2026年7月6日から7月9日にかけてオーストラリアで開催される31st Australasian Conference on Information Security and Privacy (ACISP 2026)にて、当研究員の小林蒼一朗、伊藤大貴、渡邉卓弥、高田雄太、熊谷裕志、神薗雅紀が投稿した研究論文が採択されました。
Empirical Analysis of Misdirected Payment Risks from Name Collisions in Blockchain Naming Services
著者:Soichiro Kobayashi, Daiki Ito, Takuya Watanabe, Yuta Takata, Hiroshi Kumagai (DTCY), Masaki Kamizono (DTCY/DTSI)
概要:The adoption of blockchain naming services (BNSs) in cryptocurrency transactions has increased rapidly. By enabling users to replace complex wallet addresses with human-readable blockchain names (BNs), BNSs improve transaction usability. However, as each BNS independently manages its own namespace without a centralized coordinating authority, name collisions, where the same BN is registered across different BNSs and resolves to different wallet addresses, can occur. This study examines the risk of misdirected payments caused by name collisions across BNSs and reveals their practical impact. We first surveyed 17 BNSs and observed the occurrences of name collisions across services at both the top-level domain and second-level domain levels. We then systematically identified the preconditions and risk factors for misdirected payments and empirically evaluated wallet behavior by intentionally registering colliding BNs across multiple BNSs and testing name resolution on the wallet application. Our results reveal that the wallet does not allow users to select among multiple-resolution candidates, provides insufficient information for users to verify the resolution results, exhibits inconsistent resolution behavior depending on internal state, and provides no collision warnings. Collectively, the limitations present realistic misdirected payment risks. We further discuss practical threat models focusing on social network account impersonation and lookalike-address generation. Based on these findings, we suggest countermeasures for wallet developers, BNS providers, and users, and then discuss the feasibility of wallet-independent name collision detection.