producing GnuPG keys as proof of work

[Daniel Kahn Gillmor]

On 10/02/2014 02:02 PM, Mirimir wrote:
> Would it be feasible to use gpg in batch mode to generate numerous keys,
> selecting for a particular key ID, or perhaps a longer part of the
> fingerprint? I'm aware of shortcuts for creating keys with arbitrary key
> IDs, but they produce keys with atypical key lengths etc. Based on
> limited experience, I suspect that entropy would be the limiting
> resource. Is that correct?

No, this is not a good idea.  Searching for a particular OpenPGP keyid
or substring of a fingerprint is functionally equivalent to searching
for a substring of any other SHA1 digest.

gpg's delay in generating a key is due to trying to generate keys with
specific characteristics, drawn from suitably robust entropy.  It's not
possible in the general case to observe from the generated public part
of the key (much less the fingerprint) whether those constraints were
respected or not, so someone wanting to fake the proof of work could
simply ignore the gpg constraints, use a weaker (or nonexistent) entropy
source, and rapidly generate public keys that a naive (or
resource-constrained) observer couldn't distinguish from a real key.
This effectively cheats the proof-of-work scheme.

If you want proof-of-work, there are many better-evaluated mechanisms
available than using OpenPGP fingerprints.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141002/aa84774b/attachment.sig>