Hashcash is a proof-of-work system used to limit spam emails and denial of service attacks, and more recently it has become famous for its use in bitcoin (and other cryptocurrencies) as part of the mining algorithm. The hashcash was proposed in March 1997 by Adam Back. [1]
How does it workHashcash is a proof-of-work algorithm (deters DOS attacks and other abuse of service) that requires a selectable amount of work to be performed, where such proof of efficiency can be shown without any problems. For using this method via email, a textual code of a hashcash is added to the email header to prove that the sender has taken the time to use a small amount of CPU, calculating the stamp before sending the email. In other words, if the sender has used a certain amount of time to generate the stamp and send the email, it is very unlikely that they are a spammer. The recipient can, at a negligible calculation cost, verify that the stamp is valid. However, the only known way to find the header with the necessary properties is through brute force, trying random values, until the answer is found. However, while parsing a single string is easy, being able to find a satisfactory answer is just as difficult, and this will involve a considerable number of attempts to find the answer. The hypothesis is that spammers, whose business model is based on the ability to send a large quantity of emails at a low cost per message, stop making a profit if there is even a small extra cost for each. spam sent. The recipient can check if the sender has made such an investment and use the results to filter and secure the emails. Technical details The header line looks like this: [2] X-Hashcash: 1: 20: 1303030600: adam@cypherspace.org :: McMybZIhxKXu57jd: ckvi The header contains: • ver: hashcash version format, 1 (replacing version 0). • bits: number of (zero) “pre-image” bits in the hash code. • date: the time at which the message was sent, in the format YYMMDD [hhmm [ss]]. • resource: string of the data resource that is transmitted, eg. IP address or email address. • ext: extension (optional; ignored in version 1). • rand: string of random characters, encoded in base-64 format. • counter: binary counter (up to 220), encoded in the base-64 format. The header contains the date of the message, the information proving that the required calculations have taken place, and the recipient's email address, which is why each header must be calculated differently for each recipient. The date allows the recipient to record the headers recently received and make sure that the latter are unique to the e-mail message. Sender side The sender prepares a header and sets a counter value initialized to a random number. Then the hash of the 160-bit SHA-1 header is calculated. If the first 20 bits (e.g. the first 5 hexadecimal digits) of the hash are all zero, then the header is acceptable. If not, then the sender increments the counter and tries the hash one more time. Out of 2160 hash values, only 2140 hash values meet this criterion. Therefore, the probability of randomly obtaining a header that has 20 zeros at the beginning of the hash is 1 in 220. The number of attempts that the sender must try to obtain a valid hash code is modeled by the geometric distribution. The sender will have to try an average of 220 values to find a valid header. Given reasonable estimates of the time it takes to calculate the hash, it will take about a second to find the correct header. Nowadays, there are no more effective methods known to find a valid header. A normal user using a desktop PC is not significantly bothered by the process time used to generate a hashcash string. However, spammers will suffer greatly, considering the large amount of spam messages they send. Recipient's side Technically, the system is implemented with the following phases: • The recipient's computer calculates the 160-bit SHA-1 hash of the entire string. The calculation time taken by a 1 GHz machine is about two microseconds, much less time than it takes to receive the rest of the email. If the first 20 bits are not all zero, the hash is invalid. • The recipient's computer checks the date inside the header (e.g., "060409", which represents 9 Apr 2006). If that date is not within the two days prior to the current date, then the hash string is invalid. • The recipient's computer checks if the email address in the hash code matches any valid registered email address of the sender, or matches any mailing list to which the sender is subscribed. • The recipient's computer adds the hash string to a database. If that string already exists, then the hash string is invalid. If the hash string passes all these tests, it is considered valid. All of these tests take much less time and disk space than receiving the full body of the email. Advantages and disadvantages The hashcash system, compared to micropayment proposals, has the advantage that no amount of money is involved. Neither the sender nor the recipient has to pay, and thus the administrative problems involved with all micropayment systems are completely avoided. On the other hand, as hashcashes require potentially significant computing resources to use for each email sent, it's somewhat difficult to tune in the right amount of average time you want, with clients taking time to compute a valid header. . This can mean sacrificing accessibility to low-end embedded systems, or running the risk of hostile hosts not being challenged enough to provide effective spam filtering. The hashcash is also quite simple to implement within email agents and spam filters. There is no need for a central server. The hashcash can be implemented incrementally - the extra header of the hashcash is ignored when it is received by email clients that cannot interpret it. A plausible analysis [3] concluded that only one of the following cases is likely: either non-spam emails will be blocked due to the sender's lack of computing power, or the spam will still get through. An example of both cases includes, respectively, a centralized email topology (mailing list), where some servers have to send huge quantities of legitimate emails, and botnets or cluster farms with which spammers can enormously increase their computing power. Most of these problems can be addressed. For example, botnets could vanish quickly as users could notice the high CPU load and take countermeasures, and mailing list servers could be registered in white lists on subscriber hosts and thus alleviate hashcash provocations. [Without source] Another problem analyzed is that, according to Moore's law, computers are getting faster every day. Therefore the difficulty of the required calculations must be increased over time. Be that as it may, developing countries can be expected to use old hardware, which means that they may find it very difficult to participate in this email system. This also happens in more developed countries, to low-income individuals who cannot afford the most up-to-date hardware. Like hashcash, cryptocurrencies use a hash function, as proof-of-work systems do. The rise of cryptocurrencies has created a demand for ASIC-based mining machines (circuits created specifically for a purpose). Although most cryptocurrencies use the SHA-256 hash function, the same ASIC technology could be used to create hashcash solvers that are three times faster than a normal CPU, reducing the computation hurdle for spammers. Applications Bitcoin mining Unlike hashcashes in mail applications, which rely on the recipient to manually set up an amount of work intended to deter malicious senders, the Bitcoin cryptocurrency network employs a different hash-based proof-of-work that makes bitcoin mining competitive. . A bitcoin miner runs a program on the PC that collects all unconfirmed transactions from online coin traders. With other data, this can form a block and make money for the miner, but the block is only accepted by the network when the miner discovers a "nonce" number (arbitrary number that can only be used once) by a trial and error method. that when included in the block, it returns a hash with a sufficient number of zero bits to reach the goal of hindering the network. The blocks accepted by the miners form a bitcoin blockchain, which is a growing ledger made up of all bitcoin transactions since the coin's first creation. While hashcashes use SHA-1 hash policy and need the first 20 hash bits out of 160 to be zero, bitcoin proof-of-work uses two more SHA-256 policy hashes, which originally required that at least the first 32 out of 256 hash bits were zero. Be that as it may, the bitcoin network periodically resets the difficulty level to keep the average number of block creations at 6 per hour. Spam filters Hashcashes are used as a potential solution to false positives (or "false alarms", meaning a result indicating that a given condition exists, although it does not exist) with automated spam filtering systems, as legitimate users will rarely be disturbed from the excess of time it takes to find a stamp. [4] The SpamAssassin was able to find hashcash stamps from version 2.70, assigning a negative (i.e. less likely spam) score to valid, unspent hashcash stamps. However, although the hashcash plugin is theoretically active by default, it still needs to be configured with a list of address patterns that must match the hashcash resource fields, so it doesn't actually work by default. Email client On SourceForge, the Penny Post software project [5] implements hashcash in the Mozilla Thunderbird email client [6]. The project gets its name from the fact that some email services cost the sender only a penny. Blogs Just like emails, blogs are very often victims of spam. Some blog owners have used hashcash scripts written in JavaScript to slow down spammers. [7] Some scripts claim to implement hashcash, but in reality they depend on JavaScript obfuscation that forces the client to generate a matching key; although all this requires computing power, no hashcash algorithms or hashcash stamps are used.