[hashcash] Re: key management and signatures

• From: Justin Guyett <justin-hashcash@xxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Wed, 2 Jun 2004 03:26:54 +0000

On 2004-06-02T01:52:15+0100, Jonathan Morton wrote:
> The signature is done on the hashcash token, which makes it unique per 
> message without having to do PGP-style tricks with the message body.  
> It does mean the signature has to be in it's own header, but it's still 
> only valid if the hashcash is, and the key can still be selected and 
> distributed using the hashcash extension field.
> 
> The hashcash doesn't have to be full-strength to have a signature 
> attached to it - even 8 bits (a trivial amount) is probably enough.  It 
> does need to be robustly unique to the message, so a good double-spend 
> database design is important.

Is this right (one direction only):

Alice->Bob:
 X-Hashcash: 1:30:date:bob:token=nonce:...
(result: accepted, whitelist token nonce)

Alice->Bob:
 X-Hashcash: 1:25:date:bob:...
 X-Token: sha1(sha1(stamp) . "nonce")
(result: accepted)

So how does Bob know to look up token "nonce" when he gets a message from
Alice?  Is the token database keyed on "From:"?

> I don't know much about cryptography, but I can think of several ways 
> of performing the signature that - theoretically at least - make key 
> generation and distribution simple and cheap.  One such way is to 
> concatenate the base64 representation of the hashcash token's SHA-1 
> output with the key itself, and use the SHA-1 of that as the signature.

Why hash the secret after it's already been transmitted in the open?
It'd be very simple to do this:

Alice->Bob:
 X-Hashcash: 1:30:...
 X-Token: 20040630:nonce

30 bits is okay for first-time senders; Bob stores {20040630:nonce, 30}.
If Bob's postage goes up in the future, he knows how much Alice paid to
get that token whitelisted, and can act accordingly.

Alice->Bob:
 X-Hashcash: 1:25:...
 X-Token: 20040630:nonce

Bob checks to make sure 25 bits is okay for subsequent message delivery.
Bob then looks up the token, checks that the original stamp value, 30, is
still okay, and lets the message through.

Make the tokens 16+ character hex or base64 or pure alphanumeric and
they'd be impractical to guess.  It's trivial to implement, so long as
both Alice and Bob are using hashcash.

-- 
"Not your decision to make."
"Yes.  But it's the right decision, and I made it for my daughter."
 - Bill, Beatrix; Kill Bill Vol. 2

• Follow-Ups:
  • [hashcash] Re: key management and signatures
    • From: Jonathan Morton

• References:
  • [hashcash] Re: hashcash 1.0-pr3
    • From: Justin Guyett
  • [hashcash] Re: key management and signatures
    • From: Jonathan Morton

Other related posts:

• » [hashcash] Re: key management and signatures
• » [hashcash] Re: key management and signatures
• » [hashcash] Re: key management and signatures
• » [hashcash] Re: key management and signatures

1. Home
2. hashcash
3. Archive
4. 06-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---