{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T06:15:55Z","timestamp":1761718555604,"version":"3.41.0"},"reference-count":30,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"1","license":[{"start":{"date-parts":[[2016,12,22]],"date-time":"2016-12-22T00:00:00Z","timestamp":1482364800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Tor onion services, also known as hidden services, are anonymous servers of unknown location and ownership that can be accessed through any Torenabled client. They have gained popularity over the years, but since their introduction in 2002 still suffer from major usability challenges primarily due to their cryptographically-generated non-memorable addresses.<\/jats:p><jats:p>In response to this difficulty, in this work we introduce the Onion Name System (OnioNS), a privacy-enhanced decentralized name resolution service. OnioNS allows Tor users to reference an onion service by a meaningful globally-unique verifiable domain name chosen by the onion service administrator.We construct OnioNS as an optional backwards-compatible plugin for Tor, simplify our design and threat model by embedding OnioNS within the Tor network, and provide mechanisms for authenticated denial-of-existence with minimal networking costs. We introduce a lottery-like system to reduce the threat of land rushes and domain squatting. Finally, we provide a security analysis, integrate our software with the Tor Browser, and conduct performance tests of our prototype.<\/jats:p>","DOI":"10.1515\/popets-2017-0003","type":"journal-article","created":{"date-parts":[[2016,12,23]],"date-time":"2016-12-23T19:41:36Z","timestamp":1482522096000},"page":"21-41","source":"Crossref","is-referenced-by-count":7,"title":["The Onion Name System"],"prefix":"10.56553","volume":"2017","author":[{"given":"Jesse","family":"Victors","sequence":"first","affiliation":[{"name":"Cigital, Inc., United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ming","family":"Li","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinwen","family":"Fu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"35752","published-online":{"date-parts":[[2016,12,22]]},"reference":[{"key":"2021040701485806831_j_popets-2017-0003_ref_1_w2aab2b8c17b1b7b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] Baruch Awerbuch and Christian Scheideler, Group spreading: A protocol for provably secure distributed name service, Automata, Languages and Programming, Springer, 2004, pp. 183-195.","DOI":"10.1007\/978-3-540-27836-8_18"},{"key":"2021040701485806831_j_popets-2017-0003_ref_2_w2aab2b8c17b1b7b1ab1ab2Aa","unstructured":"[2] Daniel J Bernstein, Dnscurve: Usable security for dns, http: \/\/dnscurve.org\/, 2009."},{"key":"2021040701485806831_j_popets-2017-0003_ref_3_w2aab2b8c17b1b7b1ab1ab3Aa","unstructured":"[3] Daniel J Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang, High-speed high-security signatures, Journal of Cryptographic Engineering 2 (2012), no. 2, 77-89."},{"key":"2021040701485806831_j_popets-2017-0003_ref_4_w2aab2b8c17b1b7b1ab1ab4Aa","unstructured":"[4] BitInfoCharts, Crypto-currencies statistics, https:\/\/bitinfocharts.com\/, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_5_w2aab2b8c17b1b7b1ab1ab5Aa","unstructured":"[5] Blockchain.info, Hashrate distribution, https:\/\/blockchain.info\/pools, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_6_w2aab2b8c17b1b7b1ab1ab6Aa","unstructured":"[6] Joseph Bonneau, Jeremy Clark, and Steven Goldfeder, On bitcoin as a public randomness source, IACR Cryptology ePrint Archive 2015 (2015), 1015."},{"key":"2021040701485806831_j_popets-2017-0003_ref_7_w2aab2b8c17b1b7b1ab1ab7Aa","unstructured":"[7] John Brooks, Anonymous peer-to-peer instant messaging, https:\/\/github.com\/ricochet-im\/ricochet, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_8_w2aab2b8c17b1b7b1ab1ab8Aa","unstructured":"[8] Ryan Castellucci, Namecoin, https:\/\/namecoin.info\/, 2015."},{"key":"2021040701485806831_j_popets-2017-0003_ref_9_w2aab2b8c17b1b7b1ab1ab9Aa","unstructured":"[9] Donncha O\u2019 Cearbhaill, Onion balance, https:\/\/github.com\/DonnchaC\/onionbalance, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_10_w2aab2b8c17b1b7b1ab1ac10Aa","unstructured":"[10] Botan Developers, Botan: Crypto and tls for c++11, http: \/\/botan.randombit.net\/, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_11_w2aab2b8c17b1b7b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] Roger Dingledine, Nick Mathewson, and Paul Syverson, Tor: The second-generation onion router, Tech. report, DTIC Document, 2004.","DOI":"10.21236\/ADA465464"},{"key":"2021040701485806831_j_popets-2017-0003_ref_12_w2aab2b8c17b1b7b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] Ittay Eyal, The miner\u2019s dilemma, Security and Privacy (SP), 2015 IEEE Symposium on, IEEE, 2015, pp. 89-103.","DOI":"10.1109\/SP.2015.13"},{"key":"2021040701485806831_j_popets-2017-0003_ref_13_w2aab2b8c17b1b7b1ab1ac13Aa","unstructured":"[13] Internet Engineering Task Force, Dns security (dnssec) hashed authenticated denial of existence, https:\/\/tools.ietf.org\/html\/rfc5155, 2008."},{"key":"2021040701485806831_j_popets-2017-0003_ref_14_w2aab2b8c17b1b7b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Michael T Goodrich, Roberto Tamassia, and Andrew Schwerin, Implementation of an authenticated dictionary with skip lists and commutative hashing, DARPA Information Survivability Conference &amp; Exposition II, 2001. DISCEX\u201901. Proceedings, vol. 2, IEEE, 2001, pp. 68-82.","DOI":"10.1109\/DISCEX.2001.932160"},{"key":"2021040701485806831_j_popets-2017-0003_ref_15_w2aab2b8c17b1b7b1ab1ac15Aa","unstructured":"[15] David Goulet and George Kadianakis, Random number generation during tor voting, https:\/\/gitweb.torproject.org\/torspec.git\/tree\/proposals\/250-commit-reveal-consensus.txt, 2015."},{"key":"2021040701485806831_j_popets-2017-0003_ref_16_w2aab2b8c17b1b7b1ab1ac16Aa","unstructured":"[16] katmagic, Shallot, https:\/\/github.com\/katmagic\/Shallot, 2012."},{"key":"2021040701485806831_j_popets-2017-0003_ref_17_w2aab2b8c17b1b7b1ab1ac17Aa","unstructured":"[17] Trace Mayer, Bitcoin mining hardware guide, https:\/\/www.bitcoinmining.com\/bitcoin-mining-hardware\/, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_18_w2aab2b8c17b1b7b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Ralph C Merkle, A digital signature based on a conventional encryption function, Advances in Cryptology-CRYPTO\u201987, Springer, 1988, pp. 369-378.","DOI":"10.1007\/3-540-48184-2_32"},{"key":"2021040701485806831_j_popets-2017-0003_ref_19_w2aab2b8c17b1b7b1ab1ac19Aa","unstructured":"[19] Satoshi Nakamoto, Bitcoin: A peer-to-peer electronic cash system, Consulted 1 (2008), no. 2012, 28."},{"key":"2021040701485806831_j_popets-2017-0003_ref_20_w2aab2b8c17b1b7b1ab1ac20Aa","unstructured":"[20] Simon Nicolussi, Human-readable names for tor hidden services, Bachelor thesis, Leopold-Franzens-Universitat Innsbruck, Institute for Computer Science, 2011, http: \/\/www.sinic.name\/docs\/bachelor.pdf."},{"key":"2021040701485806831_j_popets-2017-0003_ref_21_w2aab2b8c17b1b7b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] Lasse Overlier and Paul Syverson, Locating hidden servers, Security and Privacy, 2006 IEEE Symposium on, IEEE, 2006, pp. 15-pp.","DOI":"10.1109\/SP.2006.24"},{"key":"2021040701485806831_j_popets-2017-0003_ref_22_w2aab2b8c17b1b7b1ab1ac22Aa","unstructured":"[22] Colin Percival and Simon Josefsson, The scrypt passwordbased key derivation function, Tech. report, September 2012, https:\/\/tools.ietf.org\/html\/draft-josefsson-scryptkdf-00."},{"key":"2021040701485806831_j_popets-2017-0003_ref_23_w2aab2b8c17b1b7b1ab1ac23Aa","unstructured":"[23] GNU Project, Microhttpd, https:\/\/www.gnu.org\/software\/libmicrohttpd\/, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_24_w2aab2b8c17b1b7b1ab1ac24Aa","unstructured":"[24] The Tor Project, Tor metrics, https:\/\/metrics.torproject.org\/, 2015."},{"key":"2021040701485806831_j_popets-2017-0003_ref_25_w2aab2b8c17b1b7b1ab1ac25Aa","unstructured":"[25] , Next-generation hidden services in tor, https:\/\/gitweb.torproject.org\/torspec.git\/tree\/proposals\/224-rendspec-ng.txt, 2016."},{"key":"2021040701485806831_j_popets-2017-0003_ref_26_w2aab2b8c17b1b7b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] Nolen Scaife, Henry Carter, and Patrick Traynor, OnionDNS: A seizure-resistant top-level domain, IEEE Conference on Communications and Network Security (2015).","DOI":"10.1109\/CNS.2015.7346849"},{"key":"2021040701485806831_j_popets-2017-0003_ref_27_w2aab2b8c17b1b7b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Matthew Thomas and Aziz Mohaisen, Measuring the leakage of onion at the root, Tech. report, Verisign Labs, 2014.","DOI":"10.1145\/2665943.2665951"},{"key":"2021040701485806831_j_popets-2017-0003_ref_28_w2aab2b8c17b1b7b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Matthias Wachs, Martin Schanzenbach, and Christian Grothoff, A censorship-resistant, privacy-enhancing and fully decentralized name system, Cryptology and Network Security, Springer, 2014, pp. 127-142.","DOI":"10.1007\/978-3-319-12280-9_9"},{"key":"2021040701485806831_j_popets-2017-0003_ref_29_w2aab2b8c17b1b7b1ab1ac29Aa","unstructured":"[29] K. T. Wallenius, Biased sampling: The non-central hypergeometric probability distribution, Ph.D. Thesis, Stanford University, Department of Statistics. (1963)."},{"key":"2021040701485806831_j_popets-2017-0003_ref_30_w2aab2b8c17b1b7b1ab1ac30Aa","unstructured":"[30] Philipp Winter, Roya Ensafi, Karsten Loesing, and Nick Feamster, Identifying and characterizing sybils in the tor network, arXiv preprint arXiv:1602.07787 (2016)."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2017\/1\/article-p21.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2017-0003","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T20:54:22Z","timestamp":1749848062000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2017\/popets-2017-0003.php"}},"subtitle":["Tor-powered Decentralized DNS for Tor Onion Services"],"short-title":[],"issued":{"date-parts":[[2016,12,22]]},"references-count":30,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2016,12,22]]},"published-print":{"date-parts":[[2017,1,1]]}},"alternative-id":["10.1515\/popets-2017-0003"],"URL":"https:\/\/doi.org\/10.1515\/popets-2017-0003","relation":{},"ISSN":["2299-0984"],"issn-type":[{"type":"electronic","value":"2299-0984"}],"subject":[],"published":{"date-parts":[[2016,12,22]]}}}