RPOW - Reusable Proofs of Work

Adam Back adam at cypherspace.org
Sat Aug 21 01:39:12 EDT 2004 

It's like an online ecash system.  Each recipient sends the RPOW back
to the mint that issued it to ask if it has been double spent before
accepting it as valid.  If it's valid (not double spent) the RPOW
server sends back a new RPOW for the receiving server to reuse.

Very like Chaum's online ecash protocol, but with no blinding (for
patent reasons) and using hashcash as way to "buy" coins.  The other
wrinkle is he can prove the mint can not issue coins without
exchanging them for hashcash or previous issued coins (up to the
limits of the effectiveness of the IBM tamper resistant processor
card, and of course up to the limits of your trust in IBM not to sign
"hardware code signing keys" that are not generated on board one of
these cards).  This is the same as the "remote attestation" feature
used in "Trustworthy" Computing for opposite effect -- restricting
what users can do with their computers; Hal is instead using this to
have a verifiable server where the user can effectively audit and
check what code it is running.

Adam

On Fri, Aug 20, 2004 at 04:34:00PM -0500, Matt Crawford wrote:
> >>I'm wondering how applicable RPOW is.  Generally speaking, all
> >>the practical applications I can think of for a proof-of-work
> >>are defeated if proofs-of-work are storable, transferable, or
> >>reusable.
> >
> >I have some code to play online games with cryptographic protection, 
> >cards and dice,
> >and I am planning to modify it to let people make bets with RPOWs as
> >the betting chips.
> 
> If you think of POW as a possible SPAM mitigation, how does the first 
> receiving MTA assure the next MTA in line that a message was "paid 
> for?"  Certainly the mail relay doesn't want to do new work, but the 
> second MTA doesn't know that the first isn't a spambot.
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list