mirror of
https://git.sr.ht/~sircmpwn/mkproof
synced 2024-05-06 08:46:15 +02:00
3e7a084af1 | ||
---|---|---|
COPYING | ||
README |
mkproof mkproof is a small C program for generating proofs of work. Installation mkproof depends only on a POSIX-like environment and a C99 compiler. $ ./configure $ make This will produce three executables: mkchallenge, mkproof, and checkproof. Usage The situation: Bob wants Alice to do something, but Alice isn't sure if Bob is a robot. 1. Alice runs `mkchallenge` and sends the challenge to Bob. 2. Bob runs `mkproof <challenge>` and wastes some CPU time. After several minutes of work, a proof is printed to stdout. 3. Bob sends the proof to Alice. 4. Alice runs `checkproof <challenge> <proof>` to verify the work. Now Alice can be reasonably confident that Bob is not a robot, and proceed with Bob's request. Algorithm To make a challenge, generate 16 random bytes. Choose the argon2 iterations and memory parameters, and the number of zeroed digits, to tune the difficulty. The challenge string is the terms "argon2id", the iterations, memory use, and zeroed digits as decimal integers, and the random bytes as hexadecimal, joined by ":". To make a proof, split the challenge by ":" and verify that the first token is "argon2id". Decode the iterations, memory, and digits parameters, and the challenge bytes. Repeat the following algorithm to generate proofs until an argon2id key is found whose first N hexadecimal digits are zero, where N is equal to the digits parameter: 1. Generate 16 random bytes (seed) and concatenate the seed and challenge bytes to form an argon2id salt. 2. Run argon2id with the generated salt, and the memory and iteration parameters provided by the challenge. The hash length and parallelism parameters shall be respectively set to 32 and 1. 3. Encode the argon2id hash as hexadecimal. When a suitable hash is found, encode the seed in hexadecimal. This is the proof which should be transmitted to the challenger. To verify the proof, simply run the proof algorithm with the original challenge parameters and the challengee's provided seed and verify that the resulting hexadecimal string is prefixed with the appropriate number of zeroes.