[camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

Eric S. Johansson esj at harvee.org
Tue Dec 30 05:59:30 PST 2003 

Scott Nelson wrote:

>>
>>d*b
>>---
>> s
>>
>>where: d = stamp delay in seconds
>>       s = spam size in bytes
>>       b = bandwidth in bytes per second
>>
> 
> 
> I don't understand this equation at all.
> 
> It's the rate limiting factor that counts, not a combination of
> stamp speed + bandwidth.

well, stamp speed is method of rate limiting.  This equation/formula 
gives you the ratio of performance degradation.  So,

Given d=15, b=49152 (aka 384kbps) and s=1000

the slowdown ratio or factor is 737.28 times over what an unimpeded 
spammer can send.  But as you increase spam size, the slowdown factor 
declines.

> Assuming 128Kbps up, without a stamp it takes about .6 seconds to
> send a typical 10K spam.
> 
> If it takes 15 seconds to generate the stamp, then it will take
> 15 seconds to send a stamped spam.  It won't even take 15.6 seconds,
> because the calculation can be done in parallel with the sending.

actually, it would take 15 but only because you can be sending one 
stamped piece of spam at the same time as you're generating the next 
stamp.  But using your spam size, , the slowdown factor becomes roughly 
73 times.  So they would need 73 machines running full tilt all the time 
to regain their old throughput.  It's entirely possible that one 
evolutionary response to stamps would be to generate larger pieces of 
spam but that would also slow them down so we still win, kind of, sort of...


>>assuming unlimited bandwidth, if a stamp spammer compromises roughly the 
>>same number of PCs as were compromised during the last worm attack 
>>(350,000) at 15 seconds per stamp, you end up with 1.4 million stamps 
>>per minute or 2 billion stamps per day.  When you compare that to the 
>>amount of spam generated per day (high hundred billion to low trillion), 
>>
> 
> 
> Not according to the best estimates I have.
> The average email address receives 20-30 spams a day (almost twice 
> what it was last year) and there are only 200-400 million 
> email addresses, which works out to less than 10 billion spams per day.

actually, I'm hearing that there are roughly one billion addresses but 
unfortunately have lost the source.  The numbers for spam I'm hearing 
are on the order of 76 billion to 2 trillion
(
2 tril spams /day 
http://www.pacificresearch.org/press/clip/2003/clip_03-05-08.html
76 bil                 http://www.marketinglaw.co.uk/open.asp?A=703
)

If you have a better source (and I am sure there are some), I would like 
to hear it.


> But there's a much easier way to do the math.
> 
> If 1% of the machines on the internet are compromised,
> and a stamp takes 15 seconds to generate, then spammers can send
> 50-60 spams to each person.
> 
> (86400 seconds per day / 15 seconds per stamp * 1% of everybody = 57.6)

unfortunately, I think you making some assumptions that are not fully 
warranted.  I will try to do some research and figure out the number of 
machines compromised.  The best No. I had seen to date was about 350,000.

> You can reduce that by factoring in the average amount of time
> that a compromised machine is on per day.
> 
> 
> I fully expect that stamps will rise in "price" to several minutes,
> if camram actually gets any traction.

well, that might be the case but I must have a who cares attitude about 
that.  For the most part I rarely send mail to strangers and the stamp 
generation process is in background.  So if it take several minutes to 
queue up and send a piece of mail a few times a month.  What's the 
problem? (yes, I know I'm being cavalier)

> Custom hardware?
> I can buy a network ready PC at Fry's for $199.
> 
> If it takes that machine 30 seconds to generate a stamp, and I leave
> it running 24/7, and replace it after 5 months, then the cost
> of a hashstamp is still less than 1/500 of a snail-mail stamp.
> Granted it's a significant increase in costs over current email,
> and therefore potentially a vast improvement, 
> but it's still not expensive.

wrong unit of costs.  The stamps still take 15 seconds (give or take) 
which means approximately 5760 stamps per day.  Hardware acceleration is 
an attack against stamps by using dedicated hardware to shrink the cost 
in time of a given size stamp.  so, if and evil someone can build an 
ASIC to shrink the cost of a stamped by 100 times, then mercenary 
somebody else can build the same functionality and performance as well. 
  Plop it onto a USB interface chip, sell for $15 and balance is restored

---eric

-- 
Speech recognition in use.  Incorrect endings, words, and case is
closer than it appears

More information about the cypherpunks-legacy mailing list