Written Proof of Work

Large language models are already disrupting many areas of written work such as education, news stories and book publishing. The implications for education are obvious - students can cheat on essay writing by simply offloading all the hard work to the computer. Classical plagiarism checking tools are useless, and textual style of writing can be changed with a little prompt engineering. The story in book publication is just as troubling - a book on Amazon covering the recent Maui, Hawaii fires was published before the fires themselves were even over. Just today I saw an article about fake AI written mushroom identification books which could plausibly lead to injury or death.

As for the Internet, we are entering a new era where we will inevitably drown in waves of generated AI trash. The ultimate goal of squeezing Internet users for advertising clicks gives a perverse incentive to game search engine results by any means necessary. Why not generate thousands of AI articles just to make a few dollars on advertising? This hunger for advertising dollars leads to SEO gaming, which directly leads to degraded search engine results. Many users both in and outside of the technology community have noticed quality reduction in Google search results in recent times.

Let’s turn now to some technical responses that could temporarily ameliorate the situation. Classifying written text itself as human or AI seems to be a dead end, primarily because the generated text itself is so indistinguishable from human (assuming even a little prompt engineering). A better plan of attack in my opinion is to target how the text is generated itself. AI generates text token by token at a rate much faster than a human could ever write. It is exploiting this generation model that I will cover in this blog.

Chromebooks are popular with the K-12 education system, and with those laptops comes a subscription to Google Docs. One little known feature of Google Docs is the ability to view revision history. If students writing essays submit their work by sharing their docs, a teacher can easily go in and view the history. Copying and pasting large blocks of text from ChatGPT becomes impossible or highly suspicious. This feature has not gone unnoticed, as this post from The Times Higher Education illustrates. Indeed, as I was writing the software for this blog post I came across a Google Chrome extension which enhances Google Doc’s revision history with a seekable timeline and basic editing statistics.

For those who don’t or cannot use Google Docs, it would be nice if there was a way to certify text using edit history. Fortunately there is a technical solution: timestamp authority servers (TSA). The use of these servers are very simple - just hash the data you want to timestamp, then send it to a TSA, which signs the hash using public key cryptography. This authentication scheme guarantees that whoever submitted the hash had that data created on or before submission to the timestamp authority server. With this in mind, we can create a simple blockchain like validation scheme for a sequence of edits:

  1. The text editor saves every edit/keystroke in a list. Every 20 seconds, the editor takes the last signed TSA block + any edits after, hashes them and submits to the timestamp authority. The editor then places this block in the edit history.
  2. After the user is done with their document, they then take all of the edit history (containing both the timestamped keystrokes and TSA blocks), and sends them to a validation server. This server verifies the cryptographic blocks, then uses heuristics to classify the edit history as human or non-human.
  3. If the classification server classifies the edit history as likely human, it exports the final text to a PDF and signs it with their key, verifying this document as human written.
  4. Readers can verify that a document is human written by checking the signed PDF. If they trust the owner of the classification server, then they can trust that the document is human written. The readers of the final document never need to see the edit history.

I went ahead and implemented this basic protocol (which I am calling Written Proof of Work) using the Quill editor and submission to the Sectigo Timestamp Authority Server. The primary benefit of this scheme over the Google Doc’s history is that remote authentication servers can be entirely stateless - there is no need to actually store the edit history on the remote server. The timestamp authority only ever sees the edit history hashes, and the verification server can throw away the edit history as soon as the verification process is complete.

I will admit that this scheme is likely to be less useful in the immediate future than Google Doc’s revision history. Implementing this scheme would require cooperation from multiple parties, primarily the corporations which own the document editors (Google and Microsoft). What this scheme does guarantee is rate limiting written text. A person writing a document with the help of a large language model will not be able to produce it any faster than a human writing a document.

Code and Implementation

An example implementation of Written Proof of Work is available here: https://github.com/calebh/written-proof-of-work

A demo of this application is available here.

Written on September 1, 2023