric Networking &Blockchain Technology,School of Electronics and Computer Engineering,Peking University,Shenzhen 518055,China
    2 Internet Research Institute,Peking University,Shenzhen 518055,China
  • Revised:2020-02-12 Online:2020-04-15 Published:2020-04-23
  • Supported by:
    The Science and Technology Innovation Project of Shenzhen(ZDSYS201802051831427)

摘要:

DNS 系统是重要的互联网基础设施,采用中心化层级式结构,在根区存在中心化现象,导致单点故障风险、中心权利滥用风险等缺陷。设计新的泛中心化 DNS 架构将使域名系统从依赖中心的单一信任域,变为多个以顶级域名为根相互平行的信任域,存在跨域可信的研究挑战。围绕跨域可信架构的设计,在架构设计层面采用控制与解析分离的思想,提出双区块链 DNS 架构;在数据层面的跨域验证方面设计了基于单向累加器的验证方案,将传统验证过程 O(N)的时间复杂度降为接近 O(1);在关键技术的性能层面,结合DPoS机制与BFT算法提出CDBFT算法,平均吞吐量可以达到736 TPS(transaction per second)。并用理论推导和实验验证了架构在安全、性能及可扩展性方面具有优势。

关键词: DNS, 区块链, 单向累加器, 跨域可信, 共识机制

Abstract:

The domain name system (DNS) is an important internet infrastructure.However,current DNS utilizes centralized hierarchical structure with severe dependence on root server,which causes defects such as the risk of single-point failure and the abuse of central rights.Designing new decentralized DNS mainly focuses on transforming the domain name system from a single trust domain which relies on the center to multiple trust domains with the top-level domain name as the root parallel to each other,but also faces cross-domain credible challenges.To design a cross-domain trusted architecture,the concept of separating control and analysis was adopted,and a dual-blockchain DNS architecture was proposed.At data layer,a novel cross-domain verification was designed based on a one-way accumulator verification scheme,with the time complexity of the verification process O(N) reducing to O(1) nearly.The CDBFT algorithm was proposed by combining the DPoS mechanism and the BFT algorithm,whose average throughput reaches 736 TPS.The theoretical derivation and experimental results have demonstrated the advantages of this new DNS architecture on security,performance,and scalability.

Key words: DNS, blockchain, one-way accumulator, cross-domain trustable, consensus mechanism

中图分类号: 

No Suggested Reading articles found!