Hashcash Proof of technical workload behind , It shaped the digital currency research more than ten years after its birth .
The original title ：《 dried food | Genesis document ：Adam Back How to design bitcoin engine 》
writing ：Aaron Van Wirdum
translate ： jianqi
[ Notice ] Hachcash Stamp realization
Time value 1997 year 3 month 28 Japan , Password punk mailing list 2000 Multiple subscribers received an email , It begins with the quotation above . The sender is a 26 I'm a 20-year-old Briton , University of Exeter （University of Exeter） The postdoc . The young cryptographer used his first name in the mail group Adam Back Doctor , And a prolific contributor to the mail group . The explanation and simple implementation included in this email , The author is named 「 Postage scheme based on partial hash collision 」 —— It's like a stamp on an email , But it's based on a beautiful cryptography scheme .
「 Use partial hashes （partial hashes） The reason is , The calculation cost can be adjusted up at will 」,Back writes ,「 But it can be verified immediately 」. About the advantages of this system , That's what he explained .
The cryptographer of those days is now Blockstream The company's CEO, But that email didn't have much reaction at the time ： Only one reader replied , What's more, we discuss the technology of choosing hash algorithm . however ,Hashcash The technology behind it —— Proof of workload —— But it shaped the digital currency research more than ten years after its birth .
At the cost of task processing , Fighting spam
Back Of Hashcash I'm not the pioneer of this kind of solution .
As early as 1990 Early S , The future of the Internet , Especially the advantages of e-mail system , It's already obvious to the concerned technicians . however , The Internet pioneers of the time , I also realized that the e-mail system has its own problems .
「 In especial , Sending email is easy 、 The cost is also very low , And you can send the same message to many people , That's bound to lead to abuse 」,IBM Research Fellow Cynthia Dwork Doctor and Moni Naor Dr. in their publication in 1992 That's how it was explained in the white paper . The white paper is called 「 At the cost of task processing , Fighting spam 」.
exactly , With the popularity of e-mail , Spam also comes out one after another .
There needs to be a solution , Early Internet users agreed that —— And one of them is Dwork and Naor What's provided in your paper .
Their plan is ： The person who sent the email , Every time you send an email , You have to attach some data to your email . The data need to be the solution of a mathematical problem , And every email asks a unique question . say concretely ,Dwork and Naor Three candidate puzzles are proposed for this scene , All based on public key cryptography and signature schemes .
It's not hard to add a solution to email , Ideally, it only needs the processing power of an ordinary computer , Just a few seconds , And the receiver can easily check its validity . The interesting part is here ： For those who advertise 、 For scammers and hackers , Even if an email only needs a little processing power , It will also accumulate high costs , Because they want to send thousands or even millions of messages at a time . In theory , The cost of spamming can be very high , It's too expensive to make a profit .
「 The main idea is to let users calculate a function that is moderately difficult but not difficult , Then access to the resource can be obtained , So as to prevent abuse 」,Dwork and Naor So explain .
although Dwork and Naor I didn't invent the term , But the kind of solutions they propose , Later, with 「 Proof of workload 」 Its name is known as . Users have to show the results of their computer work , To prove that they spent real world resources .
What a beautiful plan , Unfortunately, it may be too far ahead . This program is only circulating among a small circle of computer scientists , It's never been widely noticed .
Adam Back And code punk
It's just Dwork and Naor The same time they published their white paper , A group of people with libertarianism （Libertarian） Privacy activists are also beginning to realize the potential of the Internet . This group of people with the same ideology began to form an email group , Focus on privacy enhancing technologies . Follow Dwork and Naor equally , these 「 Password punk 」 —— This is what they were called later —— Use updated cryptography to achieve their goals .
A few years later ,Adam Back —— He was in 1996 He got his doctorate in —— Became one of the most active participants in this email group , Sometimes you can send dozens of emails a month . Just like other code punks , He's also interested in things like privacy 、 free speech And libertarianism, etc , And he's also involved in things like 「 Anonymous middlemen 」、 Encrypted file system 、 E-cash （ from David Chaum Doctor invented ） And so on .
But for a while ,Back Perhaps the best-known story is printing and selling 「 Munitions 」 jacket ： It's printed with encryption protocol T shirt , It is intended to point out that the U.S. government has put Phil Zimmermann Of PGP （Pretty Good Privacy） The encryption procedure is in accordance with the export control law 「 Munitions 」 The absurdity of regulations . If you put it on Back Clothes , Cross the border and leave the United States , Then you will be a 「 Arms exporters 」 了 .
Like most people ,Back Didn't notice Dwork and Naor The amount of work proposed proves . But in 1990 The mid - , He has been thinking about a similar way to fight spam , Sometimes in the password punk mail group 「 High profile 」 speak .
such as , In the context of adding more privacy to the forwarder ,Back I would comment like this ：「 Use PGP One of the benefits of the agreement is ,PFP Encryption imposes some overhead on spammers —— He can encrypt messages per second , It's better than being able to plug and explode one T3 Fewer links 」. How much like Dwork and Naor My idea .
Password Punk's mail group has grown rapidly in five years . It started as an online discussion platform for a small group of people who started startups in the San Francisco Bay Area , Then it became a small Internet phenomenon , There are thousands of subscribers —— And there are too many emails to read .
It is at this time —— 1997 year , The time when the number of mail groups approached the peak —— Back Put forward his Hashcash.
Hashcah Be similar to Dwork and Naor Our anti - spam program , The purpose is the same , but Back Some additional uses are proposed , For example, to resist the abuse of anonymous middlemen . But as the name suggests ,Hashcash It's the basis of Dwork and Naor It's not the same set , It's based on a hash algorithm .
Hash algorithm is a cryptography tool , It can take any data —— Whether it's a letter or a whole book —— As input , And then output a length determined 、 Seemingly irregular numbers .
for instance ,「This is a sentence」 The meaning of this sentence is SHA-256 Hash value , It's a hexadecimal number like this ：
「 transformation 」 It's a regular decimal number. It's ：
The binary form is ：
however ,「This, is a sentence」 Of SHA-256 Hash value , nevertheless ：
As you can see , Just insert a punctuation , The resulting hash will also be completely different . and , It is important to , The hash values of both sentences are completely unpredictable ; Even if you know the hash value of the first sentence , You can't deduce the hash value of the second sentence from it . Want to know , The only way to do that is to actually run the hash calculation .
Hashcash Very clever use of this mathematical tool .
stay Hashcash in , Metadata for mail （ Such as 「 Sender address 」、「 Addressee address 」、 Send time , etc. ） All formalized as a protocol . Besides , The sender of the e-mail must add a random number to the metadata , Referred to as 「nonce」. All this metadata , Including this 「nonce」,（ After entering the hash function ） You can get a hash value , This hash value will also look like the random number shown above , No rules .
The secret is ： Not any hash value can be counted as 「 Effective 」. The binary form of the hash value , Must be in a predetermined number of 「0」 start , It works ; for instance , Want to have 20 individual 「0」 start . The sender has to find out nonce, Make the beginning of the hash value have 20 individual 「0」, Talent . however , He can't know which one in advance nonce You can do that .
therefore , To get such a valid hash value , There's only one way for the sender ： Trial and error （ That is to say 「 Brute force calculation 」）. He can only keep trying different nonce, Until we find an effective combination . otherwise ,TA Will be rejected by the recipient's mail client . It's like Dwork and Naor The plan ,Hashcash It also requires computing resources ： It's a workload proof system .
「 If the email doesn't come with 20 Bit hash value …… Your program will pop up a statement , Explain that you have to pay for the mail , And where to get the right software 」,Back In the password punk mail group ,「 This can make spammers bankrupt overnight , because 100 0000 x 20 = 100 MIP year , Much more than their computing power 」.
It is worth noting that ,Back The workload proves that the system is better than Dwork and Naor It's more random . Their plan only needs to solve a puzzle , This means that a faster computer always works faster （ Compared to a worse computer ）. But statistically ,Hashcash There's also a chance that slower computers in the world will find the right solution faster .
（ For example , If someone runs faster than others , In a sprint TA Win every time . But if someone just bought more lottery tickets , There's always a chance that other people will be better than one of them —— It's just that I don't win so often .）
The scarcity of the digital world
And Dwork and Naor The fate of our proposals is similar ,Hashcash There has never been much progress .Back stay 2002 In the white paper of 2005, we explained in detail Hashcash.Apache The open source SpamAssassin （ Spam filtering ） The platform implements it , And Microsoft is also in an incompatible 「 E-mail postmark 」 The idea of workload proof is used in the format . and Back And other scholars , We have been working on different applications of this solution for many years , But they didn't get much attention . For most potential applications , The lack of network effects makes it difficult for them to start .
however ,Dwork and Naor、Back （ Independent research on ）, They did create something . One of the most powerful features of digital products is that they can be easily copied , Workload proof is essentially the first concept of virtual scarcity that does not depend on the center ： It connects electronic data with the real world 、 Limited computing resources are bound together .
And scarcity , without doubt , It's the premise of money . actually ,Back In his password punk email address and white paper , All of them are very clear Hashcash In the category of money , And the only digital cash in the world at that time （Chaum Of DigiCash） Contrast .
「 stay digicash Before it was widely used ,Hashcash It might provide a temporary measure 」,Back Say... In the email group ,「Hashcash It's free , You just need to spend some computation on your computer , I get it . This is in line with the Internet culture of free expression , People in need can compete with millionaires 、 Retired government officials and so on .（ and ） If digicash Something went wrong. （ Being taken over or required to keep the user's identity information ）,Hashcash It can also provide a backup solution to control spam .」
however , Apart from the name ,Hashcash It's not a good way to take on a mature cash （Dwork and Naor Of course not ）. Maybe more importantly , The receiver 「 received 」 Proof of work load , It's no use to him . It's not like money , You can spend it somewhere else . Besides , Because the performance of computer is improving day by day , At the same time , They can generate more and more proofs —— Hashcash There will be super inflation .
Apart from everything else , Proof of workload provided by , It is a new foundation for the study of digital currency . Most of the important digital currency schemes that followed , All based on Hashcash above , Generally speaking, it is to reuse the proof of workload （Hal Finney Of 「 Reusable proof of workload （PROW）」 That's the most obvious example ）.
Of course , In the end , Workload proved to be the cornerstone of bitcoin , and Hashcash It's one of the few references in bitcoin white paper .
However , Bitcoin pair Hashcash （ Or its variants ） It's a very different way to make use of it than others have suggested before . Unlike Hashcash And others based on Hashcash The plan , Workload proves the scarcity it provides , It's not directly used as currency in bitcoin . actually ,Hashcash Used to create a competition ： No matter which miner is the first to produce an effective proof of workload —— That is, the hash value of a bitcoin transaction block —— TA Which transactions will be processed next . At least in theory , We all compete on an equal footing ： It's like a lottery , Even the little miners , It's also possible to be the first person at a certain locus to produce an effective workload .
Further , Every time a block is dug out , It confirmed a number of deals , These deals are unlikely to be cancelled . The attacker has to prove that he did the same thing as the block that was dug out first （ It's a blocker ） At least the same amount of work , And this value will accumulate with the appearance of subsequent blocks , Under normal circumstances , The difficulty will increase exponentially . therefore , The real world resources it takes to cheat , Generally, it will be greater than the potential profit of cheating . Recipients of bitcoin transactions , So I have confidence , The money you receive will not disappear out of thin air .
This application Hashcash You can kill two birds with one stone ： It's a decentralized solution 「 Multiple payment problem 」, It provides another way , So that the new currency can enter circulation without centralized issuers .
Hashcash Not the first e-cash system —— Ecash Has taken the lead , And the workload proved itself unable to actually be used as money . But without it , There may not be a decentralized digital cash system yet .