Proofs of Space: When Space Is of the Essence

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8642)


Proofs of computational effort were devised to control denial of service attacks. Dwork and Naor (CRYPTO ’92), for example, proposed to use such proofs to discourage spam. The idea is to couple each email message with a proof of work that demonstrates the sender performed some computational task. A proof of work can be either CPU-bound or memory-bound. In a CPU-bound proof, the prover must compute a CPU-intensive function that is easy to check by the verifier. A memory-bound proof, instead, forces the prover to access the main memory several times, effectively replacing CPU cycles with memory accesses.

In this paper we put forward a new concept dubbed proof of space. To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount of actual memory the prover must employ to compute the proof. We give a complete and detailed algorithmic description of our model. We develop a full theoretical analysis which uses combinatorial tools from Complexity Theory (such as pebbling games) which are essential in studying space lower bounds.


Space Complexity Proof of Work Pebbling Game Random Oracle Model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. ACM Trans. Internet Technol. 5(2), 299–327 (2005)CrossRefGoogle Scholar
  2. 2.
    Abliz, M., Znati, T.: A guided tour puzzle for denial of service prevention. In: ACSAC, pp. 279–288. IEEE Computer Society (2009)Google Scholar
  3. 3.
    Ateniese, G., Bonacina, I., Faonio, A., Galesi, N.: Proofs of space: When space is of the essence. Cryptology ePrint Archive, Report 2013/805 (2013),
  4. 4.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 598–609. ACM, New York (2007)CrossRefGoogle Scholar
  5. 5.
    Ateniese, G., Kamara, S., Katz, J.: Proofs of storage from homomorphic identification protocols. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 319–333. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Back, A.: Hashcash - a denial of service counter-measure. Technical report (2002)Google Scholar
  7. 7.
    Barak, B., Goldreich, O.: Universal arguments and their applications. In: IEEE Conference on Computational Complexity, pp. 194–203. IEEE Computer Society (2002)Google Scholar
  8. 8.
    Boppana, R.B., Hastad, J., Zachos, S.: Does co-np have short interactive proofs? Inf. Process. Lett. 25(2), 127–132 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.): ICALP 2005. LNCS, vol. 3580. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  10. 10.
    Canetti, R., Riva, B., Rothblum, G.N.: Refereed delegation of computation. Information and Computation 226, 16–36 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved Delegation of Computation Using Fully Homomorphic Encryption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 483–501. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Dwork, C., Goldberg, A.V., Naor, M.: On memory-bound functions for fighting spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  14. 14.
    Dwork, C., Naor, M., Wee, H.: Pebbling and proofs of work. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 37–54. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Dziembowski, S., Faust, S., Kolmogorov, V., Pietrzak, K.: Proofs of space. Cryptology ePrint Archive, Report 2013/796 (2013),
  16. 16.
    Dziembowski, S., Kazana, T., Wichs, D.: Key-evolution schemes resilient to space-bounded leakage. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 335–353. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Dziembowski, S., Kazana, T., Wichs, D.: One-time computable self-erasing functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 125–143. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Dziembowski, S., Pietrzak, K., Faust, S.: Proofs of space and a greener bitcoin. Talk presented at Workshop on Leakage, Tampering and Viruses, Warsaw 2013 (2013)Google Scholar
  19. 19.
    Fiore, D., Gennaro, R.: Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, p. 501 (2012)Google Scholar
  20. 20.
    Goldreich, O., Hastad, J.: On the complexity of interactive proofs with bounded communication. Information Processing Letters (1998)Google Scholar
  21. 21.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 113–122. ACM, New York (2008)Google Scholar
  22. 22.
    Juels, A., Brainard, J.G.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: NDSS. The Internet Society (1999)Google Scholar
  23. 23.
    Karvelas, N.P., Kiayias, A.: Efficient Proofs of Secure Erasure. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 526–543. Springer, Heidelberg (2014)Google Scholar
  24. 24.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, STOC 1992, pp. 723–732. ACM, New York (1992)CrossRefGoogle Scholar
  25. 25.
    Lengauer, T., Tarjan, R.E.: Asymptotically tight bounds on time-space trade-offs in a pebble game. Journal of the ACM (JACM) 29(4), 1087–1130 (1982)CrossRefzbMATHMathSciNetGoogle Scholar
  26. 26.
    Micali, S.: Computationally sound proofs. SIAM Journal on Computing 30(4), 1253–1298 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  27. 27.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (May 2009)Google Scholar
  28. 28.
    Percival, C.: Stronger key derivation via sequential memory-hard functions. Presented at BSDCan 2009 (2009)Google Scholar
  29. 29.
    Perito, D., Tsudik, G.: Secure code update for embedded devices via proofs of secure erasure. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 643–662. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Pippenger, N.: Superconcentrators. SIAM J. Comput. 6(2), 298–304 (1977)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Smith, A., Zhang, Y.: Near-linear time, leakage-resilient key evolution schemes from expander graphs. IACR Cryptology ePrint Archive, 2013:864 (2013)Google Scholar
  33. 33.
    Tompa, M.: Time-space tradeoffs for computing functions, using connectivity properties of their circuits. In: Proceedings of the Tenth Annual ACM Symposium on Theory of Computing, STOC 1978, pp. 196–204. ACM, New York (1978)CrossRefGoogle Scholar
  34. 34.
    Waters, B., Juels, A., Alex Halderman, J., Felten, E.W.: New client puzzle outsourcing techniques for dos resistance. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 246–256. ACM, New York (2004)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Sapienza - University of RomeItaly
  2. 2.Johns Hopkins UniversityUSA

Personalised recommendations