IETF Logo Mail Archive

Re: [Asrg] E-postage from first principles

Jonathan Morton <chromi@chromatix.demon.co.uk> Thu, 29 April 2004 19:42 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23792 for <asrg-archive@odin.ietf.org>; Thu, 29 Apr 2004 15:42:35 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJHA5-0005vd-Vo for asrg-archive@odin.ietf.org; Thu, 29 Apr 2004 15:25:34 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3TJPX1S022789 for asrg-archive@odin.ietf.org; Thu, 29 Apr 2004 15:25:33 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJH4J-0002W1-VR for asrg-web-archive@optimus.ietf.org; Thu, 29 Apr 2004 15:19:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA21862 for <asrg-web-archive@ietf.org>; Thu, 29 Apr 2004 15:19:32 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BJH4D-0003ob-I4 for asrg-web-archive@ietf.org; Thu, 29 Apr 2004 15:19:29 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BJH3L-0003lR-00 for asrg-web-archive@ietf.org; Thu, 29 Apr 2004 15:18:36 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BJH2z-0003hS-00 for asrg-web-archive@ietf.org; Thu, 29 Apr 2004 15:18:13 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJGhv-00048h-CY; Thu, 29 Apr 2004 14:56:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJFpn-0000jH-Ux for asrg@optimus.ietf.org; Thu, 29 Apr 2004 14:00:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA17237 for <asrg@ietf.org>; Thu, 29 Apr 2004 14:00:29 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BJFpi-0002I9-9l for asrg@ietf.org; Thu, 29 Apr 2004 14:00:26 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BJFom-00021X-00 for asrg@ietf.org; Thu, 29 Apr 2004 13:59:28 -0400
Received: from chromatix.demon.co.uk ([80.177.102.173] helo=lithium.chromatix.org.uk) by ietf-mx with esmtp (Exim 4.12) id 1BJFoG-0001lA-00 for asrg@ietf.org; Thu, 29 Apr 2004 13:58:56 -0400
Received: from arowana.chromatix.org.uk ([192.168.239.106]) by lithium.chromatix.org.uk with esmtp (Exim 4.31) id 1BJFoI-0005J6-91; Thu, 29 Apr 2004 18:58:58 +0100
In-Reply-To: <20040429171224.12313.qmail@xuxa.iecc.com>
References: <20040429171224.12313.qmail@xuxa.iecc.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <E2F83E5F-9A06-11D8-AC75-000393863768@chromatix.demon.co.uk>
Content-Transfer-Encoding: 7bit
Cc: asrg@ietf.org
From: Jonathan Morton <chromi@chromatix.demon.co.uk>
Subject: Re: [Asrg] E-postage from first principles
To: John Levine <asrg@johnlevine.com>
X-Mailer: Apple Mail (2.613)
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 29 Apr 2004 18:58:57 +0100
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

>>> Receipient rate limiting might take the form of hashcash, although
>>> that seems too easily circumvented so long as the bad guys have
>>> zombies to do their hashing.
>>
>> This is a quantitative rather than qualitative argument against
>> hashcash, which is easily answered by increasing the bit count 
>> demanded
>> by the recipient, if it seems it's not having enough effect.
>
> The problem is that if you increase the bit count demanded from the
> bad guys, you also increase the bit count demanded from the good guys.
> Since the bad guys have more computers at their disposal than the good
> guys do, if you demand a big enough hash from the bad guys to deter
> them, you're going to lock out the good guys altogether, e.g., demand
> a hash from Aunt Sadie that will limit her 486 to one e-mail message a
> week.
>
> You might want to demand larger hashes from bad guys from good guys,
> but if you could tell which was which, you could reject the bad guys'
> mail outright and dispense with the hashes.

Note that SHA-1 is noticeably more computationally expensive on x86 
than most RISC platforms (or, probably, AMD64), which automatically 
makes the present incarnation of hashcash biased against the current 
crop of Wintel zombies.  As a point of comparison, it takes about 2500 
cycles per hash on an Athlon-XP, versus only 1000 on a PowerPC G3 or 
G4.  This has positive implications for third-party vendors - see 
below.

I've partially worked out a scheme which offers two solutions to this 
problem:

- Users with low-end machines (including handhelds) may buy hashcash 
tokens from a stand-alone third party vendor.  This doesn't require the 
micropayment infrastructure that full-blown e-postage needs.  Hashcash 
vendors need only recoup their own costs, thus a competitive market is 
easy to achieve without any need for regulation.

- The stamp optionally includes a signature to facilitate whitelisting. 
  This can reduce the hashcash demanded from regular correspondents to 
as low as 8 bits, which is computationally trivial - thus even low-end 
users will not normally need to buy tokens regularly.  Unlike existing 
high-confidence schemes like PGP and S/MIME, it is only for 
reasonable-confidence identification of regular correspondents, and as 
such is considerably more lightweight and doesn't require anything of 
the message body.

Can anyone shed some light on how many cycles a Z80 processor would 
take to handle a typical SHA-1 hash cycle?  Since derivatives of the 
Z80 may still be used in a few of the lowest-end handhelds, I'd like to 
have a handle on how long it would take for it to generate the 
"computationally trivial" 8-bit hashcash token that the signature 
requires.  If nobody happens to have a Z80 and a compiler to hand, I'll 
put in some work and try it for the 6502 instead - I have a handful of 
old BBC Micros lying around.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi@chromatix.demon.co.uk
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email