dotya.ml/ mkproof
2
0
Fork 0
mirror of https://git.sr.ht/~sircmpwn/mkproof synced 2024-05-12 18:56:22 +02:00
Code Releases Activity
658 Commits 1 Branch 1 Tag 5.1 MiB
TeX 64.7%
C 32.2%
Makefile 1.5%
Shell 0.9%
PowerShell 0.4%
Other 0.3%
Go to file
Drew DeVault 97bfdd7ead Tune defaults 2020-11-25 13:51:59 -05:00
argon2i Add 'argon2i/' from commit '440ceb9612d5a20997e3e12728542df2de713ca4' 2020-11-25 10:48:57 -05:00
doc Tune defaults 2020-11-25 13:51:59 -05:00
include Implement everything 2020-11-25 12:05:19 -05:00
src Tune defaults 2020-11-25 13:51:59 -05:00
.gitignore Initial commit 2020-11-25 11:15:59 -05:00
COPYING Initial commit 2020-11-25 10:48:52 -05:00
Makefile Add install and uninstall targets 2020-11-25 12:26:09 -05:00
README Add note about packages 2020-11-25 13:51:59 -05:00
config.sh Add install and uninstall targets 2020-11-25 12:26:09 -05:00
configure Implement everything 2020-11-25 12:05:19 -05:00

README 

				    mkproof

mkproof is a small C program for generating proofs of work.

				  Installation

If mkproof is available as a package on your system, prefer to install that
rather than build it yourself.

mkproof depends only on a POSIX-like environment and a C99 compiler.

	$ ./configure
	$ make

This will produce three executables: mkchallenge, mkproof, and checkproof.

				     Usage

The situation: Bob wants Alice to do something, but Alice isn't sure if Bob is a
robot.

1. Alice runs `mkchallenge` and sends the challenge to Bob.
2. Bob runs `mkproof <challenge>` and wastes some CPU time. After several
   minutes of work, a proof is printed to stdout.
3. Bob sends the proof to Alice.
4. Alice runs `checkproof <challenge> <proof>` to verify the work.

Now Alice can be reasonably confident that Bob is not a robot, and proceed with
Bob's request.

				   Algorithm

To make a challenge, generate 16 random bytes. Choose the argon2 iterations and
memory parameters, and the number of zeroed digits, to tune the difficulty. The
challenge string is the terms "argon2id", the iterations, memory use, and zeroed
digits as decimal integers, and the random bytes as hexadecimal, joined by ":".

To make a proof, split the challenge by ":" and verify that the first token is
"argon2id". Decode the iterations, memory, and digits parameters, and the
challenge bytes.

Repeat the following algorithm to generate proofs until an argon2id key is found
whose first N hexadecimal digits are zero, where N is equal to the digits
parameter divided by two:

1. Generate 16 random bytes (password).
2. Run argon2id with the generated password, and the memory and iteration
   parameters provided by the challenge, and the challenge bytes as the salt.
   The hash length and parallelism parameters shall be respectively set to 32
   and 1.
3. Encode the argon2id hash as hexadecimal.

When a suitable hash is found, encode the seed in hexadecimal. This is the proof
which should be transmitted to the challenger.

To verify the proof, simply run the proof algorithm with the original challenge
parameters and the challengee's provided seed and verify that the resulting
hexadecimal string is prefixed with the appropriate number of zeroes.

				     Notes

The defaults are tuned to take about ten minutes on one core of a modern
consumer CPU.