Kinetic Protocol Specification v2
A Decentralized, Identity-Centric Service Discovery Network
Version 2.0 (Formal Specification)
Abstract
Kinetic is a completely decentralized protocol that maps human-readable names to cryptographic identities (KIDs), which in turn map to service manifests. Kinetic eliminates the need for blockchains, consensus algorithms, or trusted resolution authorities by strictly utilizing verifiable delay functions (VDFs), cryptographic signatures, and a Kademlia Distributed Hash Table (DHT).
This document serves as the formal architectural specification for the Kinetic protocol, encompassing the resolution lifecycle, data schemas, empirical proofs, and light-client operational models.
1. The Formal State Machine (Protocol V2)
Ownership of a Kinetic name is an ephemeral state defined purely by cryptographic mathematics, not by database registry entries. The state of any name traverses the following lifecycle:
stateDiagram-v2
[*] --> Unclaimed
Unclaimed --> Committing : Phase 1 (Hash Broadcast)
Committing --> Active : Phase 2 (VDF Reveal)
state Active {
[*] --> Published
Published --> Refreshing : Heartbeat (drand)
Refreshing --> Published
}
Active --> Inactive : Missed Heartbeat (Δt > 0)
Inactive --> Active : Late Heartbeat Published (Δt = 0)
Inactive --> Reclaimable : Δt grows (T_steal drops)
Reclaimable --> Transferred : New User Computes T_steal
Transferred --> Active : New VDF + Heartbeat Accepted
State Definitions
- Unclaimed: The name has never been registered. $T_{\text{steal}} = T_{\text{base}}$.
- Committing: A user has anchored a blind Hash Commitment to a
drandpulse on the DHT. - Active: A valid VDF
Revealwas published, completing the Two-Phase Commit/Reveal. - Inactive: The owner has failed to publish a recent heartbeat. $\Delta t > 0$.
- Reclaimable: The owner has been inactive long enough that $T_{\text{steal}}$ has decayed to a computationally feasible threshold for a challenger.
- Transferred: A challenger successfully computed the decayed $T_{\text{steal}}$ VDF and claimed the name.
2. Empirical Protocol Economics
Kinetic’s security relies on the asymmetry of VDF verification and the Grace-Period Escalation curve. To formally prove the economic deterrents, empirical simulations were conducted.
2.1 The Escalation Curve ($T_{\text{steal}}$)
When a name becomes Inactive, the difficulty to claim it decays according to the equation:
$$ T_{\text{steal}} = T_{\text{base}} \times e^{\left(\frac{k}{\Delta t}\right)} $$
Assume $T_{\text{base}} = 10,000,000$ iterations and an adversary utilizing an ASIC computing $10^9$ iterations/second.
| Idle Time ($\Delta t$) | $T_{\text{steal}}$ (Iterations) | Estimated ASIC Time |
|---|---|---|
| 1 Hour | $\infty$ | Forever |
| 12 Hours | $1.14 \times 10^{33}$ | > Age of Universe |
| 1 Day | $1.07 \times 10^{20}$ | > 100 Years |
| 1 Week | $7.27 \times 10^{8}$ | 0.73 Seconds |
| 1 Month | $2.72 \times 10^{7}$ | 0.03 Seconds |
Conclusion: Active names are mathematically impossible to steal. Abandoned names are cleanly garbage-collected.
2.2 DHT Keyspace Dispersion (Eclipse Defense)
Kinetic stores $M=32$ redundant payloads across the Kademlia DHT using $K_i = \text{SHA256}(\text{name} \parallel i)$. A simulation generating $1,000,000,000$ names ($32,000,000,000$ derived keys) mapped into 65,536 distinct 16-bit Kademlia sectors yielded:
- Expected Keys per Sector: 488,281
- Variance: $3.24%$
Conclusion: The SHA-256 derivation provides perfect uniform dispersion. Because the keys are statistically uncorrelated, successfully censoring a name requires uniform control over the entire 256-bit DHT keyspace, making Eclipse attacks practically impossible.
3. Payload Schemas
To prevent DDoS and OOM (Out-of-Memory) attacks, all serialized JSON payloads must not exceed 64 KB (65,536 bytes). Payloads exceeding this limit are instantly dropped by DHT nodes.
3.1 The Reveal Struct (Protocol Version 2)
The core cryptographic truth that proves a user owns a name, finalizing the Two-Phase Commit.
{
"protocol_version": 2,
"name": "saif.kin",
"payload": [ 123, 34, ... ], // Contains serialized DnsZone
"salt": [ 0, 1, 2, ... ], // 32 bytes
"drand_pulse": 29970036,
"drand_randomness": "e66884daaefd...",
"iterations": 4194304,
"vdf_proof": {
"proof_bytes": [ 5, 89, ... ]
},
"pubkey": [ 1, 2, 3, ... ], // 32 bytes Ed25519
"signature": [ 4, 5, 6, ... ] // 64 bytes
}
3.2 The Kinetic Identity Document (KID)
The permanent semantic anchor of the user. To prevent spam, KIDs must be serialized using Canonical JSON Serialization (JCS) and require a 20-bit Hashcash Proof-of-Work (PoW).
{
"kid": "did:kin:ed25519-abc123def456...",
"rotation_keys": ["ed25519-xyz987..."],
"manifest_hash": "sha256-456def...",
"pow_nonce": 8493021,
"signature": "sig-kid-abc..."
}
3.3 The Capability Manifest
The mapping of the Identity to concrete services. Also requires a 20-bit Hashcash PoW.
{
"services": {
"website": {
"type": "ipv4",
"endpoint": "198.51.100.14"
},
"api": {
"type": "grpc",
"endpoint": "api.saifmukhtar.dev:443"
},
"nostr": {
"type": "websocket",
"endpoint": "wss://relay.kinetic.network"
}
},
"pow_nonce": 9238471,
"signature": "sig-kid-abc..."
}
4. The Resolution Algorithm
Kinetic supports “trust-minimized light clients”. A browser does not need to run a DHT node; it simply requests data from untrusted HTTP gateways and verifies the payloads locally.
The Client-Side Resolution Flow:
- Fetch: Client requests payloads for $K_1 \dots K_{32}$ from 3 independent public Gateways.
- Collect: Client aggregates the JSON payloads.
- Verify Signatures: Discard any payload where the Ed25519 signature fails.
- Verify VDF: Discard any payload where the Chia Class Group VDF validation fails.
- Deterministic Selection:
- Select the payload with the oldest valid
drand_pulse(Initial Commitment). - If tied, resolve via XOR Tie-Breaker: Sort payloads by the XOR distance of their VDF output to the subsequent
drandpulse. Evaluate heavy VDF verification lazily over this sorted list to prevent async executor starvation.
- Select the payload with the oldest valid
- Extract Identity: Output the
pubkeyof the winning payload.