Designs, Codes and Cryptography

, Volume 73, Issue 1, pp 177–207 | Cite as

Cryptographic puzzles and DoS resilience, revisited



Cryptographic puzzles (or client puzzles) are moderately difficult problems that can be solved by investing non-trivial amounts of computation and/or storage. Devising models for cryptographic puzzles has only recently started to receive attention from the cryptographic community as a first step toward rigorous models and proofs of security of applications that employ them (e.g. Denial-of-Service (DoS) resistance). Unfortunately, the subtle interaction between the complex scenarios for which cryptographic puzzles are intended and typical difficulties associated with defining concrete security easily leads to flaws in definitions and proofs. Indeed, as a first contribution we exhibit shortcomings of the state-of-the-art definition of security of cryptographic puzzles and point out some flaws in existing security proofs. The main contribution of this paper are new security definitions for puzzle difficulty. We distinguish and formalize two distinct flavors of puzzle security which we call optimality and fairness and in addition, properly define the relation between solving one puzzle versus solving multiple ones. We demonstrate the applicability of our notions by analyzing the security of two popular puzzle constructions. We briefly investigate existing definitions for the related notion of security against DoS attacks. We demonstrate that the only rigorous security notion proposed to date is not sufficiently demanding (as it allows to prove secure protocols that are clearly not DoS resistant) and suggest an alternative definition. Our results are not only of theoretical interest: the better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations. We also underline clear practical limitations for the effectiveness of puzzles against DoS attacks by providing simple rules of thumb that can be easily used to discard puzzles as a valid countermeasure for certain scenarios.


Client puzzle DoS resilience PoW protocols 

Mathematics Subject Classification (2010)




We thank Douglas Stebila and to the anonymous referees for their comments and feedback on our work. First author was partially supported by National Research Grants CNCSIS UEFISCDI, Project Number PNII IDEI 940/2008–2011 and POSDRU/21/1.5/G/13798, inside POSDRU Romania 2007–2013.


  1. 1.
    Abadi M., Burrows M., Manasse M., Wobber T.: Moderately hard, memory-bound functions. ACM Trans. Internet Technol. 5, 299–327 (2005).Google Scholar
  2. 2.
    Abliz M., Znati T.: A guided tour puzzle for denial of service prevention. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC ’09, pp. 279–288. IEEE Computer Society, Washington, DC (2009).Google Scholar
  3. 3.
    Aura T., Nikander P., Leiwo J.: DoS-resistant authentication with client puzzles. In: Revised Papers from the 8th International Workshop on Security Protocols, pp. 170–177. Springer, London (2001).Google Scholar
  4. 4.
    Back A.: Hashcash–a denial of service counter-measure. Technical Report (2002).Google Scholar
  5. 5.
    Bellare M., Impagliazzo R., Naor M.: Does parallel repetition lower the error in computationally sound protocols. In: Proceedings of 38th Annual Symposium on Foundations of Computer Science, pp. 374–383. IEEE, Los Alamitos (1997).Google Scholar
  6. 6.
    Bellare M., Ristenpart T., Tessaro S.: Multi-instance security and its application to password-based cryptography. In: Advances in Cryptology, CRYPTO 2012, pp. 312–329. Springer, Heidelberg (2012).Google Scholar
  7. 7.
    Bencsáth B., Vajda I., Buttyán L.: A game based analysis of the client puzzle approach to defend against dos attacks. Proc. SoftCOM. 11, 763–767 (2003).Google Scholar
  8. 8.
    Boyd C., Gonzalez-Nieto J., Kuppusamy L., Narasimhan H., Rangan C., Rangasamy J., Smith J., Stebila D., Varadarajan V.: An investigation into the detection and mitigation of denial of service (Dos) attacks: critical information infrastructure protection. In: Cryptographic Approaches to Denial-of-Service Resistance, p. 183. Springer, Heidelberg (2011).Google Scholar
  9. 9.
    Chen L., Morrissey P., Smart N.P., Warinschi B.: Security notions and generic constructions for client puzzles. In: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pp. 505–523. Springer, Heidelberg (2009).Google Scholar
  10. 10.
    Dean D., Stubblefield A.: Using client puzzles to protect TLS. In: Proceedings of the 10th conference on USENIX Security Symposium, SSYM’01, vol. 10, p. 1. USENIX Association, Berkeley (2001).Google Scholar
  11. 11.
    Dwork C., Goldberg A., Naor M.: On memory-bound functions for fighting spam. In: Proceedings of the 23rd Annual International Cryptology Conference, pp. 426–444. Springer, New York (2003).Google Scholar
  12. 12.
    Dwork C., Naor M.: Pricing via processing or combating junk mail. In: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pp. 139–147. Springer, London (1993).Google Scholar
  13. 13.
    Fallah M.: A puzzle-based defense strategy against flooding attacks using game theory. IEEE Trans. Dependable Secur. Comput. 7(1), 5–19 (2010).Google Scholar
  14. 14.
    Gao Y., Susilo W., Mu Y., Seberry J.: Efficient trapdoor-based client puzzle against DoS attacks. In: Network Security, pp. 229–249 (2010).Google Scholar
  15. 15.
    Gao Y.: Efficient trapdoor-based client puzzle system against DoS attacks. Technical, Report (2005).Google Scholar
  16. 16.
    Grimaldi R.P.: Generating functions, Chap. 3.2. In: Rosen, K.H. (ed.) Handbook of Discrete and Combinatorial Mathematics. CRC, Boca Raton (1999).Google Scholar
  17. 17.
    Groza B., Warinschi B.: Revisiting difficulty notions for client puzzles and DoS resilience. In: Gollmann, D., Freiling, F. (eds.) Information Security Conference (ISC), LNCS, vol. 7483, pp. 39–54. Springer, Heidelberg (2012).Google Scholar
  18. 18.
    Jeckmans A.: Computational puzzles for spam reduction in SIP. Draft (2007).Google Scholar
  19. 19.
    Jeckmans A.: Practical client puzzle from repeated squaring. Technical Report (2009).Google Scholar
  20. 20.
    Jerschow Y.I., Mauve M.: Non-parallelizable and non-interactive client puzzles from modular square roots. In: Sixth International Conference on Availability, Reliability and Security, ARES 2011, pp. 135–142 (2011).Google Scholar
  21. 21.
    Juels A., Brainard J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of NDSS ’99 (Networks and Distributed, Security Systems), pp. 151–165 (1999).Google Scholar
  22. 22.
    Karame G., Čapkun S.: Low-cost client puzzles based on modular exponentiation. In: Proceedings of the 15th European Conference on Research in Computer Security. ESORICS’10, pp. 679–697. Springer, New York (2010).Google Scholar
  23. 23.
    Laurie B., Clayton R., Proof-of-work proves not to work; version 0.2. In: Workshop on Economics and Information, Security (2004).Google Scholar
  24. 24.
    Liu D., Camp L.: Proof of work can work. In: Fifth Workshop on the Economics of Information, Security (2006).Google Scholar
  25. 25.
    Narasimhan H., Varadarajan V., Rangan C.: Game theoretic resistance to denial of service attacks using hidden difficulty puzzles. In: Information Security, Practice and Experience, pp. 359–376 (2010).Google Scholar
  26. 26.
    Rangasamy J., Stebila D., Boyd C., Nieto J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 114–123. ACM, New York (2011).Google Scholar
  27. 27.
    Rivest R., Shamir A., Wagner D.: Time-lock puzzles and timed-release crypto. Technical Report. MIT Press, Cambridge (1996).Google Scholar
  28. 28.
    Stebila D., Kuppusamy L., Rangasamy J., Boyd C., Nieto J.G.: Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols. In: Proceedings of the 11th International Conference on Topics in cryptology: CT-RSA 2011, CT-RSA’11, pp. 284–301. Springer, Heidelberg (2011).Google Scholar
  29. 29.
    Suriadi S., Stebila D., Clark A., Liu H.: Defending web services against denial of service attacks using client puzzles. In: 2011 IEEE International Conference on Web Services (ICWS), pp. 25–32. IEEE, New York (2011).Google Scholar
  30. 30.
    Tang Q., Jeckmans A.: On Non-parallelizable Deterministic Client Puzzle Scheme with Batch Verification Modes. Springer, Heidelberg (2010).Google Scholar
  31. 31.
    Tritilanunt S., Boyd C., Foo E., Nieto J.M.G.: Toward non-parallelizable client puzzles. In: Proceedings of the 6th International Conference on Cryptology and Network Security, CANS’07, pp. 247–264. Springer, Heidelberg (2007).Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Faculty of Automatics and ComputersPolitehnica University of TimisoaraTimisoaraRomania
  2. 2.Computer Science DepartmentUniversity of BristolBristolUK

Personalised recommendations