Title: Pricing via Processing or Combating Junk Mail by Cynthia Dwork and Moni Naor appearing in Crypto92,
1Pricing via Processing orCombating Junk Mail
by Cynthia Dwork and Moni Naorappearing in
Crypto92, 1992
- Presented by
- Qunwei Zheng
- University of Alabama
- in partial fulfillment of the requirements for
- Internet Algorithms course, Spring 2004
2Spam magnitude
- AOL, which serves 25 million U.S. customers,
reports that it blocked 500 billion spam emails
in 2003.
3AOL's Top 10 Spam Email Subject Lines of 2003
1. Viagra online (also xanax, valium, xenical,
phentermine, soma, celebrex, valtrex, zyban,
fioricet, adipex, etc.)2. Online pharmacy (also
'online prescriptions' 'meds online')3. Get out
of debt (also 'special offer')4. Get bigger
(also 'satisfy your partner' 'improve your sex
life')5. Online degree (also 'online
diploma')6. Lowest mortgage rates (also 'lower
your mortgage rates' 'refinance' 'refi')7.
Lowest insurance rates (also 'lower your
insurance now')8. Work from home (also 'be your
own boss')9. Hot XXX action (also 'teens'
'porn')10. As seen on oprah
4Few big spammers
- 90 of spam received by Internet users in North
America and Europe can be traced to a hard-core
group of just 200 known spam outfits - http//www.spamhaus.org/rokso/
5Inspiration
6Idea
- Require sender to do some computation
- Receiver checks
- POW - Proof Of Work
7Find square root module a prime
8Example of interaction/function
sender
receiver
message x
x
?
y2 x (mod p)
v (mod p)
y
yvx (mod p)
9Problems and objectives
- Pre-compute POW
- include date t in message x
- Compute once and send to multiple receivers
- include destination d in message x
- How about call for papers?
- Shortcut
- How about friends and relatives?
- Frequent correspondent list
10Expectations on pricing function
- Moderately expensive to compute
- Easy for one to check
- The computation cost can be tuned by difference
parameter - A shortcut can be used to make computation much
cheaper
11Candidate pricing functions
- Signature scheme with small security parameter
- A signature scheme that has been broken
12Ong-Schnorr-Shamir signature
13Ong-Schnorr-Shamir signature
u is a random number u is kept secret
r is a random number
14Ong-Schnorr-Shamir signature
- Alice publish n and k
- Keep u secret
Alice generates signature
Bob checks
15Ong-Schnorr-Shamir signature
Picture taken from H. Ong, C. P. Schnorr and A.
Shamir, An efficient signature scheme based on
quadratic equations, Proc. 16th ACM Symp. Of
Theory of Computing, 1984
16OSS broken
- H. Ong, C. P. Schnorr and A. Shamir, An efficient
signature scheme based on quadratic equations,
Proc. 16th ACM Symp. Of Theory of Computing, 1984 - J. M. Pollard and C. P. Schnorr, Solution of
x²ky²m mod n, IEEE Trans. on Information
Theory, 1988 - Without knowing the private key u
- Requires logn iterations
17Use OSS as pricing function
- Alice want to send message m to Bob
Bob publishes n and k
Alice use Pollards algorithm to find the
signature that satisfies
Bob verifies whether
18Shortcut
- Shortcut is the secret key u that Bob keeps
- The computation with shortcut is just use OSS
scheme to sign
19Future work
- theory of moderately expensive functions
- other kinds of pricing functions
- some useful pricing function
20Related work
- A. Back, "HashCash -- A Denial of Service
Counter-Measure" (5 years on), Tech Report, 2002. - E.Gabber, M. Jakobsson, Y. Matias, and A. Mayer,
Curbing Junk E-Mail via Secure Classification,
Financial Cryptography '98 - J. Ioannidis, Fighting Spam by Encapsulating
Policy in Email Addresses, Proceedings of the
10th Annual Network and Distributed System
Security Symposium, February 2003.