Advances in Cryptology – ASIACRYPT 2009

Volume 5912 of the series Lecture Notes in Computer Science pp 505-523

Security Notions and Generic Constructions for Client Puzzles

  • Liqun ChenAffiliated withHewlett-Packard Laboratories
  • , Paul MorrisseyAffiliated withComputer Science Department, University of Bristol
  • , Nigel P. SmartAffiliated withComputer Science Department, University of Bristol
  • , Bogdan WarinschiAffiliated withComputer Science Department, University of Bristol


By a computational puzzle we mean a mildly difficult computational problem that requires resources (processor cycles, memory, or both) to solve. Puzzles have found a variety of uses in security. In this paper we are concerned with client puzzles: a type of puzzle used as a defense against Denial of Service (DoS) attacks. The main contribution of this paper is a formal model for the security of client puzzles.We clarify the interface that client puzzles should offer and give two security notions for puzzles. Both functionality and security are inspired by, and tailored to, the use of puzzles as a defense against DoS attacks.Our definitions fill an important gap: breaking either of the two properties immediately leads to successful DoS attacks. We illustrate this point with an attack against a previously proposed puzzle construction.We also provide a generic construction of a client puzzle which meets our security definitions.