Sorry, I still don't understand what that means.
I didnt quite follow the write up either, but it revolves around bitcoin/hashcash merged mining. Here's my reply from bitcoin-dev:
I didnt quite understand the writeup and the references were ambiguous.
But if you are talking about bitcoin/hashcash merged mining for email: it is
something I think should possible. Of course for email the scale means
bitcoin style flood-fill and direct tiny payments are completely out of the
question, thats why hashcash itself has no communication overhead other than
a header in the mail - its only scalability limit is email itself.
Rivest's PayWord for people who dont know the reference in this context is
the observation that for a low value micro-payment, you dont mind if you
only receive a payment 1 time in k so long as the expected payment is n
after receiving n (eg satoshi sized) payments. Eg like a penny tip jar so
long as your expected payment is correct long term (win as often as you
lose) you dont mind. And a fair 100% payout lottery can be fun of itself.
So let say each email client sends in an email header the head of the
bitcoin hash chain, it has seen via other emails, which can be offline
verified back to the genesis hash. Maybe some clients even have bitcoin
installed and ask the bitcoin client for the hash chain head. The client
also generates an address on setup, and sends its bitcoin address in a
header. If you send to a new address you dont know their address, so you
send to eg me (Adam;) as a default, or the bitcoin foundation, or an invalid
address to destroy the coin - the recipient assumes that is not the sender
as those address are in the client. A sender can under-contribute but makes
no gain. Under-contributing is fixable if desired (see under-contribute in
amortizable hashcash paper, but using PK decryption with recipients private
key x as its non-interactive b'=D(x,share).)
Then clients merge mine involving the recipients bitcoin address (or one of
the default addresses).
Even if the merged stamp proves to be an orphan, even a very old one, its
valid in a hashcash anti-spam sense, meeting the same purpose as destroyed
coin.
Maybe one can put the bitcoin hash in DNS with a 5min TTL and have mail
clients read that to reduce scope for stale mining.
In this way one can merge mine bitcoin & hashcash to the benefit of the
recipient (or some beneficiary trusted not to be paying the proceeds to the
spammer). And in a way that scales to email scale, and does not involve
installing a bitcoin client in every client, nor mail server.
Adam
