mirror of
https://git.sr.ht/~sircmpwn/mkproof
synced 2024-05-06 04:36:09 +02:00
Initial commit
This commit is contained in:
commit
3e7a084af1
|
@ -0,0 +1,19 @@
|
||||||
|
Copyright © 2017 Drew DeVault
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the “Software”), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||||
|
of the Software, and to permit persons to whom the Software is furnished to do
|
||||||
|
so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
|
@ -0,0 +1,55 @@
|
||||||
|
mkproof
|
||||||
|
|
||||||
|
mkproof is a small C program for generating proofs of work.
|
||||||
|
|
||||||
|
Installation
|
||||||
|
|
||||||
|
mkproof depends only on a POSIX-like environment and a C99 compiler.
|
||||||
|
|
||||||
|
$ ./configure
|
||||||
|
$ make
|
||||||
|
|
||||||
|
This will produce three executables: mkchallenge, mkproof, and checkproof.
|
||||||
|
|
||||||
|
Usage
|
||||||
|
|
||||||
|
The situation: Bob wants Alice to do something, but Alice isn't sure if Bob is a
|
||||||
|
robot.
|
||||||
|
|
||||||
|
1. Alice runs `mkchallenge` and sends the challenge to Bob.
|
||||||
|
2. Bob runs `mkproof <challenge>` and wastes some CPU time. After several
|
||||||
|
minutes of work, a proof is printed to stdout.
|
||||||
|
3. Bob sends the proof to Alice.
|
||||||
|
4. Alice runs `checkproof <challenge> <proof>` to verify the work.
|
||||||
|
|
||||||
|
Now Alice can be reasonably confident that Bob is not a robot, and proceed with
|
||||||
|
Bob's request.
|
||||||
|
|
||||||
|
Algorithm
|
||||||
|
|
||||||
|
To make a challenge, generate 16 random bytes. Choose the argon2 iterations and
|
||||||
|
memory parameters, and the number of zeroed digits, to tune the difficulty. The
|
||||||
|
challenge string is the terms "argon2id", the iterations, memory use, and zeroed
|
||||||
|
digits as decimal integers, and the random bytes as hexadecimal, joined by ":".
|
||||||
|
|
||||||
|
To make a proof, split the challenge by ":" and verify that the first token is
|
||||||
|
"argon2id". Decode the iterations, memory, and digits parameters, and the
|
||||||
|
challenge bytes.
|
||||||
|
|
||||||
|
Repeat the following algorithm to generate proofs until an argon2id key is found
|
||||||
|
whose first N hexadecimal digits are zero, where N is equal to the digits
|
||||||
|
parameter:
|
||||||
|
|
||||||
|
1. Generate 16 random bytes (seed) and concatenate the seed and challenge bytes
|
||||||
|
to form an argon2id salt.
|
||||||
|
2. Run argon2id with the generated salt, and the memory and iteration parameters
|
||||||
|
provided by the challenge. The hash length and parallelism parameters shall
|
||||||
|
be respectively set to 32 and 1.
|
||||||
|
3. Encode the argon2id hash as hexadecimal.
|
||||||
|
|
||||||
|
When a suitable hash is found, encode the seed in hexadecimal. This is the proof
|
||||||
|
which should be transmitted to the challenger.
|
||||||
|
|
||||||
|
To verify the proof, simply run the proof algorithm with the original challenge
|
||||||
|
parameters and the challengee's provided seed and verify that the resulting
|
||||||
|
hexadecimal string is prefixed with the appropriate number of zeroes.
|
Loading…
Reference in New Issue