hash cash and email from Cem Karan on 2001-04-28 (www-talk@w3.org from March to April 2001)

From: Cem Karan <Cem.Karan@usa.alcatel.com>
Date: Sat, 28 Apr 2001 10:40:31 -0400
CC: www-talk@w3.org
Message-ID: <3AEAD65F.BB220840@usa.alcatel.com>
This should actually be aimed towards any group writing the RFCs
associated with email, but I don't know of a mailing list directly
associated with them. 

I know the international nature of this mailing list, and I don't know
if everyone knows the definition of 'spam' as used in the USA.  Spam is
unsolicited bulk email, kind of like what this mailing list has been
subjected to recently.  I mention this because spam has started to make
the usefulness of email go down.  My personal inbox usually has a ratio
of about 3:1 of spam:useful mail.  This is probably going to get worse
as time goes on.  Currently, there are several different strategies to
cope with it, but they all deal with the same fundamental
problem/blessing of email: there is virtually no cost associated with
sending a message.  Direct mail advertisers must spend money in order to
send you mail.  This imposes a low, but totally negligible cost.  The
cost helps limit the amount of mail that can be sent out.  

Email, as I said before, has a very low, almost negligible cost
associated with it.  If we could introduce an artificial cost, one that
is easy to implement, then there would be dissentive to bulk emailers. 
A possible way of introducing a cost is through hash cash.  The idea is
based on brute force cryptanlysis.  In order to break an unknown
cryptographic message, you must try to calculate all of the possible
keys, matching them to the message.  Eventually, you will find the key,
and break the message.  However, to do so takes time.  And that is what
breaks a spammer.  If it takes time to send messages, they can't send
them to everyone in the world.  

Here is how the scheme works:
As a user, you are allowed to create any number of hash keys, each of
which can be any length that you wish.  You can invalidate and create
new keys at any time (This would require secure validation that proves
that only you are trying to invalidate or create new keys.  Otherwise,
anyone can create a new simple to break key in your name, and continue
to send you messages) When someone wants to send you a message, they
need to break one of the keys before they can send you the message. 
People you don't know will most likely try to break the shortest/weakest
key as that will take the least amount of time.  People you know can be
given the key to one of the longer hashes, which will allow them to
break the hash immediately, instead of having to use brute force. 
Anyone who doesn't have the key can still try a brute force attack, but
if the key is long enough, then this will take an extraordinary amount
of time, severely limiting the number of people that they can spam.  The
result is a system that has an associated cost that is user controllable
and easy to update.  

See
http://www.cypherspace.org/~adam/hashcash/
for more details and an implementation that you can play with.

There is one major problem with this though.  It would require a major
overhaul of the email systems that are in place.  This would not be
negligible.  I think that it would be worth the costs, but I would like
to know what others thought as well.

Cem Karan
Received on Saturday, 28 April 2001 10:40:45 UTC