On Memory-Bound Functions for Fighting Spam

  • Cynthia Dwork
  • Andrew Goldberg
  • Moni Naor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


In 1992, Dwork and Naor proposed that e-mail messages be accompanied by easy-to-check proofs of computational effort in order to discourage junk e-mail, now known as spam. They proposed specific CPU-bound functions for this purpose. Burrows suggested that, since memory access speeds vary across machines much less than do CPU speeds, memory-bound functions may behave more equitably than CPU-bound functions; this approach was first explored by Abadi, Burrows, Manasse, and Wobber [3].

We further investigate this intriguing proposal. Specifically, we

1) Provide a formal model of computation and a statement of the problem;

2) Provide an abstract function and prove an asymptotically tight amortized lower bound on the number of memory accesses required to compute an acceptable proof of effort; specifically, we prove that, on average, the sender of a message must perform many unrelated accesses to memory, while the receiver, in order to verify the work, has to perform significantly fewer accesses;

3) Propose a concrete instantiation of our abstract function, inspired by the RC4 stream cipher;

4) Describe techniques to permit the receiver to verify the computation with no memory accesses;

5) Give experimental results showing that our concrete memory-bound function is only about four times slower on a 233 MHz settop box than on a 3.06 GHz workstation, and that speedup of the function is limited even if an adversary knows the access sequence and uses optimal off-line cache replacement.


Hash Function Memory Access Signature Scheme Random Oracle Cache Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Burrows, M. (multiple) private communication(s)Google Scholar
  2. 2.
    Abadi, M.: private communicationGoogle Scholar
  3. 3.
    Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately Hard, Memory-Bound Functions. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (February 2003)Google Scholar
  4. 4.
    Ajtai, M.: Determinism versus Non-Determinism for Linear Time RAMs, In: STOC 1999, pp. 632–641 (1999)Google Scholar
  5. 5.
    Ajtai, M.: A Non-linear Time Lower Bound for Boolean Branching Programs. In: FOCS 1999, pp. 60–70 (1999)Google Scholar
  6. 6.
    Alon, N., Spencer, J.: The Probabilistic Method. Wiley & Sons, New-York (1992)zbMATHGoogle Scholar
  7. 7.
    Beame, P., Saks, M.E., Sun, X., Vee, E.: Super-linear time-space tradeoff lower bounds for randomized computation. In: FOCS 2000, pp. 169–179 (2000)Google Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
  10. 10.
    Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer 10, 74–84 (1977)CrossRefGoogle Scholar
  11. 11.
    Dwork, C., Naor, M.: Pricing via Processing, Or, Combatting Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  12. 12.
    Dwork, C., Naor, M.: An Efficient Existentially Unforgeable Signature Scheme and Its Applications. Journal of Cryptology 11(3), 187–208 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Fiat, A.: Batch RSA. Journal of Cryptology 10(2), 75–88 (1997)zbMATHCrossRefGoogle Scholar
  14. 14.
    Fiat, A., Naor, M.: Rigorous Time/Space Tradeoffs for Inverting Functions. In: STOC 1991, pp. 534–541 (1991)Google Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 641–654. Springer, Heidelberg (1985)Google Scholar
  16. 16.
    Fluhrer, S., Mantin, I., Shamir, A.: Attacks on RC4 and WEP. In: Cryptobytes 2002 (2002)Google Scholar
  17. 17.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996), Also available: CrossRefGoogle Scholar
  18. 18.
    Back, A.: Hashcash - A Denial of Servic Counter-Measure, available at
  19. 19.
    Bellare, M., Garay, J.A., Rabin, T.: Fast Batch Verification for Modular Exponentiation and Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Bellare, M., Garay, J.A., Rabin, T.: Batch Verification with Applications to Cryptography and Checking, In: LATIN 1998, pp. 170–191 (1998)Google Scholar
  21. 21.
    Hellman, M.: A Cryptanalytic Time Memory Trade-Off. IEEE Trans. Infor. Theory 26, 401–406 (1980)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations and Pseudorandom Functions. SIAM J. Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Mantin, I.: Analysis of the Stream Cipher RC4, Master’s Thesis, Weizmann Institute of Science (2001), Available
  24. 24.
    Mironov, I.: (Not So) Random Shuffles of RC4, In: Proc. of CRYPTO 2002 (2002)Google Scholar
  25. 25.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and their Cryptographic Applications, In: STOC 1989, pp. 33–43 (1989)Google Scholar
  26. 26.
    Oechslin, P.: Making a faster Cryptanalytic Time-Memory Trade-Off, these proceedingsGoogle Scholar
  27. 27.
    van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Cryptanalytic Applications. Journal of Cryptology 12(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Schroeppel, R., Shamir, A.: A T = O(2(n/2)), S = O(2(n/4)) Algorithm for Certain NP-Complete Problems. SIAM J. Comput. 10(3), 456–464 (1981)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Cynthia Dwork
    • 1
  • Andrew Goldberg
    • 1
  • Moni Naor
    • 2
  1. 1.Microsoft Research, SVCMountain ViewUSA
  2. 2.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations