1. Introduction

A stateless, Sybil-resistant naming system secured purely by math and time.
Created by Saif Mukhtar

Official IETF Internet-Drafts:

• draft-mukhtar-kinetic-network-00
• draft-mukhtar-kinetic-identity-00

To understand the necessity of the Kinetic Protocol, one must first understand the complete historical and sociological failures of digital naming architectures. The internet, at its lowest level, speaks the language of IP addresses (e.g., 192.168.1.100 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334). While mathematically precise and perfectly suited for silicon routing, these numerical identifiers are completely alien to human cognition. Humans require semantics, semantics require names, and names require registries.

The core problem of any global namespace is mathematically bounded by Zooko’s Triangle. Proposed in 2001 by Zooko Wilcox-O’Hearn, this trilemma posits that network identifiers cannot simultaneously achieve three properties:

1. Human-Meaningful: Meaningful and memorable names (like apple or saif) instead of cryptographic hashes (like 0x4a7e...).
2. Decentralized: No central authority controls the namespace, preventing censorship, arbitrary seizure, and rent-extraction.
3. Secure: The system is resistant to spoofing, meaning one entity cannot illegitimately claim a name belonging to another, nor can a single entity easily exhaust the entire namespace (Sybil attacks).

For the past three decades, network engineers have attempted to square this triangle. Every attempt has failed to achieve all three without introducing fatal economic or sociological compromises.

1. The Legacy Era: ICANN and Absolute Centralization (1980s - Present)

The Domain Name System (DNS), as we know it today, completely sacrifices the Decentralized leg of Zooko’s Triangle. It opts for human-meaningful names and security through absolute, hierarchical centralization.

At the very top of the hierarchy sits the ICANN (Internet Corporation for Assigned Names and Numbers) Root Zone. ICANN has the ultimate, unchecked authority to create Top-Level Domains (TLDs like .com, .org) and delegate them to registries.

The Failure Modes of ICANN

The centralization of DNS has led to severe consequences for the modern web:

• Political Censorship and Seizure: Because the root zone is centrally managed, state actors and corporations can compel ICANN or its delegated registries to instantly revoke, seize, or redirect domains without cryptographic due process.
• Monopolistic Rent Extraction: The legacy DNS system is a massive rent-extraction apparatus. Registries (like Verisign for .com) hold artificial monopolies over their TLDs. They charge arbitrary, recurring annual fees for the privilege of a database entry that costs fractions of a cent to maintain.
• The Artificial Economy of Registrars: Beneath the registries sit registrars (GoDaddy, Namecheap), creating an entire secondary industry built on upselling, domain parking, and predatory aftermarket speculation.

Legacy DNS is highly functional but fundamentally contradicts the ethos of a free, sovereign, and decentralized internet. It is a system of digital feudalism where developers lease land from a central sovereign.

2. The Blockchain Era: Capital-Gated Registries (2017 - Present)

With the advent of blockchains and smart contracts, engineers attempted to build decentralized alternatives. Legacy blockchain-based naming systems sought to achieve all three legs of Zooko’s Triangle by placing the registry on a decentralized, immutable ledger.

However, moving a registry to a permissionless environment immediately invites the Sybil Attack.

In a permissionless network, the cost of generating a network request is effectively zero. Therefore, if the namespace lacks a gating friction mechanism, a solitary malicious actor can instantaneously execute a script to claim every single word in the English dictionary.

To prevent this “mass-dictionary squatting,” decentralized protocols instituted a gating function: Financial Capital.

The Flaw of Capital-Gated Names

These systems enforce recurring, annual monetary fees based on string length. While financially gating the namespace solves the Sybil problem (it is too expensive to register every word), it introduces severe economic downstream effects:

1. Digital Landlordism: A capital-gated registry inherently favors entities with the deepest financial liquidity. Wealthy speculators can afford the carry costs to hoard premium, short-character names. They sit on these names, extracting rent from legitimate developers or organizations who actually intend to build on them. This recreates the exact rent-seeking dynamics of Web2, simply replacing centralized registries with decentralized whales.
2. Developer Pricing-Out: For a protocol meant to serve as a foundational network primitive (e.g., exposing a local port or routing a decentralized app), an annual monetary fee creates a continuous liability. Peer-to-peer network routing should not require a perpetual subscription fee.
3. The Valuation Paradox: In a capital-gated system built on top of volatile cryptocurrencies, a name’s security and accessibility are tied to market speculation. If the underlying token’s fiat value spikes during a bull market, the cost to register or renew a domain becomes completely inaccessible to users in developing nations, actively stalling network adoption.

Capital-gated registries did not solve digital landlordism; they merely democratized the ability to be the landlord.

3. The Identity Era: The Proof of Personhood Bottleneck

To eliminate capital requirements and make naming systems truly free, alternative protocols attempted to define the friction mechanism as physical human uniqueness.

These Proof of Personhood (PoP) systems ensure that one human maps to exactly one digital identity, effectively hard-capping a user to a single name. While mathematically elegant for Sybil resistance (an attacker cannot spoof a million physical bodies), PoP introduces severe sociotechnical bottlenecks:

1. Extreme Onboarding Friction: To verify physical uniqueness, these protocols require synchronous video verification parties, specialized hardware (iris scanning or biometrics), or global cryptographic puzzle ceremonies. This destroys the developer experience. A developer cannot instantly spin up an ephemeral tunnel domain at 2:00 AM if they must wait for a scheduled validation epoch or scan their retina.
2. Trust Anchors and Privacy Decay: Extracting unique identity, even via advanced zero-knowledge proofs (zkTLS or NFC passports), almost always shackles the decentralized system to high-friction Web2 institutions or government-issued physical credentials, sacrificing pseudonymity.
3. The Multiple-Alias Reality: Developers legitimately need multiple handles for different environments (e.g., staging servers, personal blogs, anonymous routing, burner domains). Forcing a strict 1:1 mapping between a human body and a network handle is an artificial constraint that profoundly misunderstands how internet infrastructure is naturally deployed.

4. The Impasse and The Kinetic Solution

We are left with an architectural impasse. A truly decentralized namespace cannot survive without friction, but:

• Defining friction as central authority leads to censorship.
• Defining friction as money leads to digital landlordism.
• Defining friction as identity leads to extreme onboarding bottlenecks.

The Kinetic Protocol abandons all three. By defining friction strictly as un-parallelizable time and sequential computation, Kinetic returns to the purest form of permissionless security.

The Philosophy of Proof-of-Patience

Kinetic enforces an economic reality where mass-scale automated squatting becomes computationally and energetically ruinous, while remaining completely friction-free and zero-cost for a legitimate, solitary developer.

This is achieved through a three-tier lifecycle:

1. Verifiable Delay Functions (VDFs): Mathematical puzzles that take a specific, sequential amount of time to solve. They cannot be parallelized. A billionaire with 10,000 ASICs cannot solve a single VDF faster than a hobbyist on a laptop.
2. Dynamic Scaling: Shorter names require exponentially larger VDFs. A 1-character name takes weeks to grind; a 6-character name takes seconds. This physically limits the rate at which premium namespace can be consumed.
3. The Hybrid Lease: Ownership is maintained not by paying rent, but by keeping a node alive. A low-overhead background “Heartbeat” (a cryptographic signature over the current time) proves the name is actively being used. If the heartbeat flatlines, the name isn’t instantly lost, but enters a Grace-Period Escalation where attackers must burn massive computation to steal it.

Through these mechanics, Kinetic establishes a self-cleaning, purely mathematical namespace. There is no ICANN. There are no renewal fees. There are no biometric scans. There is only math, time, and the decentralized Kademlia swarm.

Welcome to the Kinetic Protocol.

Chapter 2: The Mathematical Engine - VDFs, Ed25519, and Drand

The Kinetic Protocol is, at its core, a system of applied cryptography. Unlike traditional Web2 registries that rely on trusted databases, or Web3 registries that rely on global blockchain ledgers, Kinetic relies exclusively on deterministic mathematical proofs evaluated by the local client.

This chapter dissects the three primary cryptographic engines that power the protocol:

1. Verifiable Delay Functions (VDFs): The mechanism for un-parallelizable computational friction.
2. Ed25519 Signatures: The mechanism for unforgeable identity and ownership.
3. The Drand Beacon: The mechanism for unpredictable, clockless global consensus.

Together, these three components construct a cryptographic sequence that perfectly neutralizes front-running sniper bots and massive parallel-hardware Sybil attacks.

1. Verifiable Delay Functions: The Mathematics of Patience

If the Kinetic Protocol relies on computational friction to prevent mass squatting, why not use standard Proof of Work (PoW) hashes, like Bitcoin’s SHA-256?

Standard Hashcash PoW is parallelizable. If a puzzle requires calculating 10 million hashes, an attacker with 10 million ASIC miners can solve the puzzle in a single hash cycle (fractions of a second). A hobbyist on a laptop might take days. Using standard PoW for a naming system would instantly hand the entire namespace to industrial mining farms.

To level the playing field, Kinetic requires a mathematical puzzle that is strictly sequential.

1.1 The Definition of a VDF

A Verifiable Delay Function (VDF) is a cryptographic function \(f: X \to Y\) that requires a prescribed number of sequential steps \(T\) to evaluate, but produces a unique output that can be verified almost instantly.

The critical property of a VDF is that adding more parallel processors does not speed up the computation. To compute step \(N\), you must first know the exact result of step \(N-1\). An attacker with a massive data center is mathematically forced to wait just as long as a user on a standard laptop (within a small margin of single-thread clock speed differences).

1.2 Repeated Squaring in Groups of Unknown Order

Kinetic utilizes the Chia VDF construction, which is based on repeated squaring in a finite abelian group of unknown order.

The user is challenged to compute an output \(y\) given a base element \(x\) and a time parameter \(T\) (the iterations):

\[ y = x^{2^T} \pmod N \]

To calculate \(y\), the prover must take \(x\), square it, take the result, square it again, and repeat this process exactly \(T\) times. Because they do not know the order of the group, there is no shortcut (such as calculating \(2^T \pmod{\phi(N)}\)). They are mathematically forced to walk the long path.

Alongside \(y\), the prover generates a concise cryptographic proof \(\pi\). While evaluating \(y\) requires \(O(T)\) operations, any network node can verify the tuple \((x, y, \pi)\) in \(O(\log T)\) or \(O(1)\) time.

1.3 Imaginary Quadratic Class Groups

In early VDF research, the modulus \(N\) was an RSA modulus (\(N = p \cdot q\)). However, an RSA modulus requires a “Trusted Setup.” Someone must generate the prime numbers \(p\) and \(q\), multiply them, and then definitively destroy \(p\) and \(q\). If an attacker knows the prime factors, they know the order of the group and can bypass the VDF instantly.

To achieve complete mathematical purity without a trusted setup, Kinetic (via the Chia VDF engine) substitutes the RSA group with an Imaginary Quadratic Class Group. The mathematics of class groups are profoundly complex, dealing with binary quadratic forms \(ax^2 + bxy + cy^2\), but they offer a critical property: the group order is inherently unknown, and calculating it is computationally infeasible. Thus, the VDF remains mathematically secure without requiring trust in any human coordinator.

2. Front-Running and The Sniper Bot Problem

In any public registry, you must announce the name you wish to register.

Imagine a naive decentralized registry. Alice wishes to register apple.kin. She signs a transaction saying “Register apple.kin” and broadcasts it to the P2P network. Eve, a malicious sniper bot, is listening to the network. Eve sees Alice’s request. Because the network is decentralized and has no strict ordering, Eve instantly creates her own transaction: “Register apple.kin,” signs it, and broadcasts it. If Eve has better network connectivity, her transaction might propagate faster and be accepted by the network before Alice’s.

Alice did the creative work of thinking of the name; Eve stole it using sheer network latency advantage.

To render sniper bots completely blind, Kinetic mandates a Sequential VDF Linking scheme, known as the Commit-Reveal Pipeline.

3. The Commit-Reveal Pipeline

To claim a name, a Kinetic user must complete a three-phase cryptographic lifecycle that mathematically proves they committed to the name before the network ever saw it in plaintext.

Phase 1: The Blind Commitment

Alice wants apple.kin. She does not announce this. Instead, she creates a cryptographic commitment.

First, she generates a high-entropy 32-byte salt \(s\). Next, she fetches the latest unpredictible randomness pulse from the Drand network (Let’s say pulse \(B_{t_1}\)). Finally, she hashes these values together with her Ed25519 public key and the target name:

\[ C = H(\text{“apple.kin.”} \parallel s \parallel B_{t_1} \parallel \text{PubKey}_{\text{Alice}}) \]

This hash \(C\) looks like complete gibberish to the network. It leaks zero information about the name “apple”.

Phase 2: The Sequential Grind

Alice takes the commitment \(C\) and feeds it directly into the VDF engine as the base element \(x\). She then computes the massive repeated squaring VDF for \(T\) iterations (where \(T\) is derived from the length of apple.kin.).

Because \(B_{t_1}\) was generated by the Drand network only seconds ago, Eve knows for an absolute fact that Alice could not have pre-computed this VDF. The computation must occur strictly after \(t_1\).

Phase 3: The Reveal

After the VDF finishes (perhaps taking hours or days), Alice broadcasts the complete Reveal tuple to the network:

\[ \mathcal{P} = {\text{“apple.kin.”}, s, B_{t_1}, T, \pi_{\text{VDF}}, \text{PubKey}_{\text{Alice}}, \text{Signature}} \]

When Eve sees this, she finally knows Alice wants apple.kin. But it is too late.

If Eve wants to steal it, she must create her own commitment \(C_{\text{Eve}}\) and compute the massive VDF for \(T\) iterations. By the time Eve finishes, Alice’s claim has been permanently embedded in the DHT for hours or days.

Because Alice’s public key was bound inside the original commitment hash \(C\), Eve cannot simply intercept Alice’s finished VDF proof and submit it wrapped in Eve’s signature. The mathematics physically bind the Proof of Patience to Alice’s specific identity.

4. The Drand Beacon: Clockless Consensus

How does a decentralized network agree on time without relying on centralized NTP servers or a global blockchain clock?

Kinetic uses Drand (Distributed Randomness Beacon). Drand is an independent, threshold-cryptography network run by a consortium of global organizations (including Cloudflare, Protocol Labs, and the University of Chile).

Every 30 seconds, the Drand network participates in a BLS threshold signature ceremony. They combine their partial signatures to produce a cryptographically verifiable, completely unpredictable 32-byte pulse of randomness.

Kinetic utilizes these pulses as unforgeable timestamps. When Alice includes \(B_{t_1}\) in her commitment, she proves to the entire Kinetic network that her VDF computation began after the 30-second window when \(B_{t_1}\) was released.

Because the Kademlia DHT nodes do not need to trust each other’s system clocks, they rely entirely on the Drand sequence number. Time, in the Kinetic protocol, is not measured in seconds; it is measured in Drand pulses and VDF iterations.

This creates a perfectly synchronized, highly hostile environment for attackers, secured entirely by the laws of cryptography.

Chapter 3: P2P Routing and The Immunological DHT

While the cryptography described in Chapter 2 establishes the rules of the Kinetic Protocol, the network layer is the physical battleground where those rules are enforced. Kinetic operates without a central server, blockchain, or master database. Instead, it utilizes a Distributed Hash Table (DHT) to route and store data across a fluid, constantly shifting swarm of peer-to-peer nodes.

This chapter details how Kinetic adapts the standard Kademlia routing algorithm into a hostile, mathematically rigorous “Immunological DHT” capable of defending itself against spam, Eclipse attacks, and Sybil swarms.

1. The Basics of Kademlia Routing

Kinetic’s networking stack is built on libp2p, specifically utilizing the Kademlia DHT protocol.

In a traditional client-server model, locating data is trivial: you ask the central server. In a completely decentralized network consisting of thousands of anonymous laptops and servers globally, finding the specific node that holds the IP address for apple.kin is a complex computer science problem.

Kademlia solves this by treating both nodes and data as points in a massive, mathematically uniform space (typically a 256-bit keyspace).

The XOR Distance Metric

When you start a Kinetic Daemon, it generates a unique cryptographic identity (a PeerId). When you register a name like apple.kin, that name is hashed into a 256-bit key (\(K = H(\text{“apple.kin”}) \)).

Kademlia routes data by calculating the “distance” between two keys using the exclusive OR (XOR) bitwise operation:

\[ \text{Distance}(A, B) = A \oplus B \]

This XOR metric is brilliant because it is perfectly symmetric (\(A \oplus B = B \oplus A\)), unidirectional, and satisfies the triangle inequality.

When your node wants to find the payload for apple.kin, it asks its closest known peers, “Do you know who is closer to \(K\)?” Those peers respond with nodes they know that are mathematically closer to \(K\). This process repeats iteratively. Because of the XOR topology, the search space halves with every hop. It guarantees that any node or piece of data in the network can be found in exactly \(O(\log N)\) network hops, regardless of how massive the network scales.

2. Why Standard Kademlia Fails for Naming Systems

Kademlia is a routing marvel, but it was designed as a “blind” bulletin board.

In standard Kademlia, if Node A sends a PUT request containing 2 kilobytes of arbitrary data to Node B, Node B simply stores it. Kademlia assumes a relatively friendly network.

If we deployed the Kinetic Protocol on standard Kademlia, it would instantly collapse. A single malicious attacker could open thousands of connections and spam millions of fake Reveal payloads filled with garbage data. The DHT nodes would blindly accept the data, instantly exhausting their hard drives and bandwidth, resulting in a catastrophic Denial of Service (DoS).

To survive in an adversarial environment, Kinetic implements an Immunological DHT.

3. The Immunological DHT: Competitive Gossip

Kinetic fundamentally alters Kademlia by decoupling data availability from state validation, moving consensus to the routing layer itself.

Inside kinetic-network, the standard libp2p Kademlia implementation is augmented with a highly customized KineticRecordStore. This store acts as a cryptographic firewall.

Active Mathematical Filtering

When a Kinetic node receives a PUT request for a domain, it does not blindly store it. Instead, before a single byte touches the disk or is propagated to other peers, the node executes the following deterministic validation loop:

1. Format Validation: Does the payload correctly deserialize into a Reveal or Heartbeat struct?
2. Signature Verification: Is the Ed25519 signature valid against the embedded public key?
3. VDF Mathematical Proof: Does the Chia VDF proof cleanly verify the commitment hash and the required number of iterations?

If the payload fails any of these checks, the node instantly rejects the record.

This mechanism is called Competitive Gossip. The network acts as an active immune system. Cryptographically invalid data is destroyed upon contact. An attacker cannot flood the network with fake domain claims because honest nodes refuse to store them and refuse to gossip them to their neighbors. Only mathematically pristine data consumes storage space.

Lightweight Hashcash Proof-of-Connection

What if an attacker tries to execute a CPU exhaustion attack by sending millions of mathematically invalid VDFs to a single honest node, forcing the node to constantly verify (and reject) them?

While VDF verification is extremely fast (\(O(\log T)\)), it still requires CPU cycles. To mitigate this, Kinetic nodes implement a lightweight Hashcash PoW at the connection layer.

When a peer connects, they are required to solve a trivial, 50-millisecond Hashcash puzzle before they are allowed to submit DHT requests. If a peer submits a mathematically invalid VDF, their “reputation” drops. If they submit multiple invalid VDFs, the honest node drops the TCP connection entirely and bans their IP address. To reconnect and resume the attack, the attacker must pay the Hashcash PoW again.

This makes sustained CPU exhaustion attacks economically irrational, as the attacker burns vastly more compute power generating the connections than the honest node burns verifying the VDFs.

4. Redundant Deterministic Storage (Mitigating Eclipse Attacks)

The final, most critical vulnerability in any DHT is the Eclipse Attack.

In standard Kademlia, data is stored at a single specific key \(K = H(\text{“apple.kin”})\). If an adversary wants to censor apple.kin, they can generate thousands of Sybil nodes with PeerIds mathematically adjacent to \(K\). Eventually, the attacker’s malicious nodes become the authoritative storage peers for \(K\).

When an honest user queries apple.kin, their request routes directly to the attacker’s nodes. The attacker simply replies “Record Not Found” or serves an outdated payload. The honest payload is effectively “eclipsed” from the network.

Because Kinetic client-side validation can only verify data it receives, the client has no way to know the true payload was censored.

Multi-Key Scattering

To definitively neutralize Eclipse attacks without resorting to centralized servers, Kinetic utilizes Redundant Deterministic Storage.

Instead of storing the payload at a single key \(K\), the registrant’s daemon mathematically scatters the exact same signed payload across \(M\) independent, uncorrelated locations in the DHT.

The keys are derived using a domain-separated cryptographic hash: \[ K_i = H(\text{“apple.kin”} \parallel i \parallel \text{“kinetic-dht”}), \quad \text{for } i \in {0, 1, \dots, M-1} \]

Because the hash function acts as a random oracle, \(K_0\), \(K_1\), and \(K_2\) are located in completely different, uniformly random sectors of the global Kademlia keyspace.

When an honest user wants to resolve apple.kin, their client fires off \(M\) parallel Kademlia GET queries to all locations simultaneously. It then takes the union of all returned payloads, validates their VDFs, and selects the genuine record.

The Probabilistic Impossibility of Eclipsing

Why is this so powerful?

Let’s assume a highly capable attacker controls an astounding 20% (\(f = 0.2\)) of all nodes in the global Kinetic network. The probability of the attacker successfully clustering enough Sybil nodes to eclipse a single key is roughly equal to \(f\).

If Kinetic uses \(M = 5\) redundant keys, the keys are mathematically independent. The probability that the attacker successfully eclipses all 5 keys simultaneously is:

\[ P(\text{total eclipse}) = f^M = (0.2)^5 = 0.00032 \text{ (or 0.03%)} \]

If the client increases \(M\) to 10:

\[ P(\text{total eclipse}) = (0.2)^{10} = 0.0000001024 \text{ (or 0.00001%)} \]

By simply duplicating a 2-kilobyte payload across a few independent keys, the probability of an Eclipse attack drops from a distinct threat to a statistical impossibility. The marginal bandwidth overhead for the user is practically zero, but the censorship resistance is multiplied exponentially.

Through Competitive Gossip, Hashcash PoW, and Redundant Deterministic Storage, Kinetic transforms the naive Kademlia DHT into an impenetrable fortress of data availability.

Chapter 4: Heartbeats and Dead-State Neutralization

The central dilemma of any free, permissionless registry is Dead State.

If a registry costs nothing, what prevents early adopters from registering thousands of premium names, shutting down their computers, and leaving those names permanently locked and unusable for the next generation of internet users?

Capital-gated registries solve this through recurring financial renewal fees. If you stop paying rent, the registry evicts you, and the name returns to the open market.

Because the Kinetic Protocol is fundamentally zero-cost, it must employ a different eviction mechanism. It replaces monetary rent with localized, ongoing computational life support: The Hybrid Lease System.

1. The PoW Heartbeat: Active Territory Defense

In Kinetic, ownership is not a static database entry; it is an active state of defense. To maintain control over a name, the owner’s kinetic-daemon must periodically prove to the network that it is alive, interested, and capable of participating in consensus.

This is achieved via a cryptographic signature heartbeat.

A Heartbeat is an incredibly lightweight cryptographic struct, generated and broadcast by the owner’s daemon every 60 seconds.

\[ \text{Heartbeat} = \text{Sign}{\text{Ed25519}} ( \text{Name} \parallel \text{drand_pulse}{t} ) \]

The daemon automatically queries the external Drand beacon for the latest entropy pulse, binds it to the domain name, and signs it with the exact same Ed25519 private key that was used during the initial VDF Reveal.

The Sled Storage Background Loop

The user does not manually trigger these heartbeats. The kinetic-daemon natively utilizes sled, an embedded, high-performance database written in Rust.

When a user registers apple.kin, the Reveal struct and the corresponding Ed25519 keypair are immediately persisted to the local Sled storage engine.

Upon startup, the daemon spawns an asynchronous tokio background task. This task loops infinitely:

1. Load all registered names from Sled.
2. Fetch the latest Drand pulse.
3. Construct and sign a Heartbeat for every name.
4. Issue a Kademlia PUT command, scattering the Heartbeats across the DHT (utilizing the Redundant Deterministic Storage mechanisms discussed in Chapter 3).
5. Sleep for 60 seconds.

This process requires a fraction of a megabyte of RAM and almost zero CPU usage. It runs silently, passively defending the user’s namespace territory.

2. Grace-Period Escalation: The Mechanics of a Hostile Takeover

What happens when the owner goes offline? Perhaps they closed their laptop, lost internet access, or intentionally abandoned the name.

If a heartbeat flatlines, the Kademlia DHT eventually drops the old records. Does the name instantly vanish? Can a sniper bot instantly register apple.kin the second the laptop goes to sleep?

Absolutely not. Kinetic implements Grace-Period Escalation.

An abandoned name does not immediately become “free”. Instead, an attacker wishing to steal the name must compute an exponentially harder Verifiable Delay Function (VDF) based on exactly how long the name has been idle.

The Mathematics of Stealing

Let \(\Delta t\) be the idle time (the time elapsed since the last valid Heartbeat was seen on the DHT). Let \(T_{\text{max}}\) be the maximum possible VDF penalty (e.g., millions of iterations, requiring weeks of computation). Let \(\beta\) be the exponential decay constant.

The number of iterations required to steal a name is formalized as:

\[ T_{\text{steal}}(\Delta t) = T_{\text{max}} \cdot e^{-\beta \cdot \Delta t} \]

• Day 1 of Offline Time: The required VDF is astronomical. It would take an attacker three months of continuous, un-parallelizable ASIC computation to steal the name.
• Day 30 of Offline Time: The exponential decay curve lowers the difficulty. It might now take the attacker three weeks of computation.
• Day 365 of Offline Time: The name is functionally dead. The VDF penalty decays to a negligible amount, and the name can be registered as if it were brand new.

Initiating the Challenge

To steal a name without a centralized clock, the attacker must mathematically prove to the Kademlia swarm exactly how long the name has been dead.

1. The attacker queries the DHT and retrieves the last known valid Heartbeat for apple.kin. (This heartbeat contains a specific Drand pulse number, definitively marking its exact creation time).
2. The attacker calculates the elapsed Drand rounds \(\Delta t\).
3. The attacker’s local kinetic-cli calculates the required penalty iterations \(T_{\text{steal}}(\Delta t)\).
4. The attacker grinds the massive VDF.
5. The attacker broadcasts a new Reveal struct, embedding the original owner’s last Heartbeat to prove the \(\Delta t\) variable.

The Kademlia Record Store Enforcement

When the DHT nodes receive this hostile Reveal, the KineticRecordStore executes the following logic:

1. Verify the attacker’s VDF.
2. Inspect the embedded “Last Known Heartbeat” the attacker provided.
3. Check the node’s own local cache: Does the node have a newer Heartbeat for apple.kin?

If the honest node possesses a Heartbeat newer than the one the attacker claims is the “last”, the attacker’s entire computation is instantly invalidated. The attacker is flagged for attempting a fraudulent takeover, and their connection is dropped.

This means an attacker cannot simply ignore recent heartbeats to artificially shorten \(\Delta t\). They must be mathematically honest about the exact time of death.

3. The Challenge Window: Effortless Reclaiming

Let us assume the attacker is honest. The laptop has been closed for 30 days. The attacker spends three grueling weeks grinding a massive VDF penalty to steal apple.kin.

The attacker finally finishes the VDF and broadcasts the hostile Reveal.

Does the attacker instantly get the name? No. This merely opens the Challenge Window.

For the next 7 days, the network suspends the name in a contested state. The Kademlia DHT stores both the original owner’s identity and the attacker’s pending claim.

If the original owner turns their laptop back on at any point during those 7 days, the kinetic-daemon instantly wakes up, fetches the latest Drand pulse, and broadcasts a standard 60-second Heartbeat.

When the DHT nodes see this fresh, perfectly valid Heartbeat signed by the original owner, they immediately erase the attacker’s hostile claim.

The attacker burned three weeks of intense, maximum-load CPU computation. The original owner invalidated it effortlessly with a 50-millisecond background heartbeat.

This profound asymmetry is the core of Kinetic’s deterrence. Stealing a name is mathematically grueling, economically irrational, and completely uncertain, while maintaining a name is effortless and guaranteed.

Through Heartbeats and Grace-Period Escalation, Kinetic perfectly balances fluid namespace recycling with impenetrable ownership rights.

Chapter 5: The Zero-Dollar Gateway (Split-DNS Routing)

The cryptography and peer-to-peer networking discussed in previous chapters guarantee that the Kinetic Protocol is secure, decentralized, and mathematically robust. However, cryptographic purity is useless if it exists in a vacuum. To function as a practical public good, Kinetic cannot remain an isolated academic experiment; it must seamlessly integrate with the existing, legacy web browser ecosystem.

The primary engineering challenge of deploying a sovereign namespace is bypassing the legacy Domain Name System (DNS).

ICANN (The Internet Corporation for Assigned Names and Numbers) controls the global Root Zone. If you type google.com into your browser, your computer ultimately traverses a hierarchy of ICANN-approved servers to find the IP address. ICANN does not recognize .kin. If a browser asks an ICANN root server for apple.kin, the request will instantly fail with an NXDOMAIN (Non-Existent Domain) error.

To achieve native .kin resolution without relying on centralized TLD authorities, and without breaking standard Web2 traffic, Kinetic utilizes a Split-DNS loopback architecture.

1. The Concept of Split-DNS

In enterprise networking, a “Split-DNS” setup is commonly used to resolve internal corporate domains (like intranet.corp) differently than public internet domains. The local DNS resolver intercepts queries and routes them based on their suffix.

Kinetic weaponizes this concept to establish a completely sovereign namespace directly on the user’s laptop.

When a user installs the Kinetic client, the installer deploys the kinetic-daemon to run continuously in the background as a system service (e.g., via systemd on Linux). One of the primary jobs of the daemon is to bind to the operating system’s local loopback interface on the standard DNS port: 127.0.0.1:53.

The OS networking stack is automatically updated (e.g., modifying /etc/resolv.conf) to prioritize this local proxy for all outgoing DNS queries.

Every single time your browser wants to load a webpage, the request hits the kinetic-daemon first.

2. The Deterministic Traffic Router

Inside the daemon, the kinetic-dns crate leverages hickory-dns (formerly trust-dns), a fast, memory-safe, asynchronous DNS server framework written in Rust.

The daemon acts as a high-speed, deterministic traffic router, enforcing a strict Split-DNS policy:

Scenario A: Standard Traffic (Pass-Through)

If a local application requests a legacy TLD (e.g., github.com or wikipedia.org), the kinetic-dns handler immediately recognizes that it does not end in .kin.

It instantly forwards the query over standard UDP/TCP to the user’s default upstream resolver (such as Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8). This incurs practically zero latency overhead for normal internet use. The user experiences the legacy web exactly as they always have.

Scenario B: Sovereign Traffic (Interception)

If the application requests a protocol-specific TLD (e.g., apple.kin), the daemon intercepts the request.

It actively blocks the request from leaking to the upstream ISP or the global ICANN Root Zone. Instead, it initiates the decentralized resolution pipeline:

1. Extraction: The DNS handler extracts the target string (apple.kin.).
2. Kademlia Query: The DNS handler triggers an asynchronous GetRecord Kademlia query down to the kinetic-network layer.
3. Decentralized Search: The DHT swarm routing (XOR distance) locates the Redundant Deterministic Storage nodes holding the payload for apple.kin..
4. Validation: As the payloads return, the local daemon strictly verifies the Ed25519 signatures and Chia VDF proofs to ensure the data has not been tampered with or eclipsed.
5. Synthesis: The handler unpacks the verified payload (e.g., 192.168.1.100) and synthesizes a perfectly standard DNS A (IPv4) or AAAA (IPv6) response record.
6. Delivery: The synthesized record is returned to the local OS, and the browser effortlessly connects to the decentralized application.

Because the browser speaks standard DNS and the kinetic-dns proxy speaks standard DNS, the browser has absolutely no idea that it just resolved a domain via a hostile, mathematically-secured Kademlia swarm. The integration is seamless.

graph LR
    subgraph User OS
        App[Chrome / Firefox]
        Daemon((Kinetic Daemon<br/>127.0.0.1:53))
        App -->|DNS Query| Daemon
    end

    subgraph Router [Split-DNS Router kinetic-dns]
        Daemon -->|Ends in .kin| Kin{Intercept}
        Daemon -->|Other TLDs| Pass{Pass-Through}
    end

    subgraph External Networks
        Kin -->|VDF/DHT Math| DHT[(Kademlia DHT)]
        Pass -->|Standard UDP/TCP| Upstream[Upstream Resolver<br/>1.1.1.1 / 8.8.8.8]
        Upstream --> ICANN((ICANN Root Zone))
    end
    
    style Daemon fill:#005A9C,stroke:#000,stroke-width:2px,color:#fff
    style Kin fill:#9400D3,stroke:#000,stroke-width:2px,color:#fff
    style Pass fill:#228B22,stroke:#000,stroke-width:2px,color:#fff

3. The Security Implications of Local Resolution

Why is it so crucial that the daemon runs locally on 127.0.0.1, rather than having a public, global Kinetic resolver (like dns.kinetic.network)?

Consensus is a deterministic calculation run by your own machine.

If you rely on a centralized gateway (even one provided by the Kinetic developers) to resolve .kin domains for you, you are implicitly trusting that gateway’s VDF verification logic. A centralized gateway could be hacked, coerced by a state actor, or bribed to return false IP addresses for political domains.

By running the kinetic-daemon on 127.0.0.1:

• Zero Trust: Your laptop personally verifies every single VDF proof and Ed25519 signature. You trust absolutely no one but the mathematics executing on your local silicon.
• Censorship Immunity: An ISP or authoritarian firewall cannot block your access to .kin domains because the resolution happens internally via encrypted Kademlia peer-to-peer traffic, completely bypassing the ISP’s DNS monitors.
• Decentralized Verification: Because every user verifies the math themselves, the network organically achieves global consensus without requiring a centralized blockchain ledger.

The Split-DNS loopback architecture is what transforms Kinetic from a theoretical cryptographic puzzle into a resilient, un-censorable public utility.

Chapter 6: Exhaustive Code Walkthrough (kinetic-core & kinetic-vdf)

The theoretical models outlined in the previous chapters are strictly enforced by the Rust code within the Kinetic workspace. In this chapter, we begin an exhaustive, module-by-module breakdown of the system, starting with the two foundational crates: kinetic-core and kinetic-vdf.

1. The Mathematical Definitions: kinetic-core

The kinetic-core crate acts as the shared dictionary for the entire workspace. It contains the exact structural definitions that must be serialized, signed, and validated by every peer in the network.

1.1 The Reveal Struct

Located in kinetic-core/src/types.rs, the Reveal struct is the payload generated after a successful VDF computation. It is the core object passed to the DHT.

#![allow(unused)]
fn main() {
use serde::{Deserialize, Serialize};

#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
pub struct VdfProof {
    pub proof_bytes: Vec<u8>,
}

#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
pub struct Reveal {
    pub name: String,
    pub payload: Vec<u8>,
    pub salt: [u8; 32],
    pub drand_pulse: u64,
    pub drand_randomness: String,
    pub iterations: u64,
    pub vdf_proof: VdfProof,
    pub pubkey: Vec<u8>,
    pub signature: Vec<u8>,
}
}

Line-by-Line Breakdown:

• #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]: We use the serde framework extensively. Because these structs traverse the network via Kademlia, they must be seamlessly serialized to and from binary (typically via JSON or Bincode depending on the exact network transport layer).
• pub name: String: The requested domain, strictly normalized to a Fully Qualified Domain Name (FQDN) ending in .kin. (e.g., apple.kin.).
• pub payload: Vec<u8>: The actual routing target. For Phase 1 of Kinetic, this is a UTF-8 encoded string representing an IP address (e.g., 192.168.1.100). In the future, this can hold an IPFS CID or an Onion address.
• pub salt: [u8; 32]: A 32-byte high-entropy array. This ensures that if two users attempt to register the exact same name at the exact same time, their commitment hashes are completely distinct, preventing one from copying the other’s VDF.
• pub drand_pulse & pub drand_randomness: The exact round number and corresponding entropy fetched from the external Drand beacon. This forms the absolute timestamp of the commitment.
• pub iterations: u64: The exact number of VDF iterations (Repeated Squarings) the user claims to have computed. The network nodes will verify if this number matches the length-based minimum requirement.
• pub vdf_proof: VdfProof: A wrapper around the raw bytes returned by the Chia VDF engine. This concise proof allows honest nodes to instantly verify the computation in \(O(\log T)\) time.
• pub pubkey: Vec<u8>: The 32-byte Ed25519 public key of the registrant.
• pub signature: Vec<u8>: The 64-byte Ed25519 signature. Crucially, the signature is calculated over a strictly serialized byte array of all preceding fields, ensuring that an attacker cannot alter the IP payload without invalidating the signature.

1.2 The Heartbeat Struct

Also located in kinetic-core/src/types.rs, the Heartbeat is the lightweight payload used to continuously defend a domain against the Grace-Period Escalation Protocol.

#![allow(unused)]
fn main() {
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
pub struct Heartbeat {
    pub name: String,
    pub drand_pulse: u64,
    pub pubkey: Vec<u8>,
    pub signature: Vec<u8>,
}
}

• drand_pulse: u64: The heartbeat’s proof of current time. When the kinetic-daemon background loop wakes up every 60 seconds, it fetches the current pulse. Because Drand pulses are unpredictable, an attacker cannot pre-generate future heartbeats.
• signature: Vec<u8>: The signature proves that the person submitting the heartbeat genuinely possesses the original pubkey used in the initial Reveal.

1.3 The Dynamic Difficulty Engine

Inside kinetic-core/src/types.rs, the calculate_required_iterations function is the mathematical enforcer of the dictionary squatter penalty.

#![allow(unused)]
fn main() {
pub fn calculate_required_iterations(name: &str) -> u64 {
    // Strip the trailing ".kin." for accurate length calculation
    let base_name = name.trim_end_matches(".kin.");
    let len = base_name.len();

    let base_iterations: u64 = 10_000_000;
    
    // Exponential scale down: base_iterations / (2 ^ length)
    // Ensures very short names (1-2 chars) are prohibitively difficult
    // while longer names (5+ chars) are easy.
    if len <= 1 {
        base_iterations / 2
    } else if len >= 20 {
        // Floor for very long names
        base_iterations / (1 << 20) 
    } else {
        base_iterations / (1 << len)
    }
}
}

This simple, deterministic function is identical across every node. If a user registers a 1-character name (a.kin.) and submits a Reveal with \(T = 100,000\) iterations, the honest DHT nodes will run this function, see that 5,000,000 iterations were required, and instantly drop the hostile payload.

2. The FFI Boundary: kinetic-vdf

The kinetic-vdf crate is perhaps the most computationally intense part of the workspace. It serves as a bridge between the memory-safe Rust architecture and the official chiavdf C++ engine.

2.1 The Trait Abstraction

To allow for potential future implementations (such as a pure-Rust VDF or an ASIC-accelerated VDF wrapper), the core logic is abstracted behind the VdfEngine trait in kinetic-core/src/traits.rs.

#![allow(unused)]
fn main() {
pub trait VdfEngine {
    fn evaluate(&self, challenge: &Commitment, iterations: u64) -> Result<VdfProof, String>;
    fn verify(&self, challenge: &Commitment, iterations: u64, proof: &VdfProof) -> bool;
}
}

2.2 The Chia C++ Bindings

Inside kinetic-vdf/src/lib.rs, the ChiaVdfEngine implements this trait using Rust’s Foreign Function Interface (FFI).

#![allow(unused)]
fn main() {
pub struct ChiaVdfEngine;

impl VdfEngine for ChiaVdfEngine {
    fn evaluate(&self, challenge: &Commitment, iterations: u64) -> Result<VdfProof, String> {
        let discriminant_size_bits = 1024;
        let mut proof_bytes = Vec::new();
        
        // This makes an FFI call down to the linked C++ chiavdf library
        // prove_vdf() utilizes imaginary quadratic class groups of unknown order
        let success = chiavdf::prove_vdf(
            &challenge.hash,
            discriminant_size_bits,
            iterations,
            &mut proof_bytes,
        );

        if success {
            Ok(VdfProof { proof_bytes })
        } else {
            Err("Chia VDF proof generation failed".to_string())
        }
    }

    fn verify(&self, challenge: &Commitment, iterations: u64, proof: &VdfProof) -> bool {
        let discriminant_size_bits = 1024;
        
        // The verify call executes in O(log T) or O(1) time
        chiavdf::verify_vdf(
            &challenge.hash,
            discriminant_size_bits,
            iterations,
            &proof.proof_bytes,
        )
    }
}
}

Line-by-Line Breakdown:

• let discriminant_size_bits = 1024;: The discriminant specifies the mathematical size of the Imaginary Quadratic Class Group. A 1024-bit discriminant offers a robust security margin against classical factorization attacks (equivalent to approximately RSA-3072).
• chiavdf::prove_vdf: This is a blocking call. When kinetic-cli invokes this, the thread is completely hijacked by the C++ engine. The CPU will max out a single core, aggressively executing the \(x^{2^T}\) repeated squarings. Because this operation cannot be parallelized, giving it multiple threads does not speed it up.
• chiavdf::verify_vdf: This is where the magic of the VDF lies. When a DHT node receives the proof, it calls this function. Even if iterations is 50,000,000 (representing weeks of work), verify_vdf returns true or false in a fraction of a millisecond.

This stark asymmetry between prove_vdf and verify_vdf is what makes the Immunological DHT possible. Nodes can relentlessly verify millions of proofs with virtually zero CPU overhead, while attackers must burn astronomical amounts of physical time to generate even a single valid proof.

Through kinetic-core and kinetic-vdf, the protocol defines an unbendable, mathematically strict rulebook that governs every interaction within the network.

Chapter 7: Exhaustive Code Walkthrough (kinetic-daemon & kinetic-cli)

While kinetic-core and kinetic-vdf define the strict mathematical laws of the protocol, the kinetic-daemon is the engine that actually executes them. It serves as the asynchronous orchestrator, seamlessly juggling local HTTP REST requests, continuous background Sled storage maintenance, Kademlia DHT gossiping, and DNS port interception.

In this chapter, we dissect the execution flow of both the Daemon and its counterpart, the user-facing CLI.

1. The Asynchronous Orchestrator: kinetic-daemon

The daemon is built entirely on the tokio asynchronous runtime. Because it must handle thousands of simultaneous Kademlia network events while simultaneously serving instantaneous local DNS queries, a thread-blocking architecture would instantly collapse under the load.

1.1 Initialization and The Storage Engine

When the kinetic-daemon binary is executed, it first initializes the local state.

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // 1. Initialize Sled Storage
    let storage_dir = "/tmp/kinetic_db";
    let storage = SledStorage::new(storage_dir)?;
    info!("Storage engine initialized at {}", storage_dir);

    // 2. Load or Create Daemon Identity
    let keypair = load_or_create_keypair()?;
    let local_pubkey = keypair.verifying_key().to_bytes();
    info!("Daemon identity loaded: {:?}", hex::encode(local_pubkey));

The daemon relies heavily on kinetic-storage (a wrapper around the sled crate). Sled is an embedded, high-performance database written entirely in Rust. It functions similarly to SQLite but is optimized for massive concurrent throughput.

Sled is absolutely critical because the daemon must remember which domains it owns even if the server is rebooted. Without persistent storage, a daemon reboot would halt the background Heartbeats, eventually subjecting the user’s domains to the Grace-Period Escalation takeover.

1.2 Spawning the Background Heartbeat Loop

Once the basic architecture is wired (the P2P swarm and the REST API), the daemon spawns its primary defense mechanism: the continuous Heartbeat loop.

#![allow(unused)]
fn main() {
    // Extract the network client clone to send commands to the DHT thread
    let network_client = network_client.clone();
    let storage_clone = storage.clone();

    tokio::spawn(async move {
        let mut interval = tokio::time::interval(Duration::from_secs(60));
        let reqwest_client = reqwest::Client::new();

        loop {
            interval.tick().await;

            // 1. Fetch latest Drand Pulse
            let drand_data = fetch_drand(&reqwest_client).await;
            let current_pulse = drand_data.round;

            // 2. Load all active domains from Sled
            let active_domains = storage_clone.get_all_active_domains().unwrap_or_default();
            
            for domain in active_domains {
                // 3. Construct the Heartbeat struct
                let mut heartbeat = Heartbeat {
                    name: domain.clone(),
                    drand_pulse: current_pulse,
                    pubkey: local_pubkey.clone(),
                    signature: vec![],
                };

                // 4. Sign and Broadcast
                let signable = heartbeat.signable_bytes();
                heartbeat.signature = keypair.sign(&signable).to_bytes().to_vec();
                
                let _ = network_client.publish_heartbeat(domain.clone(), heartbeat).await;
            }
        }
    });
}

Line-by-Line Breakdown:

• tokio::spawn(async move { ... }): This spawns a detached asynchronous task. It runs completely independently of the main thread, the DNS proxy, and the Kademlia event loop.
• interval.tick().await: This enforces the 60-second execution cycle. Unlike std::thread::sleep, tick().await yields control back to the tokio scheduler, ensuring 0% CPU usage while waiting.
• fetch_drand(&reqwest_client): The daemon passively monitors the Drand network via standard HTTPS requests.
• publish_heartbeat(...): The constructed, signed Heartbeat is sent across an mpsc (Multi-Producer, Single-Consumer) channel to the kinetic-network thread, instructing it to initiate a Kademlia PUT operation to the broader DHT swarm.

1.3 The Local REST API

To allow the user’s CLI tools to communicate with the headless daemon, kinetic-daemon binds an axum HTTP server to 127.0.0.1:16001.

#![allow(unused)]
fn main() {
async fn publish_reveal(
    State(state): State<AppState>,
    Json(req): Json<PublishRequest>,
) -> impl IntoResponse {
    let mut reveal = req.reveal;
    
    // Normalize to FQDN (Fully Qualified Domain Name)
    if !reveal.name.ends_with(".kin.") {
        reveal.name = format!("{}.", reveal.name);
    }

    // Persist to Sled for automatic Heartbeats
    let _ = state.storage.save_active_domain(&reveal.name);

    // Send to DHT
    match state.network_client.publish_name(reveal.name.clone(), reveal).await {
        Ok(_) => StatusCode::OK,
        Err(_) => StatusCode::INTERNAL_SERVER_ERROR,
    }
}
}

When a user registers a name using the CLI, the CLI executes the massive VDF computation and POSTs the final Reveal struct to this endpoint. The daemon saves the name to its local Sled DB (ensuring the tokio Heartbeat loop picks it up on the next cycle) and forwards the Reveal to the DHT.

2. The User Interface: kinetic-cli

If the Daemon is the async orchestrator, the CLI is the brute-force execution tool. Unlike the daemon, the CLI is highly synchronous and blocking, designed to run once, execute a massive computation, and exit.

When a user executes cargo run -- register apple.kin 192.168.1.100, the Commands::Register block takes over.

2.1 Initiating the Registration Pipeline

#![allow(unused)]
fn main() {
        Commands::Register { name, ip, iterations } => {
            // 1. Normalize to FQDN immediately so the signature matches the daemon
            let fqdn = if !name.ends_with(".kin.") {
                format!("{}.kin.", name.trim_end_matches(".kin"))
            } else {
                name.clone()
            };

            // 2. Fetch latest Drand beacon
            let drand_data = fetch_drand().await?;

            // 3. Construct Commitment
            let salt = [0u8; 32]; // For simplicity in v1
            let challenge_bytes = hex::decode(&drand_data.randomness).unwrap();
            let keypair = load_or_create_keypair()?;
            let pubkey = keypair.verifying_key().to_bytes();
            
            let mut hasher = sha2::Sha256::new();
            hasher.update(fqdn.as_bytes());
            hasher.update(&salt);
            hasher.update(&challenge_bytes);
            hasher.update(&pubkey);
            let mut hash = [0u8; 32];
            hash.copy_from_slice(&hasher.finalize());
}

The CLI constructs the blind commitment hash precisely matching the mathematical parameters expected by the network’s verify functions.

2.2 The VDF Grind

Once the commitment is constructed, the CLI invokes the kinetic-vdf engine.

#![allow(unused)]
fn main() {
            let required_iterations = calculate_required_iterations(&fqdn);
            let actual_iterations = std::cmp::max(iterations, required_iterations);

            info!("Initializing Chia VDF Engine. Generating cryptographic proof...");
            
            // This is a strictly blocking call. The thread will lock here.
            let proof = vdf_engine.evaluate(&Commitment { hash }, actual_iterations)?;
            
            info!("VDF Proof successfully generated!");
}

This is the most critical chokepoint in the entire protocol. vdf_engine.evaluate is a blocking FFI call to the C++ Chia engine.

Depending on the length of fqdn and the resultant actual_iterations, the CLI will sit on this line of code for seconds, hours, or weeks. The CPU core assigned to this process will pin to 100% utilization, relentlessly executing the \(x^{2^T}\) repeated squarings.

Because the CLI is a separate binary from the daemon, this intense, single-threaded CPU block does not impact the daemon’s ability to maintain background heartbeats or serve DNS loopback traffic.

2.3 The Signature and Handoff

Once the VDF finally yields the proof bytes, the CLI packages the Reveal.

#![allow(unused)]
fn main() {
            let mut reveal = Reveal {
                name: fqdn.clone(),
                payload: ip.as_bytes().to_vec(),
                salt,
                drand_pulse: drand_data.round,
                drand_randomness: drand_data.randomness.clone(),
                iterations: actual_iterations,
                vdf_proof: VdfProof { proof_bytes: proof.proof_bytes },
                pubkey: pubkey.to_vec(),
                signature: vec![],
            };
            
            // Generate the strictly serialized Ed25519 signature
            let signable = reveal.signable_bytes();
            reveal.signature = keypair.sign(&signable).to_bytes().to_vec();
            
            // Post to Daemon
            let req_body = json!({ "reveal": reveal });
            client.post("http://127.0.0.1:16001/publish")
                .json(&req_body)
                .send()
                .await;
}

The CLI calculates the Ed25519 signature over the exact byte array of the payload, finalizing the cryptographic tuple. It hands it off to the local REST API, and exits cleanly. The daemon takes over, persisting the name to Sled and throwing the payload into the hostile arena of the Kademlia DHT.

Chapter 8: Exhaustive Code Walkthrough (kinetic-network & kinetic-dns)

If kinetic-core defines the rules and kinetic-daemon orchestrates the loops, then kinetic-network and kinetic-dns are the physical gateways. They represent the precise boundary layers where the untrusted outside world collides with the strictly enforced mathematical reality of the local client.

In this chapter, we explore the exact Rust code that filters P2P Kademlia gossip and synthesizes local OS DNS responses.

1. The Immunological Filter: kinetic-network

The kinetic-network crate utilizes libp2p-kad to participate in the global DHT swarm. However, as discussed in Chapter 3, standard Kademlia is entirely “blind.” To enforce Competitive Gossip, Kinetic provides a highly hostile custom implementation of the RecordStore trait.

1.1 The KineticRecordStore Implementation

Located in kinetic-network/src/store.rs, the KineticRecordStore intercepts every single piece of data a remote peer attempts to store on the local node.

#![allow(unused)]
fn main() {
use libp2p::kad::store::{RecordStore, Result};
use libp2p::kad::Record;
use kinetic_core::types::{Reveal, Heartbeat};

pub struct KineticRecordStore {
    // In-memory or Sled-backed hashmap
    records: HashMap<Vec<u8>, Record>, 
    vdf_engine: Arc<dyn VdfEngine>,
}

impl RecordStore for KineticRecordStore {
    type RecordsIter<'a> = std::vec::IntoIter<std::borrow::Cow<'a, Record>>;
    type ProvidedIter<'a> = std::vec::IntoIter<std::borrow::Cow<'a, ProviderRecord>>;

    fn put(&mut self, record: Record) -> Result<()> {
        // 1. Deserialization Attempt
        if let Ok(reveal) = bincode::deserialize::<Reveal>(&record.value) {
            // It's a Reveal payload. Send to rigorous validation.
            if self.validate_reveal(&reveal) {
                self.records.insert(record.key.as_ref().to_vec(), record);
                return Ok(());
            } else {
                return Err(libp2p::kad::store::Error::ValueInvalid); // REJECT
            }
        }
        
        if let Ok(heartbeat) = bincode::deserialize::<Heartbeat>(&record.value) {
            // It's a Heartbeat payload. Send to validation.
            if self.validate_heartbeat(&heartbeat) {
                self.records.insert(record.key.as_ref().to_vec(), record);
                return Ok(());
            } else {
                return Err(libp2p::kad::store::Error::ValueInvalid); // REJECT
            }
        }

        // If it deserializes into neither, it is garbage spam.
        Err(libp2p::kad::store::Error::ValueInvalid) // REJECT
    }
}
}

This put function is the front line of defense. The node strictly attempts to deserialize the incoming byte array using bincode. If it fails, the node drops the record. If it succeeds, it triggers the intense cryptographic filter.

1.2 The Cryptographic Filter

If the payload is a Reveal, the node executes validate_reveal.

#![allow(unused)]
fn main() {
    fn validate_reveal(&self, reveal: &Reveal) -> bool {
        // 1. Validate the Signature
        let pubkey = ed25519_dalek::VerifyingKey::from_bytes(&reveal.pubkey).unwrap();
        let sig = ed25519_dalek::Signature::from_bytes(&reveal.signature).unwrap();
        
        if pubkey.verify_strict(&reveal.signable_bytes(), &sig).is_err() {
            return false; // Forged signature
        }

        // 2. Reconstruct the Commitment Hash
        let challenge_bytes = hex::decode(&reveal.drand_randomness).unwrap();
        let mut hasher = sha2::Sha256::new();
        hasher.update(reveal.name.as_bytes());
        hasher.update(&reveal.salt);
        hasher.update(&challenge_bytes);
        hasher.update(&reveal.pubkey);
        let mut hash = [0u8; 32];
        hash.copy_from_slice(&hasher.finalize());

        // 3. Verify VDF Math Requirements
        let required = calculate_required_iterations(&reveal.name);
        if reveal.iterations < required {
            return false; // Did not compute the required squatter penalty
        }

        // 4. The Final \\(O(\log T)\\) O(1) Verification
        self.vdf_engine.verify(
            &Commitment { hash },
            reveal.iterations,
            &reveal.vdf_proof
        )
    }
}

This execution block is perfectly deterministic. If validate_reveal returns false, the RecordStore immediately throws a ValueInvalid error. libp2p interprets this error by dropping the data and, crucially, refusing to gossip the record to any other peers.

This active immune response ensures that fake data cannot propagate beyond the specific peer the attacker is directly attacking.

2. The OS Interceptor: kinetic-dns

The kinetic-dns crate leverages the hickory-dns framework to intercept the user’s OS-level traffic on 127.0.0.1:53.

2.1 The Split-DNS Traffic Handler

Inside kinetic-dns/src/server.rs, the KineticDnsHandler implements the RequestHandler trait from Hickory.

#![allow(unused)]
fn main() {
use hickory_server::server::{Request, RequestHandler, ResponseHandler, ResponseInfo};
use hickory_server::authority::MessageResponseBuilder;
use hickory_server::proto::op::Header;
use hickory_server::proto::rr::{Record, RData, Name};

#[async_trait::async_trait]
impl RequestHandler for KineticDnsHandler {
    async fn handle_request<R: ResponseHandler>(
        &self,
        request: &Request,
        mut response_handle: R,
    ) -> ResponseInfo {
        let query = request.queries().first().unwrap();
        let name_str = query.name().to_string();

        if name_str.ends_with(".kin.") {
            // 1. SOVEREIGN TRAFFIC INTERCEPTION
            // Issue a Kademlia GET query down to the network layer
            match self.network_client.resolve_name(name_str.clone()).await {
                Ok(reveal) => {
                    // Extract the IP payload
                    let ip_str = String::from_utf8(reveal.payload).unwrap();
                    let ip_addr: Ipv4Addr = ip_str.parse().unwrap();
                    
                    // Synthesize a perfectly standard DNS 'A' record response
                    let mut record = Record::with(query.name().clone(), hickory_server::proto::rr::RecordType::A, 60);
                    record.set_data(Some(RData::A(ip_addr)));

                    let builder = MessageResponseBuilder::from_message_request(request);
                    let mut header = Header::response_from_request(request.header());
                    header.set_authoritative(true); // We are the absolute authority for .kin

                    let response = builder.build(header, vec![&record], vec![], vec![], vec![]);
                    response_handle.send_response(response).await.unwrap()
                }
                Err(_) => {
                    // Name not found in DHT
                    send_nxdomain(request, response_handle).await
                }
            }
        } else {
            // 2. LEGACY PASS-THROUGH
            // The user typed google.com. Do not leak or block it. 
            // Forward it natively to 1.1.1.1 over UDP.
            self.forward_to_upstream(request, response_handle).await
        }
    }
}
}

Line-by-Line Breakdown:

• if name_str.ends_with(".kin."): The simple, brutal suffix check. This is the exact moment the traffic is split.
• self.network_client.resolve_name(name_str.clone()).await: This triggers the Kademlia swarm lookup. The network client will aggressively query the DHT utilizing the multi-key Redundant Deterministic Storage algorithm to bypass Eclipse attacks, eventually verifying the signature/VDF and bubbling the pure Reveal struct back up to the DNS handler.
• record.set_data(Some(RData::A(ip_addr))): This is the magic. The browser thinks it just talked to a highly trusted ICANN root server. It has no idea that the IP address it is receiving was actually extracted from an Ed25519-signed Kademlia payload. The browser instantly routes the user’s traffic to the Web3 application.
• self.forward_to_upstream(...): For all non-.kin queries, the daemon maintains a persistent UDP socket to Cloudflare (1.1.1.1) or Google (8.8.8.8). It proxies the raw byte buffer back and forth, acting as a transparent tunnel. This is why running kinetic-daemon does not break the user’s internet.

Through kinetic-network and kinetic-dns, the protocol effectively weaponizes the user’s local operating system against the legacy ICANN infrastructure, creating a parallel, mathematically sovereign internet that seamlessly lives alongside the old one.

Chapter 9: Future Horizons (DNSSEC, TLS, and Web3 Integration)

The Kinetic Protocol, in its current v1 implementation, achieves the primary goal of creating a zero-cost, un-squattable, and fully decentralized naming system. However, providing a trustless name-to-IP mapping is only the foundational layer of a truly sovereign internet.

To completely divorce the internet from centralized authorities, Kinetic must solve the TLS Certificate Authority (CA) Bottleneck and the Physical Hosting Bottleneck.

This chapter details the architectural roadmap for Kinetic’s future evolution.

1. The Certificate Authority (CA) Bottleneck

Currently, the web relies heavily on HTTPS (TLS encryption). When your browser connects to https://bank.com, it receives a digital certificate guaranteeing that the server it is talking to is actually bank.com.

Who issues these certificates? A centralized oligopoly of Certificate Authorities (CAs) like Let’s Encrypt, DigiCert, and Sectigo. These CAs are trusted by the major browser vendors (Google, Apple, Mozilla).

If you own apple.kin, you cannot easily get an HTTPS certificate for it because standard CAs rely on ICANN-controlled DNS to verify domain ownership. Even if you could, relying on a centralized CA to issue a certificate for a decentralized domain defeats the philosophical purpose of Kinetic. A government could simply order a CA to revoke your certificate, instantly rendering your site untrusted by browsers.

1.1 The Solution: DANE and self-signed TLS

To bypass the CA oligopoly, Kinetic will integrate DANE (DNS-Based Authentication of Named Entities) natively into the protocol.

DANE, defined in RFC 6698, allows domain owners to publish the exact cryptographic hash of their TLS certificate directly into the DNS system via a TLSA record.

In a future update to the kinetic-core types, the Reveal struct will be expanded to support arbitrary payload types beyond just IP addresses:

#![allow(unused)]
fn main() {
pub enum PayloadType {
    IPv4(Ipv4Addr),
    IPv6(Ipv6Addr),
    TLSA(Vec<u8>), // The SHA-256 hash of the self-signed TLS cert
    TXT(String),
}
}

The Execution Flow:

1. The domain owner generates their own self-signed TLS certificate locally on their server. No centralized CA is contacted.
2. The owner computes the SHA-256 hash of this certificate.
3. The owner executes the VDF grind to register apple.kin, embedding both the IP address and the TLSA hash into the Reveal payload.
4. When a user navigates to https://apple.kin, the local kinetic-dns daemon intercepts the request.
5. The daemon fetches the Kademlia payload, extracts the IP and the TLSA hash, and returns them to the browser.
6. The browser connects to the server, receives the self-signed certificate, and verifies that its hash perfectly matches the TLSA record retrieved securely from the Kademlia swarm.

Because the Kademlia payload is secured by the user’s Ed25519 signature and the VDF Proof of Patience, the TLSA record is completely unforgeable. The browser can confidently display the “Secure Padlock” icon without needing to trust DigiCert, Let’s Encrypt, or any human authority.

2. The Physical Hosting Bottleneck

Mapping a decentralized name to a centralized IP address is a useful first step, but an IP address still points to a physical server sitting in a physical data center. That server can be unplugged by a hosting provider (like AWS or DigitalOcean), subpoenaed, or hit with a massive DDoS attack.

For Kinetic to achieve ultimate resilience, the domains must resolve to decentralized content networks rather than physical IP addresses.

2.1 Content Addressing via IPFS

The InterPlanetary File System (IPFS) changes the paradigm from “Where is the data?” (Location-based addressing, IPs) to “What is the data?” (Content-based addressing, CIDs).

In the future, the kinetic-cli will allow users to bind an IPFS CID to their domain instead of an IP address.

cargo run -- register library.kin QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG

When a user requests library.kin, the kinetic-dns daemon will query the Kademlia DHT, retrieve the TXT record containing the CID, and automatically redirect the traffic to a local IPFS gateway node.

The website files (HTML, CSS, JS) are served entirely from the P2P swarm. If the original author goes offline or is censored, the website remains perfectly accessible as long as at least one node on earth is pinning the CID.

Combining Kinetic with IPFS creates an unstoppable stack: An un-censorable naming system resolving to an un-censorable file system.

2.2 Anonymity via Tor Onion Services

For users operating under extreme authoritarian regimes, simply serving content is not enough; the server and the visitor must remain physically anonymous.

Tor Onion Services (.onion addresses) provide flawless anonymity, but the addresses are horrific 56-character base32 strings (e.g., expyuz5tatcgrvmxq...onion), making them impossible to memorize or share verbally.

Kinetic can bridge this gap by acting as a human-readable alias for Tor.

The Reveal payload can easily store an Onion address. When the user requests whisper.kin, the daemon fetches the Kademlia payload and proxies the TCP connection directly into the local Tor routing daemon.

The user types a memorable, 7-character name into their standard browser, and instantly connects to a heavily encrypted, multi-hop anonymous service, completely abstracting the complex cryptography away from the user experience.

3. Kinetic’s Ultimate Goal

The history of the internet is a cycle of decentralization followed by rapid corporate and governmental capture. The open protocols of the 1990s (HTTP, SMTP, DNS) were steadily enclosed by massive central authorities and monopolies.

Kinetic is not just a routing tool; it is a mathematical wedge designed to pry the base layer of the internet back open.

By replacing ICANN’s political bureaucracy with VDF mathematics, replacing DNS registries with Kademlia DHTs, replacing CAs with DANE, and replacing physical servers with IPFS swarms, Kinetic aims to build a parallel web architecture where censorship is not just illegal, but physically and mathematically impossible.

Chapter 10: Getting Started (Installation & Quickstart)

If you have made it through the intense mathematical theory and exhaustive code breakdowns of the previous chapters, you are ready to physically deploy Kinetic.

This final chapter serves as the hands-on, practical guide to compiling the workspace from source, launching the background daemon, and successfully registering your very first decentralized .kin domain.

1. System Prerequisites

Kinetic relies heavily on advanced cryptographic engines and systems-level networking. Before compiling, ensure your local environment is correctly configured.

Required Toolchains

1. Rust: You must have the standard Rust toolchain (cargo, rustc) installed via rustup.
2. C++ Compiler: The chiavdf FFI bindings require a modern C++ compiler (e.g., g++ or clang).
3. GMP Library: The Chia VDF engine relies on the GNU Multiple Precision Arithmetic Library for hyper-fast large integer mathematics.

Ubuntu / Debian:

sudo apt update
sudo apt install build-essential cmake libgmp-dev

macOS (via Homebrew):

brew install cmake gmp

2. Compiling the Workspace

Clone the repository and compile the workspace in release mode. The VDF grind is highly sensitive to compiler optimizations; running it in debug mode will make domain registrations unbearably slow.

git clone https://github.com/your-org/kinetic.git
cd kinetic
cargo build --release

This command will compile all five major crates (kinetic-core, kinetic-network, kinetic-vdf, kinetic-dns, and kinetic-storage), linking the C++ Chia VDF engine via build.rs, and finally producing the kinetic-daemon and kinetic-cli binaries.

3. Launching the Kinetic Daemon

The kinetic-daemon must run continuously in the background. It serves three critical functions:

1. Acting as your local Kademlia DHT peer.
2. Maintaining the passive 60-second Sled Heartbeat loop for your domains.
3. Intercepting port 53 to provide seamless Split-DNS to your browser.

Because binding to port 53 (the standard DNS port) is a privileged operation on Linux and macOS, you must run the daemon with sudo or administrator privileges.

Running the Daemon

In a dedicated terminal window (or configured via a systemd service file):

sudo ./target/release/kinetic-daemon

Note: In future production releases, the daemon will automatically drop privileges to a restricted kinetic user account immediately after binding to port 53, ensuring maximum system security.

Once running, the daemon will output logs indicating it has connected to the bootstrap DHT swarm, initialized its local Sled database at /tmp/kinetic_db, and bound the local REST API to 127.0.0.1:16001.

4. Registering Your First Domain

With the daemon silently protecting your system and routing traffic in the background, you can now use the kinetic-cli to claim territory on the network.

Open a separate terminal window. You do not need sudo for the CLI.

The Registration Command

Let’s assume you want to register mywebsite.kin and point it to a local development server running on 192.168.1.100.

./target/release/kinetic-cli register mywebsite.kin 192.168.1.100

What Happens Next?

1. The CLI contacts the external Drand beacon to pull down the latest, unpredictable entropy pulse.
2. It hashes your requested name, the Drand pulse, and your Ed25519 public key into a blind commitment.
3. It determines the string length of mywebsite.kin and calculates the required squatter penalty (e.g., 500,000 VDF iterations).
4. The Grind: The CLI will pause. Your CPU fan may spin up. Depending on your hardware and the required iterations, this could take anywhere from a few seconds to a few minutes.
5. The Reveal: Once the VDF proof is successfully mathematically generated, the CLI signs the payload and posts it to the local daemon via http://127.0.0.1:16001.
6. The daemon saves it to the Sled database and unleashes the payload onto the global Kademlia swarm.

5. Testing the Resolution

If the registration was successful, the domain is now globally available. However, because you are running the daemon locally, you can instantly test it without waiting for global DNS propagation.

Testing with dig

Use the standard network utility dig to query your local machine on port 53.

dig @127.0.0.1 mywebsite.kin A

You should receive an instantaneous response showing an A record pointing to 192.168.1.100.

Testing in the Browser

Because the daemon has updated your OS loopback, you can bypass the terminal entirely.

Open Google Chrome or Mozilla Firefox and type http://mywebsite.kin into the URL bar.

The browser will implicitly ask your local OS for the IP address. The OS will ask the kinetic-daemon on port 53. The daemon will realize it is a .kin domain, query the Kademlia DHT, verify the mathematics, and seamlessly route your browser to your local web server.

Testing Legacy Pass-Through

To verify that the daemon hasn’t broken your normal internet connection, try pinging a standard website:

dig @127.0.0.1 github.com A

The daemon will instantly recognize that github.com does not end in .kin and forward the request to Cloudflare (1.1.1.1) or Google (8.8.8.8), returning the standard public IP.

Welcome to the Sovereign Web

You have just registered a domain name without a credit card, without creating a username, and without asking permission from a corporation or government. Your ownership of that name is secured entirely by the unyielding laws of thermodynamics and cryptography, and your resolution traffic is immune to ISP censorship.

Welcome to Kinetic. The internet is yours again.

VDF Hardware Calibration

This document outlines the hardware baseline assumptions used to calibrate the Proof-of-Patience delay curves in kinetic-core.

The Problem with “Wall-Clock Time”

Verifiable Delay Functions (VDFs) are measured in iterations (squarings), not seconds. The amount of real-world “wall-clock time” it takes to compute $N$ iterations depends entirely on the speed of the hardware evaluating the VDF.

Therefore, when the codebase or whitepaper says “a 6-character name takes 8 hours,” that statement is inherently tied to a specific hardware generation.

The 2025/2026 Baseline

Our current scaling coefficients (implemented in calculate_required_iterations in kinetic-core/src/types.rs) are pinned to the following baseline assumption:

• Baseline Speed: ~300,000 iterations per second (ips).
• Target Hardware: A mid-range, single-core consumer CPU available in 2025/2026 (e.g., Apple M2/M3 efficiency core, or an equivalent AMD/Intel core).
• Algorithm: Repeated squaring in ideal class groups of unknown order (via the chiavdf Rust bindings).

At exactly 300k ips, the base iterations by name length are:

• 3,000,000 iterations (16+ chars) ≈ 10 seconds
• 12,000,000 iterations (9–15 chars) ≈ 40 seconds
• 36,000,000 iterations (5–8 chars) ≈ 2 minutes
• 144,000,000 iterations (4 chars) ≈ 8 minutes
• 540,000,000 iterations (3 chars) ≈ 30 minutes
• 2,160,000,000 iterations (2 chars) ≈ 2 hours
• 8,640,000,000 iterations (1 char) ≈ 8 hours

Moore’s Law & Future Scaling

To prevent the cost floor from collapsing over time due to Moore’s law or specialized ASICs, kinetic-core currently applies a linear offset based on the current Drand round (current_drand_round).

Because Drand emits a pulse every 30 seconds, a ~1% increase is added per 12-hour epoch (1440 rounds) to the base difficulty. This keeps the cost of registering names aligned with hardware improvements.

Note to Future Maintainers: If specialized VDF ASICs become cheap and widely available, the 300k ips baseline will break. If commodity ASICs push the baseline to 30M ips, the base iteration costs will need to be revised by a factor of 100x via a hard fork to maintain the same wall-clock delays.

The Kinetic Protocol: A Stateless, Sybil-Resistant Naming System via Proof-of-Patience and Computational Leases

Abstract

Current decentralized identity and naming architectures inevitably replicate the rent-seeking vulnerabilities of Web2 registry systems, creating an artificial economy of digital landlordism. To secure human-readable namespaces against Sybil attacks, existing protocols rely either on continuous capital allocation (perpetual renewal fees) or intrusive, non-scalable identity verification layers (Proof of Personhood). Both approaches compromise the core tenets of user sovereignty by favoring concentrated wealth or introducing severe onboarding friction.

This paper introduces the Kinetic Protocol, a decentralized naming primitive that completely decouples human-meaningful handle allocation from both financial capital and physical identity. Kinetic replaces monetary cost with sequential computational friction, establishing a self-cleaning namespace secured purely by math and time.

The protocol operates on a three-tier cryptographic security lifecycle:

1. Commit-Reveal & Sequential Linking: To eliminate network front-running and blind sniper attacks, registration requests are initially broadcast as obscured cryptographic commitments anchored to an external randomness beacon (drand) and bound uniquely to the claimant’s public key. The subsequent Verifiable Delay Function mathematically proves the commitment existed in the past, completely eliminating the need for a synchronized network clock.
2. Dynamic Difficulty via Verifiable Delay Functions (VDFs): To eliminate mass-dictionary squatting, the computational expenditure required to claim a name scales inversely with its character length. An attacker with massive hardware concurrency cannot resolve a single contested handle faster than a standard client, shifting the cost of entry from hardware scale to sheer patience. The network difficulty is globally synchronized via the drand beacon, with a fallback re-squaring mechanism to ensure difficulty scales with hardware advancements.
3. The Multi-Tiered Lease: To maintain namespace fluidity without an administrative state, name retention requires an active, low-overhead cryptographic signature heartbeat. If a heartbeat flatlines, the name is not instantly lost; instead, it enters a Grace-Period Escalation where the computational cost to steal the name increases the less idle it has been. Users can also opt into Hibernation VDFs for long-term offline periods or utilize Watchtowers for convenience.

By combining these mechanics within a conceptually stateless, distributed peer-to-peer network layer defended by Competitive Gossip and Hashcash PoW, Kinetic achieves global, human-meaningful, and unique handle resolution.

Note on Protocol Logic: The fundamental breakthrough of Kinetic is that it doesn’t seek to cryptographically verify if a user is a single physical human. Instead, it enforces an economic reality where mass-scale automated squatting becomes computationally and energetically ruinous, while remaining completely friction-free and zero-cost for a legitimate, solitary developer.

2. The Failure of Digital Landlordism: Capital-Gated Registries and the Identity Bottleneck

To understand the necessity of the Kinetic Protocol, we must first formalize the failure modes of existing decentralized naming architectures. The core problem of any global namespace is bounded by Zooko’s Triangle, which posits that network identifiers cannot simultaneously be human-meaningful, decentralized, and secure.

Attempts to square the triangle inevitably confront the Sybil attack vector: if names are human-meaningful and free to register without a central gatekeeper, a solitary attacker can instantaneously generate millions of pseudonymous network nodes to hoard the entire namespace. To mitigate this without centralized authorities, decentralized systems typically rely on one of two gating functions: Capital (monetary fees) or Identity (Proof of Personhood). Both introduce fatal flaws to developer sovereignty and system accessibility.

2.1 The Sybil Threat and the Necessity of Friction

In a permissionless environment, the cost of generating a network request is effectively zero. Therefore, if the namespace lacks a friction mechanism, the network is highly vulnerable to dictionary and enumeration attacks.

Let $C_a$ be the cost to the attacker, and $N$ be the total addressable space of desirable names. If the registration cost function $C_a(N) \approx 0$, a rational attacker will attempt to claim $N$. To secure the registry, a protocol must ensure that the marginal cost of acquiring the $i$-th name, $c_i$, scales such that attempting to acquire a vast number of names becomes prohibitively expensive:

$$ \sum_{i=1}^{N} c_i > R_{max} $$

where $R_{max}$ is the maximum resources available to the attacker. The debate in decentralized engineering is entirely about what unit of friction the variable $c$ represents.

2.2 The Flaw of Capital-Gated Names (Economic Rent-Seeking)

The most common approach—utilized by legacy blockchain-based naming systems—is to define $c$ as financial capital. To prevent permanent squatting and dead state, these systems institute recurring renewal fees based on string length.

While financially gating the namespace solves the Sybil problem, it introduces severe economic downstream effects:

• Digital Landlordism: A capital-gated registry inherently favors entities with the deepest financial liquidity. Wealthy speculators can afford the carry costs to hoard premium, short-character names, waiting to extract rent from legitimate developers or organizations who actually intend to build on them.
• Developer Pricing-Out: For a protocol meant to serve as a foundational network primitive (e.g., exposing a local port or routing a decentralized app), an annual monetary fee creates a continuous liability. It violates the core ethos of open-source infrastructure: peer-to-peer network routing should not require a subscription fee.
• The Valuation Paradox: In a capital-gated system, a name’s security is paradoxically tied to its market volatility. If the underlying cryptocurrency’s fiat value spikes, the cost to register or renew a domain becomes inaccessible to normal users, actively stalling network adoption.

2.3 The Identity Bottleneck (Proof of Personhood)

To eliminate capital requirements, alternative protocols attempt to define $c$ as physical human uniqueness. These Proof of Personhood (PoP) systems ensure that one human maps to exactly one identity, effectively hard-capping $N \leq 1$ per person.

While mathematically elegant for Sybil resistance, PoP introduces severe sociotechnical bottlenecks:

• Extreme Onboarding Friction: Synchronous video verification parties, specialized hardware (iris scanning), or global cryptographic puzzle ceremonies destroy the developer experience. A user cannot instantly spin up a tunnel at 2:00 AM if they must wait for a scheduled validation epoch.
• Trust Anchors and Privacy: Extracting unique identity, even via zero-knowledge proofs (zkTLS or NFC passports), often shackles the decentralized system to high-friction Web2 institutions or government-issued credentials.
• The Multiple-Alias Reality: Developers legitimately need multiple handles for different environments (e.g., staging servers, personal blogs, anonymous routing). Forcing a strict 1:1 mapping between a human and a network handle is an artificial constraint that misunderstands how internet infrastructure is naturally deployed.

2.4 The Impasse

We are left with an architectural impasse: a truly decentralized namespace cannot survive without friction, but defining that friction as money recreates Web2 rent-extraction, and defining it as identity destroys the user experience.

The Kinetic Protocol abandons both. By defining $c$ strictly as un-parallelizable time and kinetic computation, we return to the purest form of permissionless security.

3. The Kinetic Architecture: Cryptographic Mechanics

To achieve a globally sovereign namespace without a central supervisor, the Kinetic Protocol relies on a strictly sequential, three-phase cryptographic lifecycle. The architecture is designed to mathematically isolate and neutralize specific malicious behaviors—namely front-running, dictionary squatting, and dead-state hoarding.

3.1 Phase I: Clockless Front-Running Neutralization via Sequential VDF Linking

In any public, permissionless registry, transmitting a plaintext claim for a desirable string exposes the user to front-running. A sniper bot monitoring the network can observe the request, duplicate it, and propagate it with a higher network priority.

To render sniper bots completely blind without relying on a synchronized global clock, Kinetic mandates a Sequential VDF Linking scheme anchored to an external randomness beacon (specifically, drand, which provides highly reliable, lightweight BLS threshold signatures every 30 seconds).

Let $S$ be the set of all valid human-readable strings, and let $n \in S$ be the target name.

1. Commitment Generation: The user generates a high-entropy salt $s \in {0,1}^{256}$ and fetches the latest drand randomness pulse $B_{t_1}$. Crucially, the client binds their public key into the hash commitment: $C = H(n \parallel s \parallel B_{t_1} \parallel \text{PubKey})$.
2. Sequential VDF Linking: The client does not merely wait; they must use $C$ as the base seed input for the massive Verifiable Delay Function (VDF) computation. The VDF takes $T$ time to compute.
3. The Reveal: After $T$ time, the VDF completes. The client broadcasts a signed payload containing the plaintext tuple $(n, s, B_{t_1}, \text{VDF}_{\text{proof}})$. Nodes verify that the payload signature matches the $\text{PubKey}$ embedded inside $C$.

sequenceDiagram
    participant U as User (Client)
    participant B as drand Beacon
    participant D as Kademlia DHT
    
    Note over U,B: Phase 1: Commitment
    U->>B: Fetch latest pulse (Bt1)
    B-->>U: Return Bt1
    U->>U: Generate salt (s)
    U->>U: Compute C = H(n || s || Bt1 || PubKey)
    U->>D: Publish Commitment (C)
    
    Note over U,D: Phase 2: Sequential Linking
    U->>U: Compute massive VDF(C) for time T
    
    Note over U,D: Phase 3: The Reveal
    U->>D: Broadcast signed payload: (n, s, Bt1, VDF_proof)
    D->>D: Verify payload signature matches PubKey in C
    D->>D: Verify VDF proof against C
    alt is Valid
        D-->>U: Store payload at K = H(n)
    else is Invalid
        D-->>U: Drop payload & rate limit connection
    end

Because the drand pulse $B_{t_1}$ was unpredictable before $t_1$, an attacker cannot pre-compute the VDF. Because the VDF inherently takes $T$ time to solve, the completion of the VDF mathematically proves that the commitment $C$ existed at least $T$ time ago. If a sniper bot sees the reveal and attempts to steal the name, they must start their own VDF. By the time they finish at $t_1 + 2T$, the original claim is deeply embedded in the network. Furthermore, because the commitment $C$ is uniquely bound to the original user’s public key, an attacker cannot simply intercept the reveal tuple and replay it wrapped in their own signature.

3.2 Phase II: Dynamic Verifiable Delay Functions (Dictionary Neutralization)

If the Commit-Reveal phase hides the target, the Verifiable Delay Function (VDF) serves as the protocol’s primary Sybil-resistance mechanism.

A VDF is a cryptographic function $f: X \to Y$ that takes a prescribed amount of sequential time to evaluate, but is exponentially faster to verify. Crucially, a VDF cannot be accelerated through parallel processing. An attacker with an array of 10,000 ASICs cannot compute a single VDF any faster than a solitary user on a consumer-grade laptop.

The Mathematical Construction

To maintain a strict trustless philosophy, the Kinetic Protocol constructs its VDF over Class Groups of Imaginary Quadratic Fields, adopting the same mathematical foundations as the Chia network. Unlike RSA-based VDFs, Class Groups do not require a “Trusted Setup” ceremony to generate a modulus, eliminating human trust entirely.

The user is challenged to compute an output element $y$ within the Class Group given a base element $x$ and a time parameter $T$:

$$ y = x^{2^T} $$

Because the group order is unknown, the user is mathematically forced to execute $T$ sequential, non-parallelizable squarings.

Alongside $y$, the prover generates a concise cryptographic proof $\pi$ using the Wesolowski Proof Protocol. While evaluating $y$ requires $O(T)$ operations and is computationally grueling, any node in the Kinetic network can verify the tuple $(x, y, \pi)$ in $O(\log T)$ time, ensuring network validation remains near-instantaneous.

Hardware Acceleration & Dynamic Difficulty

To ensure the Sybil defense doesn’t decay over the decades as hardware single-thread performance improves, the protocol dynamically synchronizes the difficulty variable $k$.

• Primary Driver (External Time Beacon): The baseline difficulty constant $k$ is deterministically derived from the drand beacon height. This provides global consensus with zero coordination cost, slowly tightening the baseline difficulty over time.
• Fallback (Re-Squaring): If the beacon becomes unreachable, the protocol gracefully degrades to a static difficulty. To prevent long-term decay in a beacon-less world, any name crossing a multi-year epoch must refresh its claim with a “re-squaring” VDF.
• Alert Layer (Local Observation): Clients passively measure the rate of new registrations and computational lag. If hardware drastically outpaces the beacon’s difficulty curve, clients raise a user-visible warning, providing a social signal for manual fallback adjustments without breaking deterministic consensus.

3.3 Phase III: The Hybrid Lease System (Dead-State Neutralization)

Capital-gated registries rely on financial renewal dates to expire abandoned names. Because Kinetic is free, a purely static registration would allow early adopters to permanently exhaust the namespace. Kinetic solves this via a hybrid computational lease system that protects users during legitimate offline periods while aggressively cleaning truly dead state.

stateDiagram-v2
    [*] --> Active: Name Registered
    
    state Active {
        [*] --> Sending_Heartbeats
        Sending_Heartbeats --> Sending_Heartbeats: Periodic Signature Heartbeat
    }
    
    Active --> Idle: User goes offline
    
    state Idle {
        [*] --> Grace_Escalation
        Grace_Escalation --> Grace_Escalation: T_steal exponentially decays over time
    }
    
    Idle --> Challenge_Window: Attacker submits valid Challenge VDF
    
    state Challenge_Window {
        [*] --> Waiting_For_Owner
    }
    
    Challenge_Window --> Active: Owner responds with fresh heartbeat
    Challenge_Window --> Reclaimed: Window expires, Attacker wins
    
    Idle --> Active: Owner returns, sends fresh heartbeat
    Reclaimed --> [*]: Name transferred to Attacker

Layer 1: Grace-Period Escalation (The Base Layer)

Ownership is maintained by a localized, continuous cryptographic signature heartbeat, requiring minimal background computation.

If a user goes offline and misses their heartbeat, the name is not instantly evicted. Instead, it enters Grace-Period Escalation. An abandoned name requires an attacker to compute an exponentially harder VDF to steal it based on how long it has been idle. The difficulty to steal is formalized as:

$$ T_{\text{steal}}(\Delta t) = T_{\text{max}} \cdot e^{-\beta \cdot \Delta t} $$

where $\Delta t$ is the idle time, $T_{\text{max}}$ is the initial massive VDF difficulty (e.g., weeks of computation), and $\beta$ is the decay constant.

xychart-beta
    title "Grace-Period Escalation: Attacker Required VDF Time vs Idle Time"
    x-axis "Idle Time (Days)" [0, 30, 90, 180, 365, 730]
    y-axis "VDF Difficulty (Days to Compute)" 0 --> 365
    line [365, 120, 45, 15, 2, 0]

To initiate a challenge without a centralized clock, the attacker must mathematically prove the idle time using the DHT state:

1. The attacker retrieves the last known valid heartbeat for the name. (Heartbeats include the current drand round: $\text{Heartbeat} = \text{Sign}_{\text{owner}}( \text{PubKey} \parallel \text{drand_round} \parallel \text{nonce} )$).
2. The attacker calculates $\Delta t$ as the difference between the current drand round and the round in the owner’s last signed heartbeat.
3. The attacker computes the Challenge VDF of difficulty $T_{\text{steal}}(\Delta t)$.
4. The attacker submits the challenge, referencing the old heartbeat.

Because the heartbeat is signed by the owner, the attacker cannot forge a newer heartbeat to artificially shorten the idle time. If the name is actually active, honest network nodes will hold a cached recent heartbeat that contradicts the attacker’s $\Delta t$ claim, instantly invalidating the attack.

Even if the attacker computes a valid Challenge VDF, this merely opens the Challenge Window. The original owner can return at any moment during this window and reclaim the name instantly with a single, standard heartbeat, effortlessly invalidating the attacker’s massive computation.

Layer 2: Hibernation VDFs (Opt-In Planned Absence)

For users who know they will be offline for a long period (e.g., sabbatical), they can execute a massive, one-time sequential computation—the Hibernation VDF. By burning a 48-hour VDF, the user buys a “Hibernation Certificate” granting 1 year of complete heartbeat exemption. During this year, the grace-period escalation clock does not start, and the name mathematically cannot be challenged.

Layer 3: Watchtower Delegation (The Comfort Layer)

For ultimate uptime without continuous local CPU usage, a user can pre-generate a chain of signed heartbeat tokens and delegate them to a small set of decentralized “Watchtowers” (altruistic DHT nodes or a friend’s daemon). The watchtowers broadcast the tokens on schedule. This is trust-minimized: a watchtower cannot steal a name; they can only withhold a heartbeat, at which point the robust Grace-Period Escalation base layer effortlessly catches the fall.

4. The Zero-Dollar Network Layer: Stateless Consensus via DHT

Kinetic achieves global consensus without a global ledger or blockchain by decoupling data availability from state validation.

4.1 The Kademlia DHT and Competitive Gossip

Kinetic leverages a Kademlia Distributed Hash Table (DHT) via the libp2p networking stack. When a user computes a VDF to claim a name, their daemon pushes the payload to the DHT address $K = H(n)$.

Because a standard DHT has no execution environment, it is inherently vulnerable to storage exhaustion attacks (spam). To prevent an attacker from flooding the DHT with invalid payloads, Kinetic introduces two critical defenses:

1. Competitive Gossip: Every DHT node performs the $O(1)$ VDF mathematical validation before storing or propagating a payload. If the math is invalid, the node drops the payload entirely. The network acts as an active immune system, ensuring that only cryptographically sound data consumes storage space.
2. Lightweight Proof-of-Connection: To prevent an attacker from opening millions of connections to spam mathematically invalid VDFs, every node requires a trivial, connection-specific Hashcash PoW. If a connection repeatedly sends mathematically invalid VDFs, the node aggressively rate-limits, drops the connection, and forces the attacker to pay the Hashcash again, making sustained CPU-exhaustion attacks economically irrational.

4.2 Deterministic Client-Side Validation

Consensus is not a state stored on a server; it is a deterministic calculation run by the user’s own machine.

When a user resolves saif.kin:

1. Fetch: The local daemon queries the Kademlia DHT at $H(\text{saif})$ and retrieves the list of stored payloads.
2. Filter (Math): The daemon locally verifies the VDF proofs and Heartbeat nonces.
3. Filter (Time): Of the valid payloads, the daemon evaluates the sequential VDF timestamps anchored to the drand beacon.
4. Resolve: The daemon deterministically selects the payload with the earliest valid commitment and active heartbeat, extracts the routing IP address, and seamlessly resolves the local browser’s request.

Tie-Breaking (The XOR Lottery): If two honest users generate valid commitments for the exact same name within the exact same 30-second drand window ($B_{t_1}$ is identical), the protocol must break the tie without recreating a grinding PoW race. The winner is determined by the payload whose VDF output $y$ has the smallest XOR distance to the subsequent drand pulse $B_{t_2}$ at the time the first reveal is published. Because neither user can predict the future drand pulse, and neither can manipulate their VDF output $y$ (which is deterministically derived from the fixed inputs), this functions as a perfectly fair, mathematically un-gameable lottery.

4.3 Cryptographic Payload Schemas

To ensure deterministic client-side validation across all nodes, the network relies on strict data schemas. Below is a representation of the Reveal Payload (the final structure stored in the Kademlia DHT).

{
  "version": 1,
  "name": "saif.kin",
  "routing_target": "192.168.1.100", // Or a KID in the Identity Architecture
  "commitment": {
    "drand_round_t1": 3485721,
    "salt": "a1b2c3d4e5f6",
    "hash": "0x8f7a9..." 
  },
  "vdf_proof": {
    "iterations_T": 1000000,
    "output_y": "0x4b2c...",
    "wesolowski_pi": "0x9d3f..."
  },
  "heartbeat": {
    "drand_round_current": 3488000,
    "nonce": 42
  },
  "owner_pubkey": "ed25519:3a9b...",
  "signature": "0x7c4e..." // Signs the entire payload
}

Every node in the network independently verifies the vdf_proof, confirms the drand_round sequences, and checks the Ed25519 signature before serving this routing record.

graph TD
    subgraph Tie-Breaker: Exact Same drand Window
        direction TB
        A[Alice: Commits to 'apple.kin' at Bt1] -->|Computes VDF| A_V[Alice VDF Output: y1]
        B[Bob: Commits to 'apple.kin' at Bt1] -->|Computes VDF| B_V[Bob VDF Output: y2]
        
        A_V --> Rev[Both Reveal on DHT]
        B_V --> Rev
        
        Drand[Future drand pulse: Bt2] --> Rev
        
        Rev --> Calc1{Calculate XOR: y1 ⊕ Bt2}
        Rev --> Calc2{Calculate XOR: y2 ⊕ Bt2}
        
        Calc1 --> Comp[Compare Distances]
        Calc2 --> Comp
        
        Comp --> Win{Smallest Distance Wins}
        Win -->|Alice < Bob| A_Win(Alice claims 'apple.kin')
        Win -->|Bob < Alice| B_Win(Bob claims 'apple.kin')
    end

4.3 The Economic Scalability Reversal

By utilizing a Kademlia DHT and client-side validation, the Kinetic Protocol operates on an inverted scalability curve. As the network scales from 1,000 to 1,000,000 users, the DHT becomes vastly more dense, routing hops become significantly shorter, and data retrieval speeds increase. Because validation is crowdsourced to the CPUs of the individual users resolving the names, the network’s processing power scales perfectly in tandem with its user base.

The cost to operate the network remains exactly $0.

4.4 Mitigating DHT Eclipse Attacks via Redundant Deterministic Storage

The Vulnerability: Single-Key Eclipse Attacks

The protocol as described thus far assumes the Kademlia DHT acts as an honest bulletin board. In practice, permissionless DHTs are vulnerable to Eclipse attacks: an adversary can generate a large number of Sybil node IDs mathematically close to a target key $K$, becoming the authoritative storage peers for that key. Once in position, these malicious nodes can silently drop legitimate payloads and serve only the attacker’s data.

If a resolver queries $K = H(n)$ and the attacker controls the surrounding keyspace, the resolver receives only the attacker’s payload. Because client-side validation can only evaluate data it receives, and the attacker’s payload contains a valid VDF proof and commitment, the resolver has no cryptographic basis to reject it. The honest registrant’s payload simply never arrives. The XOR tie-breaker, which assumes both payloads are visible, is powerless against this network-layer censorship.

This is not a theoretical concern. Eclipse attacks have been demonstrated against Ethereum’s discovery layer, IPFS’s Kademlia DHT, and other production P2P networks. A motivated adversary with freely generated Sybil identities can isolate specific name entries at relatively low cost.

The Mitigation: Redundant Deterministic Storage

To defend against Eclipse attacks without introducing a blockchain, central coordinator, or monetary cost, the Kinetic Protocol adopts a Redundant Deterministic Storage scheme inspired by BitTorrent’s multi-tracker resilience.

Instead of storing a name’s payload at a single DHT key, the registrant publishes the identical, signed payload to $M$ independent, deterministically derived storage locations. A resolver queries all $M$ locations in parallel and applies the standard deterministic validation logic across the union of all returned payloads.

Derivation of Storage Keys

Let $n \in S$ be the registered name. The $M$ storage keys are derived using a cryptographic hash function $H$ with a domain-separated namespace constant:

$$ K_i = H(n \parallel i \parallel \text{domain_tag}), \quad \text{for } i \in {0, 1, \dots, M-1} $$

where $\text{domain_tag}$ is a fixed protocol string (e.g., “kinetic-dht-v1”). Because $H$ behaves as a random oracle, the $M$ keys are uniformly distributed across the Kademlia ID space and are mathematically uncorrelated. Controlling the keyspace around $K_0$ gives the attacker no advantage in controlling $K_1$, $K_2$, or any other key. Each key is an independent, uniformly random point in the DHT.

Registration with Redundant Storage

When a registrant completes their VDF and prepares the reveal payload $\mathcal{P}$:

$$ \mathcal{P} = {n, s, B_{t_1}, \pi_{\text{VDF}}, \text{PubKey}, \text{signature}} $$

they execute the following publication procedure:

1. Compute storage keys: Derive $K_0, K_1, \dots, K_{M-1}$ as defined above.
2. Publish to majority: Push $\mathcal{P}$ to the DHT, targeting all $M$ keys. The DHT’s standard put operation routes the payload to the peers closest to each $K_i$.
3. Confirm threshold: The registrant waits until acknowledgments confirm that $\mathcal{P}$ has been stored at a supermajority of the $M$ locations (e.g., at least $\lceil M/2 \rceil$). If the threshold is not met—perhaps due to transient network issues—the registrant retries until the majority is achieved.

The registrant is not required to succeed at all $M$ locations. A majority threshold ensures that honest resolvers will find the legitimate payload with high probability, while tolerating partial network failures or partial eclipse.

Note on Fake ACKs: Standard Kademlia STORE RPCs do not contain cryptographic proofs of storage. A malicious node in the routing path could intercept the registrant’s payload, reply with a fake “Stored successfully” ACK, and silently drop the data. The protocol mitigates this relying on Kademlia’s probabilistic replication and parallel queries. A missing payload at an attacked key is gracefully ignored, and the valid payloads at the other $M-1$ keys win. Registrants can also asynchronously verify storage by performing a GET immediately after a PUT.

Resolution with Redundant Storage

When a client resolves a name $n$:

1. Compute all storage keys: Derive $K_0, K_1, \dots, K_{M-1}$ locally.
2. Parallel fetch: Query the DHT for payloads stored at each $K_i$. This is a parallel operation; the total latency is bounded by the slowest response.
3. Union of results: Collect all distinct payloads returned from any of the $M$ keys.
4. Deterministic validation: Apply the standard client-side validation logic across all collected payloads:
   • Verify each payload’s VDF proof $\pi_{\text{VDF}}$ and commitment $C = H(n \parallel s \parallel B_{t_1} \parallel \text{PubKey})$.
   • Verify the signature against the embedded $\text{PubKey}$.
   • Discard any payload failing these checks.
5. Select the winner: Among the valid payloads, select the one with the earliest $B_{t_1}$ (drand round). If two payloads share the same $B_{t_1}$, apply the XOR lottery tie-breaker using the VDF output $y$ and the drand pulse at the reveal epoch.

This procedure guarantees that if at least one of the $M$ storage locations is honest and stores the legitimate payload, every resolver will see it. The attacker must eclipse all $M$ locations simultaneously to censor the legitimate claim.

Compute-Cost Security Analysis

In standard Kademlia, Node IDs are self-assigned. This means an eclipse attack does not require an adversary to control a massive fraction of the global network. Instead, an attacker only needs to locally generate enough cheap Sybil identities that happen to be mathematically closer to the target key $K_i$ than any honest node.

If an attacker controls a fraction $f$ of the network’s identity-generation hash power (or PoW-solving capability), the probability of them naturally controlling the $k$ closest nodes to a single target key is approximately $P_{single} \approx f^k$.

Because the $M$ target keys are generated via a cryptographic hash function, their locations are perfectly uniform and mathematically uncorrelated. To censor the name, the attacker must simultaneously eclipse all $M$ distinct keys. The probability of a successful total eclipse attack is therefore:

$$ P_{\text{eclipse}} = \prod_{i=0}^{M-1} P(K_i \text{ eclipsed}) \approx (f^k)^M = f^{k \cdot M} $$

Because $f < 1$, the probability of a successful eclipse attack decays exponentially as $M$ increases. For example, if an attacker commands a massive $20%$ of the global network’s PoW capacity ($f=0.2$) and the Kademlia bucket size is $k=20$, eclipsing a single key has a probability of $0.2^{20} \approx 10^{-14}$. Eclipsing $M=5$ redundant keys drops that probability to $0.2^{100} \approx 10^{-70}$.

This mathematically guarantees that unless the attacker fundamentally controls a supermajority of the entire global network (a 51% attack on the PoW identity layer), isolating and censoring a specific name is statistically impossible.

4.5 — A Note on the Boundaries of Sybil Resistance

The Kinetic Protocol makes a precise, bounded claim about Sybil resistance, and intellectual honesty demands that claim be stated exactly rather than allowed to imply more than it delivers.

At the per-name level, Kinetic’s Proof-of-Patience construction is sound. No attacker — regardless of hardware budget — can accelerate a single VDF computation. A well-funded actor cannot register stripe.kin faster than a developer on a consumer laptop; they are both subject to the same irreducible wall of sequential time. Within this scope, the core promise of the protocol holds.

The impossibility result lies one layer below, at the identity-creation layer. In any permissionless system where generating a cryptographic identity (a public key) is computationally free, a single actor controlling N machines is mathematically indistinguishable from N independent legitimate users. This is not a flaw in Kinetic’s engineering — it is a consequence of the protocol’s own foundational constraints. Kinetic explicitly and intentionally rejects the three known mechanisms that resolve this ambiguity: financial capital (which reproduces digital landlordism), Proof-of-Personhood (which reintroduces extreme onboarding friction and surveillance risk), and a globally-ordered consensus ledger (which reintroduces the shared bottleneck the protocol is architecturally designed to avoid). Having rejected all three, the protocol accepts the following corollary as an honest consequence: a patient, well-resourced attacker who spreads registrations across independent identities at a rate statistically indistinguishable from organic network growth cannot be detected or prevented by any mechanism available to a stateless, permissionless DHT.

What Kinetic does offer is a meaningful, honest mitigation. The steeply-scaled VDF difficulty curve ensures that bulk acquisition of the contested namespace — the high-value, short-character dictionary words where squatter incentives are highest — requires a real and non-trivial expenditure of sequential compute-time per name. Unlike capital-gated registries, this cost cannot be amortized across names via economies of scale: ten thousand parallel VDF grinds cost exactly ten thousand times the single-name cost, with no discount for volume. This does not bankrupt a sufficiently patient, sufficiently capitalized attacker — nothing in a permissionless system without global consensus can — but it meaningfully raises the minimum sustained cost of bulk accumulation above zero, unlike any purely free namespace. The protocol’s correct positioning is therefore as a system that makes large-scale fast acquisition expensive and large-scale patient accumulation time-consuming, while acknowledging that neither property constitutes a complete cryptographic guarantee against a determined, well-resourced adversary.

The authors consider this an honest and defensible position. Every deployed naming system in the literature — whether capital-gated, identity-gated, or centrally managed — either reintroduces a central authority, charges monetary rent, or accepts some form of bulk squatting as an unresolved open problem. Kinetic sits in the same honest company. The goal of this protocol is not to claim a solution to an open problem in distributed systems theory, but to minimize the practical footprint of that problem for the class of users — individual developers, small teams, infrastructure hobbyists — for whom it matters most.

Practical Considerations

Storage overhead: Each name consumes $M$ DHT entries instead of one. For $M = 5$ and a payload size of approximately 2–5 KB (commitment, VDF proof, signature, and metadata), total storage per name is approximately 10–25 KB distributed across the network. For even 10 million active names, total DHT storage is approximately 100–250 GB, trivially manageable for a global P2P network.

Query latency: The $M$ DHT queries are issued in parallel. The resolver’s perceived latency is the maximum of $M$ Kademlia lookups, each requiring $O(\log N)$ hops. In practice, this adds tens of milliseconds compared to a single lookup, which is imperceptible in the context of DNS resolution (already subject to caching and upstream resolver latency).

No central coordination required: The storage keys are computed deterministically by both registrants and resolvers. No registry, committee, or blockchain coordinates which nodes store what. The mechanism is entirely client-driven and preserves the protocol’s stateless, zero-cost architecture.

DHT TTL (Time-To-Live) Degradation: DHT entries do not live forever; they expire based on a TTL (e.g., 24-72 hours in standard libp2p). If a name’s payload expires at $K_2$ but not the others, the redundancy drops from $M$ to $M-1$. The protocol mandates that the client daemon treat the republishing of the payload to all $M$ keys as part of its background maintenance loop. Tied directly to the heartbeat mechanism, the daemon re-PUTs the payload proactively to ensure redundancy never degrades.

Integration with Existing Defenses

Redundant storage complements, rather than replaces, other DHT security measures:

• S/Kademlia extensions: libp2p supports cryptographic node ID generation, making Sybil identity generation computationally expensive. When combined with redundant storage, the attacker faces both an increased cost per identity and the need to control multiple independent keyspace regions.
• Competitive Gossip: DHT nodes continue to validate payloads before storing or propagating them, preventing the redundant locations from being filled with invalid spam.
• Grace-Period Escalation: Even if an attacker successfully eclipses a name temporarily, the legitimate owner’s heartbeat can be re-published to all $M$ locations, restoring visibility to the network.

By adding redundant deterministic storage, the Kinetic Protocol eliminates the single most critical vulnerability of its stateless DHT architecture while maintaining zero fees, zero central authority, and purely client-side consensus.

5. Implementation & Scope: Native Routing via Loopback Interception

To function as a practical public good, the Kinetic Protocol cannot exist merely as a theoretical network; it must seamlessly integrate with existing browser infrastructure. The primary engineering challenge lies in bypassing the legacy Domain Name System (DNS) controlled by ICANN, which governs the global Root Zone and does not recognize sovereign extensions like .kin.

To achieve native .kin resolution without relying on centralized top-level domain (TLD) authorities or breaking standard Web2 traffic, Kinetic utilizes a Split-DNS loopback architecture. Consensus and routing are executed entirely on the user’s local machine via a lightweight background daemon.

5.1 The Kinetic Daemon: Sovereign Split-DNS

When a user installs the Kinetic client (written in a memory-safe, highly concurrent language like Rust or Go), the installer deploys a background daemon that binds a local DNS proxy to the operating system’s loopback interface (e.g., 127.0.0.1:53). The OS networking stack is automatically updated to prioritize this local proxy for all DNS queries.

The daemon acts as a deterministic traffic router, enforcing a strict Split-DNS policy:

• Standard Traffic (Pass-Through): If a local application requests a legacy TLD (e.g., github.com or wikipedia.org), the Kinetic daemon instantly forwards the query to the user’s default upstream resolver (such as 1.1.1.1 or 8.8.8.8). This incurs zero latency overhead for normal internet use.
• Sovereign Traffic (Interception): If the application requests a protocol-specific TLD (e.g., saif.kin), the daemon intercepts the request, blocks it from leaking to the global ICANN Root Zone, and initiates the decentralized resolution pipeline.

graph LR
    subgraph User OS
        App[Browser / Application]
        Daemon((Kinetic Daemon<br/>127.0.0.1:53))
        App -->|DNS Query| Daemon
    end

    subgraph Split-DNS Router
        Daemon -->|Ends in .kin| Kin{Intercept}
        Daemon -->|Other TLDs| Pass{Pass-Through}
    end

    subgraph External Networks
        Kin -->|VDF/DHT Math| DHT[(Kademlia DHT)]
        Pass -->|Standard UDP/TCP| Upstream[Upstream Resolver<br/>1.1.1.1 / 8.8.8.8]
        Upstream --> ICANN((ICANN Root Zone))
    end
    
    style Daemon fill:#005A9C,stroke:#000,stroke-width:2px,color:#fff
    style Kin fill:#9400D3,stroke:#000,stroke-width:2px,color:#fff
    style Pass fill:#228B22,stroke:#000,stroke-width:2px,color:#fff

5.2 Native Installation

The ideal implementation described above requires the user to run the full node locally. The user calculates VDFs locally and acts as their own consensus judge. This maximizes sovereignty, privacy, and mathematical trust. It is designed to be used natively by developers, node operators, and infrastructure providers without relying on trusted intermediaries.

Kinetic Identity Architecture (KID)

Beyond DNS: Human Names, Permanent Identities, and Verifiable Services

Version 1.0 (Formal Specification)

Abstract

Most decentralized naming systems attempt to replicate the Domain Name System (DNS) without addressing its fundamental limitations. Traditional DNS answers a single question:

What network location corresponds to this name?

A DNS record ultimately resolves human-readable identifiers into network locations (IP addresses). However, modern digital entities are no longer merely servers. A single online identity may expose websites, APIs, storage systems, AI agents, messaging endpoints, peer-to-peer applications, and future services that do not map naturally to a single machine or location.

This document formally proposes a new architecture for Kinetic. Rather than acting as a decentralized DNS replacement, Kinetic has evolved into a mature Identity-Centric Service Discovery Network.

The core thesis is a strict, four-layer progression: Human Name ↓ Permanent Identity (KID) ↓ Capability Manifest ↓ Verifiable Services

Instead of resolving names into locations, Kinetic resolves names into cryptographic identities capable of exposing arbitrary services. This creates a generalized naming primitive that separates Human Discovery, Identity, Service Discovery, and Content Distribution into independent, mathematically verifiable layers with distinct mutability guarantees.

1. The Core Philosophy: Name $\neq$ Identity

A surprising number of naming systems never properly separate a human-readable alias from the underlying identity.

Suppose saif.kin belongs to Alice. Later, ownership transfers to Bob. The name remains saif.kin, but the underlying identity has changed completely.

If a system conflates the Name and the Identity, it falls victim to Semantic Attacks (or Long Range Resurrection). A user might send funds or encrypted messages to saif.kin assuming Alice still owns it, only to have Bob intercept them.

Therefore, the foundational axiom of the Kinetic Identity Architecture is:

Name $\neq$ Identity

Kinetic explicitly separates these concepts. A name is an ephemeral, transferable routing alias. An identity is a permanent, immutable cryptographic anchor.

2. The Four-Layer Architecture

Kinetic combines four concepts that are traditionally separated. Each layer has a distinct purpose and is governed by different mutability rules.

Layer 1: Human Namespace

Example: saif.kin

Purpose:

• Human discovery
• Branding and Reputation
• Memorability

The namespace is secured using Kinetic’s VDF-based registration system. Names are transferable, and ownership may change over time based on the Heartbeat and Escalation algorithms. Therefore, names are not permanent identities.

Layer 2: Permanent Identity (KID)

A name does not resolve to an IP address. Instead, it resolves to a Kinetic Identity Document (KID):

saif.kin $\rightarrow$ did:kin:kid1abc9f7...

The KID becomes the permanent cryptographic root of trust. It is bound to an Ed25519 or secp256k1 keypair.

KID Schema Example:

{
  "kid": "did:kin:kid1abc9f7...",
  "pubkey": "ed25519:8b3a...",
  "created_at": 1750000000,
  "revocation_key": "ed25519:4f2c..."
}

Unlike names:

• KIDs are permanent and non-transferable.
• KIDs are strictly cryptographic and machine-oriented.

A KID represents an entity. A name represents a human-facing alias pointing to that entity. If saif.kin changes ownership, it simply points to a different KID.

Layer 3: Capability Manifest

A KID points to a Capability Manifest. The manifest describes exactly what services this identity currently exposes to the network.

Capability Manifest Schema Example:

{
  "version": "1.0",
  "owner": "did:kin:kid1abc9f7...",
  "services": [
    {
      "type": "website",
      "protocol": "https",
      "target": "104.21.44.11"
    },
    {
      "type": "api",
      "protocol": "grpc",
      "target": "api.backend.local",
      "port": 50051
    },
    {
      "type": "nostr-relay",
      "protocol": "wss",
      "target": "relay.nostr.info"
    }
  ],
  "signature": "0x7a8b9c..."
}

Why Manifests Matter: Without manifests (Identity ↓ Content), the architecture is limited to static websites. With manifests (Identity ↓ Services ↓ Content), the protocol becomes service-agnostic. New applications and services can be introduced in the future without ever changing the core naming layer.

Layer 4: Content and Compute

Services ultimately resolve to actionable content or compute. Examples: Website Files, APIs, AI Chatbots, Databases, Messaging Relays.

Content is Not Kinetic’s Responsibility. Kinetic answers: “Who owns this name?” and “What services exist for this identity?” It does not answer: “Where are the bytes stored?”

Just as DNS does not guarantee a website remains online, Kinetic does not guarantee content availability or execute dynamic backend code. Content hosting and compute remain the responsibility of infrastructure operators (whether via centralized clouds or decentralized storage like IPFS/BitTorrent).

3. Light Client Resolution Architecture

Because ownership state in Kinetic is entirely encapsulated inside self-authenticating, mathematically verifiable payloads (Signed Lease Records), a client does not need to participate in Kademlia peer discovery to resolve a name.

Kinetic supports trust-minimized light clients through untrusted gateway acquisition and local cryptographic verification of lease records.

This is mathematically equivalent to Bitcoin’s SPV (Simplified Payment Verification) architecture, unlocking Kinetic for iOS, Android, and Web Browsers without requiring them to run embedded DHT nodes.

The Untrusted Gateway Model

The resolution flow for a light client (e.g., a standard web browser) is straightforward:

1. Browser requests lease records via standard HTTPS from an untrusted gateway.
2. Gateway acts purely as a data transport, querying the DHT and returning the raw payloads.
3. Browser locally verifies the cryptographic signatures, the drand heartbeat timestamps, and the VDF proofs.

The critical insight is that the gateway is not a Trusted Resolver; it is merely a Data Transport. It cannot forge ownership, forge VDFs, or forge heartbeats because local verification stops that immediately. The cryptography decides the truth, not the peer.

Mitigating Gateway Censorship

While a malicious gateway cannot forge a record, it can censor the network by intentionally hiding the newest lease record, causing the browser to resolve an outdated owner.

To mitigate this, light clients query a Minimum Gateway Set (e.g., 3 independent public gateways). The client collects all returned lease records, performs local verification on all of them, and deterministically chooses the winning payload using the Protocol Specification v1 rules (the oldest initial commitment tied-broken by the XOR distance to a future drand pulse).

Once a single honest gateway is queried, malicious censorship by the others becomes mathematically irrelevant.

4. The Complete Kinetic Stack Flow

graph TD
    A[Human Name: 'saif.kin'] -->|Resolves via Kademlia| B(Permanent Identity: KID)
    B -->|Cryptographic Root| C{Capability Manifest}
    C -->|Service 1| D[Website/Content]
    C -->|Service 2| E[API Endpoint]
    C -->|Service 3| F[Messaging Relay]
    
    B -.->|Signs| C
    C -.->|Hashes/Points to| D
    
    style A fill:#f9f,stroke:#333,stroke-width:2px
    style B fill:#bbf,stroke:#333,stroke-width:2px

Conclusion

Kinetic began as a decentralized naming protocol. However, through rigorous architectural evolution, it has matured into something much more comprehensive.

Instead of a simple: Name ↓ Location

Kinetic provides a mathematically verifiable stack: Human Name ↓ Identity ↓ Services ↓ Content

This transforms naming from machine resolution into identity-driven service discovery. Under this model, Kinetic becomes more than a decentralized domain system. It becomes the foundational identity-centric service layer for the internet.

Kinetic Adversarial Analysis

A Red-Team Audit of Stateless Name Resolution

Draft Research Whitepaper v0.2

Abstract

Robust protocol design requires assuming the worst possible operational environment. Because Kinetic utilizes an Untrusted Gateway model for Light Client resolution, the system’s security relies entirely on the deterministic mathematical rules executed by the client-side resolver.

This document serves as an adversarial analysis of the Kinetic resolution mathematics. We assume an adversary has full control over the untrusted gateways, can forge Sybil identities at will, and possesses significant (but not majority) computational hash power. We evaluate seven specific attack vectors designed to subvert ownership resolution and detail the deterministic cryptographic rules that neutralize them.

Attack 1: The Split View Attack (Two Valid Leases)

The Attack: An attacker discovers a highly desirable name (apple.kin). They compute a perfectly valid VDF, generate a mathematically sound commitment, and sign it with their own heartbeat. Simultaneously, an honest user does the exact same thing. A malicious gateway returns both Lease Record X (Attacker) and Lease Record Y (Honest User) to the resolving browser. Both records are structurally sound and mathematically valid.

The Cryptographic Mitigation (Deterministic Selection): The Kinetic protocol strictly mandates a deterministic conflict-resolution rule to prevent state divergence. The client-side resolver evaluates the payloads using the following hierarchy:

1. Oldest Original Commitment: The resolver compares the drand_round_t1 contained within the VDF commitment. The payload with the chronologically earliest legitimate commitment instantly wins. This prevents an attacker from “stealing” a name by computing a VDF years later.
2. The XOR Tie-Breaker: If and only if both users committed to the name within the exact same 30-second drand window, the resolver executes the XOR Lottery. The winner is the payload whose VDF output $y$ possesses the smallest XOR distance to the subsequent drand pulse $B_{t_2}$. Because neither user can predict $B_{t_2}$ during their commitment phase, the tie-breaker is a mathematically un-gameable, perfectly fair lottery.

Attack 2: The Heartbeat Race (The Offline Owner)

The Attack: Alice owns saif.kin. Her local daemon crashes, or her internet service drops, causing her to miss her heartbeat broadcast. An attacker’s automated script detects the missed heartbeat and immediately begins computing a VDF to claim the “abandoned” name.

The Cryptographic Mitigation (Grace-Period Escalation): Kinetic does not instantly evict offline names. The difficulty for the attacker to steal the name ($T_{\text{steal}}$) scales inversely proportional to the idle time ($\Delta t$).

The required VDF iterations are calculated via the Grace-Period Escalation curve: $$ T_{\text{steal}} = T_{\text{base}} \times e^{\left(\frac{k}{\Delta t}\right)} $$ (where $k$ is the escalation constant and $\Delta t$ is the elapsed drand rounds since the last heartbeat).

If an attacker attempts to snipe a name that has only been offline for 1 hour, $\Delta t$ is small, driving $T_{\text{steal}}$ into the trillions. This requires computing a VDF that would physically take years to finish. By the time the attacker’s server finishes computing this massive proof, Alice will likely have reconnected to the internet and published a single, instant heartbeat. The resolver will see Alice’s newer heartbeat, resetting $\Delta t$ to zero, and instantly invalidating the attacker’s years of wasted computation.

Attack 3: The DHT Eclipse (The Poisoned Oracle)

The Attack: The Light Client queries three untrusted Gateways to resolve a name. The Gateways are honest, but the Kademlia DHT underlying the network is being attacked. An adversary controls hundreds of Sybil nodes and successfully suppresses the newest lease records, feeding the Gateways outdated, poisoned DHT state.

The Cryptographic Mitigation (Keyspace Independence): A local resolver cannot mathematically detect missing records, only invalid ones. To combat this network-layer censorship, Kinetic utilizes $M=5$ distinct storage keys derived via a cryptographic hash function:

• $K_1 = \text{SHA256}(\text{name} \parallel 1)$
• $K_2 = \text{SHA256}(\text{name} \parallel 2)$
• $\dots$
• $K_5 = \text{SHA256}(\text{name} \parallel 5)$

Because the Kademlia DHT routes based on a 256-bit XOR metric, the SHA-256 avalanche effect guarantees that these 5 keys are statistically uncorrelated and land in completely disparate regions of the global Kademlia ring. Eclipsing the neighborhood around $K_1$ provides zero advantage toward eclipsing $K_5$.

To successfully censor the newest record, the attacker must simultaneously eclipse all $M$ regions. The probability of successfully eclipsing all $M$ keys drops exponentially: $P_{\text{eclipse}} \approx f^{k \cdot M}$ (where $f$ is the attacker’s fraction of global hash power and $k$ is the bucket size). Unless the attacker commands a supermajority of the global network’s identity-generation power, successfully censoring the DHT is statistically impossible.

Attack 4: The Historical Rewrite (Replay Attacks)

The Attack: An attacker archives a perfectly valid, VDF-proven Lease Record from the year 2028. In the year 2035, the attacker replays this exact record to the network, attempting to trick a resolver into thinking the 2028 owner is still the current owner.

The Cryptographic Mitigation (Drand Entanglement): Every Heartbeat signature explicitly signs the current drand round ($\text{Sign}( \text{PubKey} \parallel \text{drand_round} )$). When the 2028 record is replayed in 2035, the resolver calculates the idle time ($\Delta t$) by subtracting the heartbeat’s 2028 drand round from the current 2035 drand round. The resolver determines the name has been “dead” for 7 years. Under the Grace-Period Escalation curve, the VDF difficulty to claim a name dead for 7 years is trivially small. Any honest user currently holding the name in 2035 will have a newer heartbeat, causing the resolver to effortlessly discard the replayed 2028 record as obsolete.

Attack 5: Name Popularity Attack (Resolution DoS)

The Attack: A name like openai.kin becomes globally famous. An attacker floods the DHT with tens of thousands of valid, but mathematically losing, VDF leases. Because the DHT nodes must evaluate incoming leases to drop the weaker ones (Competitive Gossip Filtering), the attacker’s goal shifts from crashing the Browser to exhausting the CPU of the DHT nodes. This is a Resolution DoS attack targeting infrastructure validators.

The Cryptographic Mitigation (Verification Asymmetry): This attack is neutralized by the fundamental asymmetry of the chosen VDF construction (Class Groups of Imaginary Quadratic Fields with Wesolowski proofs). While generating a valid Wesolowski proof is strictly sequential and extremely slow ($O(T)$), verifying the proof is exponentially faster ($O(\log T)$).

A DHT node can cryptographically verify a fake lease in mere milliseconds. An attacker attempting to spam 1 million fake leases must physically compute 1 million sequential VDF proofs—an operation requiring vast server farms and massive energy expenditure. The DHT nodes will trivially filter and drop these 1 million leases using negligible CPU power. The attacker bankrupts themselves long before the infrastructure notices the load.

Attack 6: KID Continuity (The Identity Shift)

The Attack: A highly trusted name, bank.kin, expires after years of inactivity and is legally claimed by a malicious actor. The malicious actor generates a new Permanent Identity Document (KID) and publishes a new Capability Manifest pointing to a phishing API. Users resolving bank.kin are silently routed to the phishing server because the math resolves perfectly.

The Cryptographic Mitigation (KID Pinning): This is a semantic vulnerability inherent to all dynamic naming systems (e.g., DNS hijacking). Kinetic solves this by strictly separating Names from Identities. High-security applications must treat human-readable names merely as initial discovery vectors. Once an application successfully resolves bank.kin to kid1abc..., the application should locally “pin” the KID. Future connections must assert that the resolved KID matches the pinned KID. If the Name changes hands, the resolved KID will change, immediately triggering a security warning (similar to an SSH host key changing). Trust is strictly bound to the immutable cryptography (KID), not the mutable alias (Name).

Attack 7: Long Range Resurrection (The Semantic Attack)

The Attack: Similar to Attack 6, openai.kin is abandoned. Ten years later, an attacker legitimately claims it. Now, openai.kin points to a completely different KID. Millions of old forum links, archived manifests, and historical documents still reference openai.kin. Clicking those links now routes users to the attacker’s services.

The Cryptographic Mitigation (The Core Identity Principle): This attack highlights a core design principle of Kinetic: Names are ephemeral routing aliases; KIDs are permanent semantic anchors. To prevent Long Range Resurrection, the ecosystem standard dictates that historical references, permanent storage (like IPFS), and immutable smart contracts must never hardcode .kin names. They must hardcode the underlying KID. When a user shares a permanent document, the software should automatically embed the underlying KID rather than the human-readable alias, completely immunizing historical data from future name re-registration attacks.

Kinetic Protocol Specification v1

A Decentralized, Identity-Centric Service Discovery Network

Version 1.0 (Formal Specification)

Abstract

Kinetic is a completely decentralized protocol that maps human-readable names to cryptographic identities (KIDs), which in turn map to service manifests. Kinetic eliminates the need for blockchains, consensus algorithms, or trusted resolution authorities by strictly utilizing verifiable delay functions (VDFs), cryptographic signatures, and a Kademlia Distributed Hash Table (DHT).

This document serves as the formal architectural specification for the Kinetic protocol, encompassing the resolution lifecycle, data schemas, empirical proofs, and light-client operational models.

1. The Formal State Machine

Ownership of a Kinetic name is an ephemeral state defined purely by cryptographic mathematics, not by database registry entries. The state of any name traverses the following lifecycle:

stateDiagram-v2
    [*] --> Unclaimed
    
    Unclaimed --> Active : Valid VDF + Initial Heartbeat
    
    state Active {
        [*] --> Publishing
        Publishing --> Refreshing : Heartbeat (drand)
        Refreshing --> Publishing
    }
    
    Active --> Inactive : Missed Heartbeat (Δt > 0)
    Inactive --> Active : Late Heartbeat Published (Δt = 0)
    
    Inactive --> Reclaimable : Δt grows (T_steal drops)
    
    Reclaimable --> Transferred : New User Computes T_steal
    Transferred --> Active : New VDF + Heartbeat Accepted

State Definitions

• Unclaimed: The name has never been registered. $T_{\text{steal}} = T_{\text{base}}$.
• Active: A valid VDF commitment exists, and the current owner has published a heartbeat within the current 30-second drand round ($\Delta t = 0$).
• Inactive: The owner has failed to publish a recent heartbeat. $\Delta t > 0$.
• Reclaimable: The owner has been inactive long enough that $T_{\text{steal}}$ has decayed to a computationally feasible threshold for a challenger.
• Transferred: A challenger successfully computed the decayed $T_{\text{steal}}$ VDF and claimed the name. The old owner’s payload is mathematically nullified.

2. Empirical Protocol Economics

Kinetic’s security relies on the asymmetry of VDF verification and the Grace-Period Escalation curve. To formally prove the economic deterrents, empirical simulations were conducted.

2.1 The Escalation Curve ($T_{\text{steal}}$)

When a name becomes Inactive, the difficulty to claim it decays according to the equation: $$ T_{\text{steal}} = T_{\text{base}} \times e^{\left(\frac{k}{\Delta t}\right)} $$ Assume $T_{\text{base}} = 10,000,000$ iterations and an adversary utilizing an ASIC computing $10^9$ iterations/second.

Conclusion: Active names are mathematically impossible to steal. Abandoned names are cleanly garbage-collected.

2.2 DHT Keyspace Dispersion (Eclipse Defense)

Kinetic stores $M=5$ redundant payloads across the Kademlia DHT using $K_i = \text{SHA256}(\text{name} \parallel i)$. A simulation generating $1,000,000,000$ names ($5,000,000,000$ derived keys) mapped into 65,536 distinct 16-bit Kademlia sectors yielded:

• Expected Keys per Sector: 76,293
• Min Keys in Sector: 75,094
• Max Keys in Sector: 77,563
• Variance: $3.24%$

Conclusion: The SHA-256 derivation provides perfect uniform dispersion. Because the keys are statistically uncorrelated, successfully censoring a name requires uniform control over the entire 256-bit DHT keyspace, making Eclipse attacks practically impossible.

3. The Resolution Algorithm

Kinetic supports “trust-minimized light clients”. A browser does not need to run a DHT node; it simply requests data from untrusted HTTP gateways and verifies the payloads locally.

The Client-Side Resolution Flow:

1. Fetch: Client requests LeaseRecords for $K_1 \dots K_5$ from 3 independent public Gateways.
2. Collect: Client aggregates the JSON payloads.
3. Verify Signatures: Discard any payload where the Ed25519 signature fails.
4. Verify VDF: Discard any payload where the Wesolowski proof $O(\log T)$ validation fails.
5. Deterministic Selection:
   • Select the payload with the oldest valid drand_round_t1 (Initial Commitment).
   • If tied, select the payload whose VDF output $y$ is closest (XOR distance) to the subsequent drand pulse $B_{t_2}$.
6. Extract Identity: Output the kid_pubkey of the winning payload.

4. Payload Schemas

4.1 Signed Lease Record (The Ownership Payload)

The core cryptographic truth that proves a user owns a name.

{
  "name": "saif.kin",
  "kid_pubkey": "ed25519-abc123def456...",
  "vdf_proof": {
    "drand_round_t1": 1234567,
    "difficulty_t": 10000000,
    "input_x": "0xabc...",
    "output_y": "0xdef...",
    "wesolowski_pi": "0x123..."
  },
  "heartbeat": {
    "drand_round_current": 1234600,
    "signature": "sig-789..."
  }
}

4.2 The Kinetic Identity Document (KID)

The permanent semantic anchor of the user.

{
  "kid": "did:kin:ed25519-abc123def456...",
  "rotation_keys": ["ed25519-xyz987..."],
  "manifest_hash": "sha256-456def..."
}

4.3 The Capability Manifest

The mapping of the Identity to concrete services.

{
  "services": {
    "website": {
      "type": "ipv4",
      "endpoint": "198.51.100.14"
    },
    "api": {
      "type": "grpc",
      "endpoint": "api.saifmukhtar.dev:443"
    },
    "nostr": {
      "type": "websocket",
      "endpoint": "wss://relay.kinetic.network"
    }
  },
  "signature": "sig-kid-abc..."
}

5. Gateway Economics

Because Kinetic Gateways do not execute consensus algorithms or hold private keys, they function purely as Data Transports (CDNs for signed records).

This enables Incentiveless Infrastructure (similar to Tor exit nodes, IPFS gateways, and Nostr relays).

• Compute Cost: Negligible. Gateways merely relay JSON files from the DHT.
• Bandwidth Cost: Negligible. A Lease Record is $\approx 1$ KB.
• Trust Requirement: Zero. The local client verifies the math.

This model seamlessly bridges Web3 cryptography with Web2 consumer access, allowing Android, iOS, and standard web browsers to natively resolve .kin names using hardcoded lists of community-operated HTTP gateways.

6. Protocol Maturity Checklist

This checklist tracks the maturation of Kinetic from a theoretical construct to a production-grade decentralized infrastructure.