use 256 bit target for proof of work

* SHA256 produces 256 bits pseudo-randomly uniformly, so you may
compare to a 256 bit target to get a proof of work
* If you pretend that the hash and targets are both integers between 0
and 2^256 - 1, then the target partitions the range into passing and
failing segments.
* In order to match the use of the `get_uint16` function from
`ocplib-endian`, the easiest way to encode `target` is as a `int list`
which works if not ideal
* This seems like the same thing bitcoin does; difficulty there is
actually not a primary notion but is calculated from a 256 bit target,
which is what gets adjusted over time
This commit is contained in:
Eitan Chatav 2016-11-17 12:02:32 -08:00
parent 65795dba2c
commit 2864152e15
2 changed files with 34 additions and 18 deletions

View File

@ -15,7 +15,11 @@ type secret_key = Sodium.Box.secret_key
type public_key = Sodium.Box.public_key
type channel_key = Sodium.Box.channel_key
type nonce = Sodium.Box.nonce
type difficulty = int64
(* target ought to be an unsigned 256 bit integer
but this representation works better with ocplib-endian; make
sure target has length 16! *)
type target = int list
exception TargetNot256Bit
let random_keypair = Sodium.Box.random_keypair
let random_nonce = Sodium.Box.random_nonce
@ -25,22 +29,32 @@ let box_open sk pk msg nonce =
try Some (Sodium.Box.Bigbytes.box_open sk pk msg nonce) with
| Sodium.Verification_failure -> None
let check_proof_of_work pk nonce difficulty =
let hash_bytes l =
let hash = Cryptokit.Hash.sha256 () in
List.iter (fun b -> hash#add_string (MBytes.to_string b)) l;
let r = hash#result in hash#wipe; r in
let validate_target target =
if List.length target <> 16 then raise TargetNot256Bit;
if List.for_all (fun t -> t < 0 || t >= 1 lsl 16) target
then raise TargetNot256Bit
(* compare a SHA256 hash to a 256 bit target *)
let compare_target xs target =
let hash =
hash_bytes
[ Sodium.Box.Bigbytes.of_public_key pk ;
Sodium.Box.Bigbytes.of_nonce nonce ] in
let hash = Cryptokit.Hash.sha256 () in
List.iter (fun b -> hash#add_string (MBytes.to_string b)) xs;
let r = hash#result in hash#wipe; r in
let bytes = MBytes.of_string hash in
let last_int64 =
EndianBigstring.BigEndian.get_int64 bytes (MBytes.length bytes - 8) in
Int64.logand last_int64 (Int64.of_int 1) < difficulty
let generate_proof_of_work pk difficulty =
let get_16 = EndianBigstring.BigEndian.get_uint16 bytes in
let offsets = [0;2;4;6;8;10;12;14;16;18;20;22;24;26;28;30] in
List.for_all2 (fun o t -> get_16 o < t) offsets target
let check_proof_of_work pk nonce target =
let what_to_hash =
[ Sodium.Box.Bigbytes.of_public_key pk
; Sodium.Box.Bigbytes.of_nonce nonce ] in
compare_target what_to_hash target
let generate_proof_of_work pk target =
validate_target target;
let rec loop nonce =
if check_proof_of_work pk nonce difficulty then nonce
if check_proof_of_work pk nonce target then nonce
else loop (increment_nonce nonce) in
loop (random_nonce ())

View File

@ -10,13 +10,15 @@
(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)
type nonce
type difficulty
val random_nonce : unit -> nonce
val increment_nonce : ?step:int -> nonce -> nonce
val nonce_encoding : nonce Data_encoding.t
type target
val compare_target : MBytes.t list -> target -> bool
val validate_target : target -> unit
type secret_key
type public_key
@ -29,5 +31,5 @@ val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t
val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option
val check_proof_of_work : public_key -> nonce -> difficulty -> bool
val generate_proof_of_work : public_key -> difficulty -> nonce
val check_proof_of_work : public_key -> nonce -> target -> bool
val generate_proof_of_work : public_key -> target -> nonce