Revisiting Difficulty Notions for Client Puzzles and DoS Resilience

  • Bogdan Groza
  • Bogdan Warinschi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7483)


Cryptographic puzzles are moderately difficult problems that can be solved by investing non-trivial amounts of computation and/or storage. Devising models for cryptographic puzzles has only recently started to receive attention from the cryptographic community as a first step towards rigorous models and proofs of security of applications that employ them (e.g. Denial-of-service (DoS) resistance). Unfortunately, the subtle interaction between the complex scenarios for which cryptographic puzzles are intended and typical difficulties associated with defying concrete security easily leads to flaws in definitions and proofs. Indeed, as a first contribution we exhibit shortcomings of the state-of-the-art definition of security of cryptographic puzzles and point out some flaws in existing security proofs. The main contribution of this paper are new security definitions for puzzle difficulty. We distinguish and formalize two distinct flavors of puzzle security (which we call optimal and ideal) and in addition properly define the relation between solving one puzzle vs. solving multiple ones. We demonstrate the applicability of our notions by analyzing the security of two popular puzzle constructions. In addition, we briefly investigate existing definitions for the related notion of DoS security. We demonstrate that the only rigorous security notions proposed to date is not sufficiently demanding (as it allows to prove secure protocols that are clearly not DoS resilient) and suggest an alternative definition. Our results are not only of theoretical interest. We show that our better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations.


Hash Function Success Probability Random Oracle Model Security Notion Resource Exhaustion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. ACM Transactions on Internet Technology 5, 299–327 (2005)CrossRefGoogle Scholar
  2. 2.
    Abliz, M., Znati, T.: A guided tour puzzle for denial of service prevention. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 279–288. IEEE Computer Society (2009)Google Scholar
  3. 3.
    Aura, T., Nikander, P., Leiwo, J.: DOS-Resistant Authentication with Client Puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Back, A.: Hashcash - a denial of service counter-measure. Technical report (2002)Google Scholar
  5. 5.
    Boyd, C., Gonzalez-Nieto, J., Kuppusamy, L., Narasimhan, H., Rangan, C., Rangasamy, J., Smith, J., Stebila, D., Varadarajan, V.: An investigation into the detection and mitigation of denial of service (Dos) attacks: Critical information infrastructure protection. In: Cryptographic Approaches to Denial-of-Service Resistance, p. 183 (2011)Google Scholar
  6. 6.
    Chen, L., Morrissey, P., Smart, N.P., Warinschi, B.: Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, p. 1. USENIX Association, Berkeley (2001)Google Scholar
  8. 8.
    Dwork, C., Goldberg, A., Naor, M.: On Memory-Bound Functions for Fighting Spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  10. 10.
    Gao, Y., Susilo, W., Mu, Y., Seberry, J.: Efficient trapdoor-based client puzzle against DoS attacks. Network Security, 229–249 (2010)Google Scholar
  11. 11.
    Jeckmans, A.: Computational puzzles for spam reduction in SIP (draft) (July 2007)Google Scholar
  12. 12.
    Jeckmans, A.: Practical client puzzle from repeated squaring. Technical report (August 2009)Google Scholar
  13. 13.
    Jerschow, Y.I., Mauve, M.: Non-parallelizable and non-interactive client puzzles from modular square roots. In: Sixth International Conference on Availability, Reliability and Security, ARES 2011, pp. 135–142 (2011)Google Scholar
  14. 14.
    Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proceedings of NDSS 1999 (Networks and Distributed Security Systems), pp. 151–165 (1999)Google Scholar
  15. 15.
    Karame, G.O., Čapkun, S.: Low-Cost Client Puzzles Based on Modular Exponentiation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 679–697. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Rangasamy, J., Stebila, D., Boyd, C., Gonzalez Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 114–123. ACM (2011)Google Scholar
  17. 17.
    Rivest, R., Shamir, A., Wagner, D.: Time-lock puzzles and timed-release crypto. Technical report, Cambridge, MA, USA (1996)Google Scholar
  18. 18.
    Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J.: Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 284–301. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Suriadi, S., Stebila, D., Clark, A., Liu, H.: Defending web services against denial of service attacks using client puzzles. In: 2011 IEEE International Conference on Web Services (ICWS), pp. 25–32. IEEE (2011)Google Scholar
  20. 20.
    Tang, Q., Jeckmans, A.: On non-parallelizable deterministic client puzzle scheme with batch verification modes (2010)Google Scholar
  21. 21.
    Tritilanunt, S., Boyd, C., Foo, E., González Nieto, J.M.: Toward Non-parallelizable Client Puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Bogdan Groza
    • 1
  • Bogdan Warinschi
    • 2
  1. 1.Faculty of Automatics and ComputersPolitehnica University of TimisoaraRomania
  2. 2.Computer Science DepartmentUniversity of BristolUK

Personalised recommendations