What is HashCash?

¿Qué es HashCash?
8 min read

You probably don’t know it, but Bitcoin is a technology created from the combination of other projects and previous technologies. Therefore, we can say that the Proof of Work protocol is a legacy of HashCash. But what is HashCash and how has it been used in the context of cryptocurrencies? If you want to know, read on.

HashCash History 

Hashcash is a proof-of-work (PoW) system created by Adam Back in 1997, although his Whitepaper was published in 2002. 

The main goal of Hashcash was to minimize the receipt of large amounts of unwanted emails, using hash collision to do so. Initially, its creation was intended to combat email spam and DDoS attacks. However, in more recent times, the system became popular with Bitcoin and other cryptocurrencies, as an essential piece of the mining algorithm.

Before bitcoin, SpamAssasin and Microsoft used hashcash in hotmail exchange, outlook, etc. 

In the original 1997 algorithm, the hashcash used SHA1 because at the time, this was the hash recommended by NIST. 

Bitcoin which was launched in 2008/2009 uses SHA256 as SHA1 started to show some weaknesses.

How does HashCash work?

¿Cómo funciona HashCash?

The hash can be defined as an algorithm that transforms a data input into an alphanumeric address characterized by a fixed number of digits, which summarizes and protects the inserted information.

That is, with hashing, any data can be formalized, becoming a unique number, apparently random, but with a predetermined length.

As we have already mentioned, before Bitcoin, Hashcash was invented as a way to prevent spam. 

Its inventor, Adam Back, thought that the only way to curb the sending of mass mailings was to set a minimum cost (e.g. a penny). This would not be a limit for a normal user, since he does not usually send thousands of mails. But for a spammer this would cost millions of cents a day and would discourage his behavior.

But how could Hashcash force spammers to spend a digital penny? The answer lies in the core idea behind Hashcash, which is now also a key driver of Bitcoin: Proof of Work.

In the specific case of email usage, to solve the spam problem, a textual encoding of a hashcash stamp must be added to the email header to demonstrate that the sender has spent a modest amount of CPU time calculating the stamp before sending the email. 

In this way, knowing if the sender has taken a certain amount of time to generate the stamp and send the email, we will know if he is a spammer. That is, mail receivers can verify if a sender made such an investment (by paying the minimum fee) and use the results to help filter the email.

A sample mail header will look like this example: 

X-Hashcash: 1:20:1303030600:mymail@domain.com::McMybZIhxKXu57jd:ckvi

The header contains:

  • The recipient’s e-mail address (mymail@domain.com) which requires a different header to be calculated for each recipient;
  • The date that allows the recipient to ensure that the header is unique to the e-mail message;
  • The Information proving that the required calculation has been performed. 

How to know if the mail is not spam?

So, how can you tell if an email contains spam according to the HashCash algorithm?

SENDER’S SIDE

On the sender side, your computer prepares a header and adds a counter value initialized to a random number. It then calculates the 160-bit SHA-1 hash of the header. If the first 20 bits (the 5 most significant hexadecimal digits) of the hash are all zeros, then it is an acceptable header. 

If the header is otherwise invalid, the sender will increment the counter and retry the hash. 

Out of 2160 possible hash values, there are 2140 hash values that satisfy this criterion and the chance of randomly selecting a header that will have 20 zeros as the beginning of the hash is 1 in 220 (approximately one in a million). 

The sender will have to try on average 220 values to find a valid header and this would take about one second to find it. A normal user on a computer would not suffer significantly from the processing time required to generate the hashcash string. However, spammers would suffer significantly due to the large number of spam messages sent. 

RECIPIENT’S SIDE

On the recipient’s side, the system works like this:

The recipient’s computer calculates the 160-bit SHA-1 hash of the entire chain (in about two microseconds on a 1 GHz machine). 

If the first 20 bits are not all zero, the hash is invalid. 

The recipient’s computer checks the date in the header (for example, “130421”, which represents the date April 13, 2021). If it is not within two days of the current date, it is invalid (this is because it compensates for clock skew and network routing time between different systems).

The recipient’s computer checks if the email address matches any of the valid email addresses registered by the recipient or if it matches any of the mailing lists to which the recipient is subscribed. If a match is not found, the hash string is invalid.

Finally, the recipient’s computer inserts the hash string into a database. If the string is already in the database (i.e., an attempt is being made to reuse the hashed string), it is invalid.

If the hash string passes all these tests (which take a few seconds), it is considered a valid hash string.

To this day there is no known method more efficient than this brute force system for finding a valid header.

HashCash and Bitcoin

HashCash y Bitcoin

Satoshi Nakamoto referred to the term HashCash in the Bitcoin Whitepaper explaining that the Back algorithm was the source of inspiration that led him to create the Proof of Work mining algorithm found in the Bitcoin distributed ledger.

The Bitcoin network uses a proof-of-work system to enable the ability to mine new Bitcoin tokens, create blocks on the blockchain and keep the network secure. 

For a miner (node) to create a block, it will have to discover an algorithmic code to meet the network difficulty objective.

The blocks that are verified are stacked on top of each other and form the blockchain.

The purpose of proof-of-work is to protect the network from malicious activity. How does it achieve this? Well, by providing miners with an incentive to back up and secure the Bitcoin network and making it profitable to do so and unprofitable to try to hack the network.

The difference between the HashCash algorithm used to detect spam emails and the Bitcoin network is that the Bitcoin proof-of-work uses two continuous SHA-256 hashes, which limits the average rate to 6 new transaction blocks per hour.

This limitation, coupled with the growing popularity of Bitcoin mining, increases the difficulty of mining.

Advantages and disadvantages of HashCash

Advantages of HashCash

  • First, Hashcash is fairly easy to implement in email accounts and spam filters and no central server is needed; 
  • It is invisible to users;
  • It is 100% effective against spambots, since almost none of them have the ability to read and execute Javascript.

Disadvantages of HashCash

The main disadvantage of HashCash is that it requires a Javascript enabled browser and, in addition, if the user does not have a powerful computer, it can take several seconds to calculate.