RPOW - Reusable Proofs of Work

mitd writes "Hal Finney is inviting folks to test drive his new hashcash-based server rpow.net. " The RPOW system provides for proof of work (POW) tokens to be reused. A POW token is something that takes a relatively long time to compute but which can be checked quickly." Hal's security model paper is well worth the read and his proof of concept code is available for download. "

Easier Explanation of RPOW & RPOW Uses

[diagnosis]

From the web sites:

The RPOW system provides for proof of work (POW) tokens to be reused. A POW token is something that takes a relatively long time to compute but which can be checked quickly. RPOW uses hashcash, which are values whose SHA-1 hashes have many high bits of zeros.

Possible uses for RPOW include anti-spam tokens, "play money" for use in online games and fun bets, an aid to load balancing in P2P and file-exchange systems, and more. Any system which would benefit from a form of token which can be cheaply passed from user to user, but which is expensive to create, might want to look into RPOW.

It's not clear to me that there is an obvious and immediate equivalent for RPOWs in existence. I'd be interested in hearing what people think this would be good for. It generally seems useful for making sure people do x amount of work before they are allowed to perform a task, but what can that be used for?

---------------------
Freedom or Evil: Freevil.net [freevil.net]
G. W. Bush says, "You decide!"

Proof-of-work tokens as an anti-spam measure?

[JaredOfEuropa]

For those asking what on earth (R)POW tokens are, here's one possible application (from rpow.com):

POW tokens have been proposed as a form of pseudo-payment in several applications. One example is email. An email message containing a POW token would be relatively costly to send in terms of computing power. A POW token could then be a sign that the message was not spam.

Using RPOW tokens for email would have advantages, as people could then reuse tokens from incoming email in outgoing email. Spammers will have no such advantages since almost all of their email is outgoing. Reuse allows the cost of the POW token to be much higher since most people won't have to generate them, making the system more effective as an anti spam measure.

An interesting scheme...

One potential problem I see with such an anti-spam measure is that I keep hearing about spam runs being done from many regular users' computers by means of a spamming worm infrection. Such a worm could also be adapted to generate the POW tokens... or even steal them from the users' incoming email and re-use them under this scheme! That'll be just great, having your computer not only hijacked to send out spam, but loaded down with the heavy burden of generating POW tokens.

Re:Verify

[3-State Bit]

No, I don't think so. The idea of proving you've done some work is that you have made an investment and so are not doing 100,000 such investments per second.

However this probably doesn't work [cam.ac.uk] (PDF) [or as html [66.102.9.104]].

Background (from that paper):

It is often suggested that unsolicited bulk email ("spam") is such a problem on the Internet because the current economic framework for email handling does little to discourage it. If only, it is suggested, the senders of email could be made to pay for their messages. Spammers would then cease their indiscriminate distribution of messages and email volumes would reduce as the senders targeted more carefully or just gave up altogether. Nevertheless, almost no one (other than those hoping for a handling fee) thinks that using actual money is a good way to achieve this economic utopia and even the holders of patents for "e-money" systems have failed to generate any significant enthusiasm for their wares.

However, there is an alternative to real-world money, which was first proposed by Dwork and Naor in 1992 [8]. Their idea was to have the sender of an email perform a complex computation as evidence that they believe that an email is worth receiving. The sender then proves to the recipient that this processing work has been completed and the email will then be accepted. The processing time is "free", so there is a minimal burden upon legitimate senders, but it is a finite resource, so that the spammers will not have unlimited amounts of processing time at their disposal and so cannot continue to send in bulk.

Zombie farms

[Bronster]

What a crock of a system. Let's see:

a) to be useful for anything involving third parties where you don't already have a trust relationship, this would need to be common/easy enough to get that other people already have software to support these things. That's not going to happen any time soon - it's a big enough change you may as well come up with an already secure email infrastructure [insert boilerplate "why your solution to spam is stupid" here].

b) 8 tokens per second? Puhleaze. I get that many emails through just one small server with 5 domains on it.

c) as the subject says. Zombies. In a world where thousands of low TC0 machines are sitting around running malware, it's piss-easy for the blackhat spammers to collect their 8 tokens/second by running POWer@home on their zombie farm.

BZZZZt. Strike three and you're out. Nice idea, but not practical.

Reusable Tokens

[cbr2702]

If I recieve a token from someone else, can I copy it and attach it to multiple messages? If so, what's to stop spammers from calculating one token and attaching it to a large number of messages?