Could a human-readable identifier have saved CoinDash’s ICO?
Just as CoinDash’s ICO started, a hacker replaced the address on CoinDash’s website with one they controlled, siphoning off millions of dollars worth of cryptocurrency.
There are many things that would have prevented this — for example publishing the contract well in advance, or simply having better security.
But what if CoinDash used a decentralized name service to provide a human-readable alias for their address?
Would this resolve the indistinguishability of two public key addresses?
No, it wouldn’t.
The hacker could simply register a very similar alias and pull the same stunt.
Each human-readable alias has a much lower number of potentially indistinguishable names than a public key, but the attacker only needs one.
And arguably, the alias increases the likelihood of success because generating even a remotely similar public key is difficult, and the alias may give users a false sense of trust.
It’s even worse in a decentralized name service: if that fraudulent alias somehow made its way into software, there is no way to forcibly revoke the alias and so the system will continue to be vulnerable until potentially millions of users update.
The same problem extends to personal identity — an alias for a person’s public key provides a level of convenience (it can be memorized), but does little to protect against user misidentification.
