The proof of the technical workload behind Hashcash has shaped the digital currency research more than ten years after its birth.
Original title: “Dry Goods | Creation Document: How Adam Back Designed the Engine of Bitcoin”
Written by: Aaron Van Wirdum
Translation: Ajian
[Announcement] Hachcash stamp implementation
On March 28, 1997, more than 2,000 subscribers to the cypherpunk mailing list received an email with the quote above. The sender is a 26-year-old British, a postdoctoral fellow at the University of Exeter. This young cryptographer uses the name Dr. Adam Back in the mailing group and is also a highly productive contributor to the mailing group. The explanation and simple implementation contained in this email are named by the author as “Postage Scheme Based on Partial Hash Collision”-in fact, it is equivalent to a postage stamp used on emails, except that it is based on a beautiful cryptographic scheme .
“The reason for using partial hashes is that the computational cost can be increased arbitrarily,” Back wrote, “but it can be verified immediately.” This is how he explained the advantages of this system.
The cryptographer of the year has now become the CEO of Blockstream, but the email did not generate much response at the time: only one reader replied, and the discussion was about the technical issues of choosing the hash algorithm. However, the technology behind Hashcash-Proof of Work-has shaped the digital currency research more than a decade after its birth.
To impose a price on task processing to combat spam
Back’s Hashcash is not the pioneer of similar solutions.
As early as the early 1990s, the prospects of the Internet, especially the advantages of e-mail systems, were already obvious to concerned technicians. However, the Internet pioneers at that time also realized that the e-mail system had its own problems.
“Especially, sending e-mails is simple and low-cost, and you can send the same message to many people. That will definitely lead to abuse.” IBM researchers Dr. Cynthia Dwork and Dr. Moni Naor wrote in their publication in 1992 This is explained in the white paper. The white paper is titled “Fighting against spam by imposing a price on task processing.”
Indeed, with the popularity of e-mail, spam has also emerged one after another.
A solution is needed, and early Internet users agree-one of them is provided by Dwork and Naor’s papers.
Their solution is: the person who sends the email, every time an email is sent, some data must be attached to the email. The data needs to be a solution to a mathematical problem, and the problem raised by each email is unique. Specifically, Dwork and Naor proposed three candidate puzzle forms that can be used in this scenario, all based on public key cryptography and signature schemes.
It is not difficult to add a solution to an email. Ideally, it only needs the processing power of an ordinary computer, just a few seconds, and the recipient can easily check its validity. The interesting part is here: For advertisers, fraudsters, and hackers, even if an email only needs a little processing power, it will accumulate high costs, because they all want to send thousands or even a few at a time. Millions of messages. In theory, the cost of spamming can be very high and unprofitable.
“The main idea is to allow users to calculate a function that is moderately difficult and not tricky, and then they can gain access to resources, thereby preventing abuse,” Dwork and Naor explained.
Although Dwork and Naor did not invent the term, the solutions they proposed were later known as “Proof of Work”. Users must show the results of their computer work to prove that they spent real-world resources.
What a beautiful plan, but unfortunately it may be too advanced. This scheme was only circulated within a small circle of computer scientists, and it has never received widespread attention.
Adam Back and cypherpunk
At the same time that Dwork and Naor published their white papers, a group of privacy activists with Libertarian tendencies also began to realize the powerful potential of the Internet. This group of people with the same ideology began to form a mailing group dedicated to discussing techniques for enhancing privacy. Like Dwork and Naor, these “cypherpunks”-which is what people later call them-use updated cryptography to achieve their goals.
A few years later, Adam Back — he got his PhD in 1996 — became one of the most active participants in this mailing group, sometimes sending dozens of emails a month. Like other cypherpunks, he is also passionate about topics such as privacy, freedom of speech, and libertarianism, and he is also involved in such things as “anonymous relay merchants”, encrypted file systems, electronic cash (invented by Dr. David Chaum) ) And other topics in technical discussions.
But for a while, Back’s most well-known deed may be the printing and sale of “arms” tops: T-shirts printed with encryption technology agreements, intended to point out that the US government exported Phil Zimmermann’s PGP (Pretty Good Privacy) encryption program. The absurdity of the “arms” regulations in the control law. If you put on Back’s clothes and leave the United States across the border, then you become an “arms exporter.”
Like most people, Back did not notice Dwork and Naor’s Proof of Work proposal. But in the mid-1990s, he had also been thinking about using similar methods to fight spam, sometimes making “high-profile” speeches in the cypherpunk mailing group.
For example, in the context of adding more privacy to forwarders, Back commented: “One of the benefits of using the PGP protocol is that the PFP encryption method imposes some overhead on the spammer-he can encrypt every second The number of messages should be less than the amount needed to blast a T3 link.” This is like the idea of Dwork and Naor.
The cypherpunk mail group grew rapidly in five years. It started as an online discussion platform for a small group of people who started a startup in the San Francisco Bay Area, and then it became a small Internet phenomenon with thousands of subscribers – and often emails were too many to come over.
It was during this period—in 1997, when the number of mail groups approached its peak—Back proposed his Hashcash.
Hashcash
Hashcah is similar to the anti-spam solutions of Dwork and Naor, and the purpose is the same, but Back proposes some additional uses, such as resisting the abuse of anonymous relayers. But as the name implies, the foundation of Hashcash is not the same as that used by Dwork and Naor. It is based on a hash algorithm.
A hash algorithm is a cryptographic tool that can accept arbitrary data—whether it’s a letter or an entire book—as input, and then output a number of a certain length and seemingly irregular.
For example, the SHA-256 hash value of the sentence “This is a sentence” is the following hexadecimal number:
“Convert” to a regular decimal number is:
The binary form is:
However, the SHA-256 hash value of “This, is a sentence” is:
As you can see, just inserting a punctuation will produce a completely different hash value. Moreover, it is important that the hash values of both sentences are completely unpredictable; even if you know the hash value of the first sentence, you cannot deduce the hash value of the second sentence from it. If you want to know, the only way is to actually run the hash calculation.
Hashcash uses this mathematical tool very cleverly.
In Hashcash, the metadata of the mail (such as “sender address”, “recipient address”, sending time, etc.) are all formalized as an agreement. In addition, the sender of the email must add a random number to this part of the metadata, called “nonce”. All these metadata, including this “nonce”, (after entering the hash function) can get a hash value, and this hash value will also look like the random number shown above, which is out of order.
The secret is: not just any hash value can be counted as “valid.” The binary form of the hash value must start with a predetermined number of “0” to be valid; for example, it must start with 20 “0”s. The sender must find a certain nonce, so that there must be 20 “0”s at the beginning of the hash value. However, he cannot know in advance which nonce can do this.
Therefore, in order to obtain such a valid hash value, the sender has only one way: trial and error (that is, “brute force calculation”). He can only keep trying different nonces until he finds an effective combination. Otherwise, TA’s mail will be rejected by the recipient’s mail client. Just like Dwork and Naor’s solution, Hashcash also requires computational resources: this is a proof-of-work system.
“If the email does not come with a 20-digit hash value… your program will pop up a statement explaining that you need to pay the postage for sending the email and where you can get the right software,” Back explained in the cypherpunk mailing group, “This Spammers can be bankrupt overnight, because 100 0000 x 20 = 100 MIP years, which is much greater than their computing power.”
It is worth noting that Back’s proof of work system is more random than Dwork and Naor’s. Their solution requires only one puzzle to be solved, which means that a faster computer will always solve it faster (compared to a worse computer). But statistically, the slower computer in Hashcash also has a chance to find the correct solution faster.
(For example, if someone runs faster than others, TA can win every time in a sprint competition. But if someone just buys more lottery tickets, there is always a chance that other people will be better than him— — It’s just that you won’t win prizes so often.)
The scarcity of the digital world
Similar to the fate of Dwork and Naor’s proposals, Hashcash has never made much progress. Back explained Hashcash in detail in the 2002 white paper. Apache’s open source SpamAssassin (spam filtering) platform implements it, and Microsoft is also using the idea of proof of work in an incompatible “email postmark” format. Back and other scholars have been working on different applications for this solution for years, but they have not received much attention. For most potential applications, the lack of network effects makes them difficult to start.
However, Dwork and Naor and Back (independent research) did create something. One of the most powerful features of digital products is that they can be easily copied. Proof of work is essentially the first concept of virtual scarcity that does not depend on the center: it combines electronic data with the real world and limited Computing resources are tied together.
And scarcity, undoubtedly, is a prerequisite for money. In fact, Back clearly placed Hashcash in the currency category in his cypherpunk email speeches and white papers, in contrast to the only digital cash in the world (Chaum’s DigiCash) at the time.
“Before digicash is widely used, Hashcash may be able to provide a temporary measure,” Back said in the mailing group. “Hashcash is free. You only need to consume some calculations on your computer to get it. This is consistent with With a freely expressed online culture, people with financial constraints can also have equal conversations with millionaires, retired government officials, etc. (and) if digicash has a problem (it is taken over or required to keep the user’s identity information), Hashcash can also provide one A backup plan to control spam.”
However, apart from this name, Hashcash does not serve as a kind of mature cash (the proposal of Dwork and Naor certainly does not work). Perhaps more importantly, the proof of workload “received” by the recipient is of no use to him. Unlike currency, you can spend it elsewhere. In addition, because of the increasing performance of computers, they can generate more and more proofs in the same amount of time-Hashcash will suffer hyper-inflation.
Apart from everything else, what the proof of work provides is a brand new foundation for digital currency research. Most of the later important digital currency solutions were built on top of Hashcash, which generally allowed proof of work to be reused (Hal Finney’s “Reusable Proof of Work (PROW)” is the most obvious example) .
Bitcoin
Of course, in the end, Proof of Work has become the cornerstone of Bitcoin, and Hashcash is also one of the few references in the Bitcoin white paper.
However, Bitcoin’s use of Hashcash (or its variants) is very different from what others have previously proposed. Unlike Hashcash and other Hashcash-based solutions, the scarcity provided by the proof of work itself is not directly used as currency in Bitcoin. In fact, Hashcash is used to create a kind of competition: no matter which miner first produces a valid proof of work—that is, the hash value of a Bitcoin transaction block—TA determines which transaction is the next one. The batch is processed. At least in theory, everyone competes on an equal footing: Much like a lottery, even a small miner has a probability of being the first person to create an effective workload at a certain location.
Furthermore, every time a block is mined, it confirms a batch of transactions, which are unlikely to be cancelled. The attacker must prove that he has done at least the same amount of work as the block that was mined first (the block producer), and this amount will continue to accumulate as subsequent blocks appear. Under normal circumstances, This difficulty will increase exponentially. Therefore, the real-world resources required for deception are generally greater than the potential gains from deception. Recipients of Bitcoin transactions also have confidence that the money they receive will not disappear out of thin air.
This method of using Hashcash can be described as killing two birds with one stone: it not only solves the “multiple payment problem” in a decentralized way, but also provides a way for new coins to enter circulation without a centralized issuer.
Hashcash has not become the first electronic cash system-Ecash has taken the lead, and proof of work itself cannot be actually used as currency. But without it, a decentralized digital cash system may not have emerged so far.
Source link: bitcoinmagazine.com
