From 2864152e1593b272e53973073a71e1c28e1e38f8 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Thu, 17 Nov 2016 12:02:32 -0800 Subject: [PATCH] use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time --- src/utils/crypto_box.ml | 42 ++++++++++++++++++++++++++-------------- src/utils/crypto_box.mli | 10 ++++++---- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/src/utils/crypto_box.ml b/src/utils/crypto_box.ml index bf4586799..328a71036 100644 --- a/src/utils/crypto_box.ml +++ b/src/utils/crypto_box.ml @@ -15,7 +15,11 @@ type secret_key = Sodium.Box.secret_key type public_key = Sodium.Box.public_key type channel_key = Sodium.Box.channel_key type nonce = Sodium.Box.nonce -type difficulty = int64 +(* target ought to be an unsigned 256 bit integer +but this representation works better with ocplib-endian; make +sure target has length 16! *) +type target = int list +exception TargetNot256Bit let random_keypair = Sodium.Box.random_keypair let random_nonce = Sodium.Box.random_nonce @@ -25,22 +29,32 @@ let box_open sk pk msg nonce = try Some (Sodium.Box.Bigbytes.box_open sk pk msg nonce) with | Sodium.Verification_failure -> None -let check_proof_of_work pk nonce difficulty = - let hash_bytes l = - let hash = Cryptokit.Hash.sha256 () in - List.iter (fun b -> hash#add_string (MBytes.to_string b)) l; - let r = hash#result in hash#wipe; r in +let validate_target target = + if List.length target <> 16 then raise TargetNot256Bit; + if List.for_all (fun t -> t < 0 || t >= 1 lsl 16) target + then raise TargetNot256Bit + +(* compare a SHA256 hash to a 256 bit target *) +let compare_target xs target = let hash = - hash_bytes - [ Sodium.Box.Bigbytes.of_public_key pk ; - Sodium.Box.Bigbytes.of_nonce nonce ] in + let hash = Cryptokit.Hash.sha256 () in + List.iter (fun b -> hash#add_string (MBytes.to_string b)) xs; + let r = hash#result in hash#wipe; r in let bytes = MBytes.of_string hash in - let last_int64 = - EndianBigstring.BigEndian.get_int64 bytes (MBytes.length bytes - 8) in - Int64.logand last_int64 (Int64.of_int 1) < difficulty -let generate_proof_of_work pk difficulty = + let get_16 = EndianBigstring.BigEndian.get_uint16 bytes in + let offsets = [0;2;4;6;8;10;12;14;16;18;20;22;24;26;28;30] in + List.for_all2 (fun o t -> get_16 o < t) offsets target + +let check_proof_of_work pk nonce target = + let what_to_hash = + [ Sodium.Box.Bigbytes.of_public_key pk + ; Sodium.Box.Bigbytes.of_nonce nonce ] in + compare_target what_to_hash target + +let generate_proof_of_work pk target = + validate_target target; let rec loop nonce = - if check_proof_of_work pk nonce difficulty then nonce + if check_proof_of_work pk nonce target then nonce else loop (increment_nonce nonce) in loop (random_nonce ()) diff --git a/src/utils/crypto_box.mli b/src/utils/crypto_box.mli index a31fb6380..3cb55d3d6 100644 --- a/src/utils/crypto_box.mli +++ b/src/utils/crypto_box.mli @@ -10,13 +10,15 @@ (** Tezos - X25519/XSalsa20-Poly1305 cryptography *) type nonce -type difficulty val random_nonce : unit -> nonce val increment_nonce : ?step:int -> nonce -> nonce - val nonce_encoding : nonce Data_encoding.t +type target +val compare_target : MBytes.t list -> target -> bool +val validate_target : target -> unit + type secret_key type public_key @@ -29,5 +31,5 @@ val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option -val check_proof_of_work : public_key -> nonce -> difficulty -> bool -val generate_proof_of_work : public_key -> difficulty -> nonce +val check_proof_of_work : public_key -> nonce -> target -> bool +val generate_proof_of_work : public_key -> target -> nonce