Hashcash - Amortizable Publicly Auditable Cost-Functions

We present a distributed efficiently amortizable CPU cost-function with no trap–door. The absence of a trap–door allows us to avoid needing to trust any party. Applications for such cost-functions are in distributed document popularity estimation, and metering of web advertising. None of the servers involved have any advantage over users in computing the cost function. The amortized token has a small fixed sized representation independent of the amortized value. The valuation function is efficient. Limits can be placed on the resources which can be expended in computing the cost-function to prevent the user inflating the value of his contribution by using more CPU time than the expected token value. The amortized part of the cost result can be blinded so that clients can not obtain service but avoid contributing to the amortization by expending more resources than the expected token value. Interactive and non-interactive variants of the cost-function can be constructed which can be used in situations where the server can issue a challenge (connection oriented interactive protocol), and where it can’t (where the communication is store–and–forward, or packet oriented) respectively.