[hashcash] Re: Hashcash performance improvements

  • From: Jonathan Morton <chromi@xxxxxxxxxxxxxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Sat, 29 May 2004 00:03:51 +0100

> The other objective is if it fits inside one SHA1 block it helps the
> recipient verify the stamp faster.
>
> This makes a slight conflict between the senders interests and the
> receivers (hostile sender may send massive stamp which costs nothing
> extra practially to compute).  If we cared about this we would ideally
> want to enforce small stamps on sender (measured in SHA1 blocks) to
> make the receivers verification fast.  Simple "enforcement" would be
> if it cost the sender disproportionately more.

This is not significant.  Say the "average" P4-based server, using a 
normal 1-pipe scalar SHA-1 routine, can process 1 million chained 
blocks per second - this is clearly a reasonable assumption, if we just 
add a little overhead to the fastmint results.

Since each block is 64 bytes, to saturate this capacity an attacker 
would have to send a minimum of 64 MB/sec worth of mail to the server, 
even if the hashcash token took up the vast majority of each mail.  
This would be a DoS by almost anyone's standards - it's effectively the 
bandwidth limit of Gigabit Ethernet - and should be easy enough to 
detect and block by conventional means.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi@xxxxxxxxxxxxxxxxxxxxx
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


Other related posts: