Exponential Memory-Bound Functions for Proof of Work Protocols

In year 2005, Internet users were twice more likely to receive unsolicited electronic messages, known as spams, than regular emails. Proof of work protocols are designed to limit such phenomena and other denial-of-service attacks by requiring some kind of virtual stamping: the attacks are not suppressed, but their rate is reduced as some cost must be paid to get the service. The cost is not in money but in computation time. These schemes require computing an easy to verify but hard to find solution to some problem. As cpu-intensive computations are badly hit over time by Moore’s law, memory-bound computations have been suggested as an alternative to deal with heterogeneous hardware. We introduce new memory-bound functions suitable to these protocols, in which the client-side work to compute the response is exponential with respect to the server-side work needed to set the challenge or check it, instead of polynomial. One-way non-interactive solution-verification variants are also presented. Our experimental results and technical arguments show that any such memory-bound function is inherently parallel, thus bound by memory bandwidth and not by memory latency, as previously claimed by others.

[1]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[2]  Sally A. McKee,et al.  Hitting the memory wall: implications of the obvious , 1995, CARN.

[3]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[4]  Petros Maniatis,et al.  Economic Measures to Resist Attacks on a Peer-to-Peer Network , 2003 .

[5]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[6]  Matthew K. Franklin,et al.  Auditable Metering with Lightweight Security , 1997, J. Comput. Secur..

[7]  J. da Cruz Mail filtering on medium/huge mail servers with j-chkmail , 2005 .

[8]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[9]  木村 康則,et al.  20世紀の名著名論:Gordon Moore: Cramming More Components onto Integrated Circuits , 2005 .

[10]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[11]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[12]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[13]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[14]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[15]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[16]  Jonathan B. Postel Simple Mail Transfer Protocol-SMTP , 1992 .

[17]  G.E. Moore,et al.  Cramming More Components Onto Integrated Circuits , 1998, Proceedings of the IEEE.