Pricing via Processing or Combating Junk Mail by Cynthia Dwork and Moni Naor appearing in Crypto92,

1
Pricing via Processing orCombating Junk Mail
by Cynthia Dwork and Moni Naorappearing in
Crypto92, 1992

• Presented by
• Qunwei Zheng
• University of Alabama
• in partial fulfillment of the requirements for
• Internet Algorithms course, Spring 2004

2
Spam magnitude

• AOL, which serves 25 million U.S. customers,
  reports that it blocked 500 billion spam emails
  in 2003.

3
AOL's Top 10 Spam Email Subject Lines of 2003
1. Viagra online (also xanax, valium, xenical,
phentermine, soma, celebrex, valtrex, zyban,
fioricet, adipex, etc.)2. Online pharmacy (also
'online prescriptions' 'meds online')3. Get out
of debt (also 'special offer')4. Get bigger
(also 'satisfy your partner' 'improve your sex
life')5. Online degree (also 'online
diploma')6. Lowest mortgage rates (also 'lower
your mortgage rates' 'refinance' 'refi')7.
Lowest insurance rates (also 'lower your
insurance now')8. Work from home (also 'be your
own boss')9. Hot XXX action (also 'teens'
'porn')10. As seen on oprah
4
Few big spammers

• 90 of spam received by Internet users in North
  America and Europe can be traced to a hard-core
  group of just 200 known spam outfits
• http//www.spamhaus.org/rokso/

5
Inspiration
6
Idea

• Require sender to do some computation
• Receiver checks
• POW - Proof Of Work

7
Find square root module a prime
8
Example of interaction/function
sender
receiver
message x
x
?
y2 x (mod p)
v (mod p)
y
yvx (mod p)
9
Problems and objectives

• Pre-compute POW
• include date t in message x
• Compute once and send to multiple receivers
• include destination d in message x
• How about call for papers?
• Shortcut
• How about friends and relatives?
• Frequent correspondent list

10
Expectations on pricing function

• Moderately expensive to compute
• Easy for one to check
• The computation cost can be tuned by difference
  parameter
• A shortcut can be used to make computation much
  cheaper

11
Candidate pricing functions

• Signature scheme with small security parameter
• A signature scheme that has been broken

12
Ong-Schnorr-Shamir signature
13
Ong-Schnorr-Shamir signature
u is a random number u is kept secret
r is a random number
14
Ong-Schnorr-Shamir signature

• Alice publish n and k
• Keep u secret

Alice generates signature
Bob checks
15
Ong-Schnorr-Shamir signature
Picture taken from H. Ong, C. P. Schnorr and A.
Shamir, An efficient signature scheme based on
quadratic equations, Proc. 16th ACM Symp. Of
Theory of Computing, 1984
16
OSS broken

• H. Ong, C. P. Schnorr and A. Shamir, An efficient
  signature scheme based on quadratic equations,
  Proc. 16th ACM Symp. Of Theory of Computing, 1984
• J. M. Pollard and C. P. Schnorr, Solution of
  x²ky²m mod n, IEEE Trans. on Information
  Theory, 1988
• Without knowing the private key u
• Requires logn iterations

17
Use OSS as pricing function

• Alice want to send message m to Bob

Bob publishes n and k
Alice use Pollards algorithm to find the
signature that satisfies
Bob verifies whether
18
Shortcut

• Shortcut is the secret key u that Bob keeps
• The computation with shortcut is just use OSS
  scheme to sign

19
Future work

• theory of moderately expensive functions
• other kinds of pricing functions
• some useful pricing function

20
Related work

• A. Back, "HashCash -- A Denial of Service
  Counter-Measure" (5 years on), Tech Report, 2002.
• E.Gabber, M. Jakobsson, Y. Matias, and A. Mayer,
  Curbing Junk E-Mail via Secure Classification,
  Financial Cryptography '98
• J. Ioannidis, Fighting Spam by Encapsulating
  Policy in Email Addresses, Proceedings of the
  10th Annual Network and Distributed System
  Security Symposium, February 2003.