mirror of
https://git.sr.ht/~sircmpwn/mkproof
synced 2024-05-06 08:46:15 +02:00
56 lines
2.1 KiB
Plaintext
56 lines
2.1 KiB
Plaintext
mkproof
|
|
|
|
mkproof is a small C program for generating proofs of work.
|
|
|
|
Installation
|
|
|
|
mkproof depends only on a POSIX-like environment and a C99 compiler.
|
|
|
|
$ ./configure
|
|
$ make
|
|
|
|
This will produce three executables: mkchallenge, mkproof, and checkproof.
|
|
|
|
Usage
|
|
|
|
The situation: Bob wants Alice to do something, but Alice isn't sure if Bob is a
|
|
robot.
|
|
|
|
1. Alice runs `mkchallenge` and sends the challenge to Bob.
|
|
2. Bob runs `mkproof <challenge>` and wastes some CPU time. After several
|
|
minutes of work, a proof is printed to stdout.
|
|
3. Bob sends the proof to Alice.
|
|
4. Alice runs `checkproof <challenge> <proof>` to verify the work.
|
|
|
|
Now Alice can be reasonably confident that Bob is not a robot, and proceed with
|
|
Bob's request.
|
|
|
|
Algorithm
|
|
|
|
To make a challenge, generate 16 random bytes. Choose the argon2 iterations and
|
|
memory parameters, and the number of zeroed digits, to tune the difficulty. The
|
|
challenge string is the terms "argon2id", the iterations, memory use, and zeroed
|
|
digits as decimal integers, and the random bytes as hexadecimal, joined by ":".
|
|
|
|
To make a proof, split the challenge by ":" and verify that the first token is
|
|
"argon2id". Decode the iterations, memory, and digits parameters, and the
|
|
challenge bytes.
|
|
|
|
Repeat the following algorithm to generate proofs until an argon2id key is found
|
|
whose first N hexadecimal digits are zero, where N is equal to the digits
|
|
parameter:
|
|
|
|
1. Generate 16 random bytes (seed) and concatenate the seed and challenge bytes
|
|
to form an argon2id salt.
|
|
2. Run argon2id with the generated salt, and the memory and iteration parameters
|
|
provided by the challenge. The hash length and parallelism parameters shall
|
|
be respectively set to 32 and 1.
|
|
3. Encode the argon2id hash as hexadecimal.
|
|
|
|
When a suitable hash is found, encode the seed in hexadecimal. This is the proof
|
|
which should be transmitted to the challenger.
|
|
|
|
To verify the proof, simply run the proof algorithm with the original challenge
|
|
parameters and the challengee's provided seed and verify that the resulting
|
|
hexadecimal string is prefixed with the appropriate number of zeroes.
|