Designing Proof of Human-Work Puzzles for Cryptocurrency and Beyond

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)


We introduce the novel notion of a Proof of Human-work (PoH) and present the first distributed consensus protocol from hard Artificial Intelligence problems. As the name suggests, a PoH is a proof that a human invested a moderate amount of effort to solve some challenge. A PoH puzzle should be moderately hard for a human to solve. However, a PoH puzzle must be hard for a computer to solve, including the computer that generated the puzzle, without sufficient assistance from a human. By contrast, CAPTCHAs are only difficult for other computers to solve — not for the computer that generated the puzzle. We also require that a PoH be publicly verifiable by a computer without any human assistance and without ever interacting with the agent who generated the proof of human-work. We show how to construct PoH puzzles from indistinguishability obfuscation and from CAPTCHAs. We motivate our ideas with two applications: HumanCoin and passwords. We use PoH puzzles to construct HumanCoin, the first cryptocurrency system with human miners. Second, we use proofs of human work to develop a password authentication scheme which provably protects users against offline attacks.


  1. 1.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on Bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 443–458. IEEE Computer Society Press, May 2014Google Scholar
  2. 2.
    Aspnes, J., Jackson, C., Krishnamurthy, A.: Exposing computationally-challenged Byzantine impostors. Technical report YALEU/DCS/TR-1332, Yale University Department of Computer Science, July 2005Google Scholar
  3. 3.
    Back, A.: Hashcash – a denial of service counter-measure (2002).
  4. 4.
    Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M., Zerocash: decentralized anonymous payments from Bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014Google Scholar
  6. 6.
    Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy, pp. 287–304. IEEE Computer Society Press, May 2015Google Scholar
  7. 7.
    Bentov, I., Kumaresan, R.: How to use Bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Bentov, I., Lee, C., Mizrahi, A., Rosenfeld, M.: Proof of activity: extending Bitcoins proof of work via proof of stake. In: Proceedings of the ACM SIGMETRICS 2014 Workshop on Economics of Networked Systems, NetEcon (2014)Google Scholar
  9. 9.
    Blocki, J., Blum, M., Datta, A.: GOTCHA password hackers! In: AISec 2013, Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 25–34 (2013).
  10. 10.
    Blocki, J., Komanduri, S., Cranor, L.F., Datta, A.: Spaced repetition and mnemonics enable recall of multiple strong passwords. In: NDSS 2015. The Internet Society, February 2015Google Scholar
  11. 11.
    Blocki, J., Komanduri, S., Procaccia, A., Sheffet, O.: Optimizing password composition policies. In: Proceedings of the Fourteenth ACM Conference on Electronic Commerce, pp. 105–122. ACM (2013)Google Scholar
  12. 12.
    Blocki, J., Zhou, H.-S.: Designing proof of human-work puzzles for cryptocurrency and beyond. In: IACR Cryptology ePrint Archive 2016/145 (2016).
  13. 13.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552. IEEE Computer Society Press, May 2012Google Scholar
  14. 14.
    Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for Bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy, pp. 104–121. IEEE Computer Society Press, May 2015Google Scholar
  15. 15.
    Bonneau, J., Schechter, S.: Toward reliable storage of 56-bit keys in human memory. In: Proceedings of the 23rd USENIX Security Symposium, August 2014Google Scholar
  16. 16.
    Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based captchas. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014), San Diego, CA, August 2014. USENIX Association (2014)Google Scholar
  17. 17.
    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy, pp. 399–413. IEEE Computer Society Press, May 2010Google Scholar
  18. 18.
    Canetti, R., Halevi, S., Steiner, M.: Mitigating dictionary attacks on password-protected local storage. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 160–179. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Chellapilla, K., Simard, P.Y.: Using machine learning to break visual human interaction proofs (HIPs). In: Neural Information Processing Systems (NIPS), pp. 265–272 (2004).
  20. 20.
    Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Dwork, C., Goldberg, A.V., Naor, M.: On memory-bound functions for fighting spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Dwork, C., Halpern, J.Y., Waarts, O.: Performing work efficiently in the presence of faults. SIAM J. Comput. 27(5), 1457–1491 (1998)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  24. 24.
    Dziembowski, S.: How to pair with a human. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 200–218. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Dziembowski, S., Faust, S., Kolmogorov, V., Pietrzak, K.: Proofs of space. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 585–605. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  26. 26.
    Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In: Ning, P., di Vimercati, S.D.C. Syverson, P.F. (eds.) ACM CCS 2007, pp. 366–374. ACM Press, October 2007Google Scholar
  27. 27.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 431–449. Springer, Heidelberg (2014)Google Scholar
  28. 28.
    Florêncio, D., Herley, C.: Where do security policies come from. In: Proceedings of SOUPS, p. 10 (2010)Google Scholar
  29. 29.
    Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015)Google Scholar
  30. 30.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press, October 2013Google Scholar
  31. 31.
    Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Hofheinz, D., Jager, T., Khurana, D., Sahai, A., Waters, B., Zhandry, M.: How to generate and use universal samplers. Cryptology ePrint Archive, Report 2014/507 (2014).
  33. 33.
    Hwang, K.-F., Huang, C.-C., You, G.-N.: A spelling based CAPTCHA system by using click. In: 2012 International Symposium on Biometrics and Security Technologies (ISBAST), pp. 1–8, March 2012Google Scholar
  34. 34.
    Kani, J., Nishigaki, M.: Gamified CAPTCHA. In: Marinos, L., Askoxylakis, I. (eds.) HAS 2013. LNCS, vol. 8030, pp. 39–48. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  35. 35.
    Khot, R.A., Srinathan, K.: iCAPTCHA: image tagging for free. In: Proceedings of Conference on Usable Software and Interface Design (2009)Google Scholar
  36. 36.
    Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49896-5_25 CrossRefGoogle Scholar
  37. 37.
    Komanduri, S., Shay, R., Kelley, P., Mazurek, M., Bauer, L., Christin, N., Cranor, L., Egelman, S.: Of passwords, people: measuring the effect of password-composition policies. In: Proceedings of the Annual Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM (2011)Google Scholar
  38. 38.
    Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: IEEE Symposium on Security and Privacy (2016)Google Scholar
  39. 39.
    Kumarasubramanian, A., Ostrovsky, R., Pandey, O., Wadia, A.: Cryptography using captcha puzzles. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 89–106. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  40. 40.
    Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982)CrossRefMATHGoogle Scholar
  41. 41.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  42. 42.
    Miller, A., Kosba, A.E., Katz, J., Shi, E.: Nonoutsourceable scratch-off puzzles to discourage bitcoin mining coalitions. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 15, pp. 680–691. ACM Press, October 2015Google Scholar
  43. 43.
    Mori, G., Malik, J.: Recognizing objects in adversarial clutter: breaking a visual CAPTCHA. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR), pp. 134–144 (2003)Google Scholar
  44. 44.
    Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: CAPTCHAs-understanding CAPTCHA-solving services in an economic context. In: 19th USENIX Security Symposium, Washington, DC, USA, 11–13 August 2010, Proceedings, pp. 435–462 (2010)Google Scholar
  45. 45.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).
  46. 46.
    Narayanan, A., Bonneau, J., Felten, E., Miller, A.: Bitcoin and Cryptocurrency Technology (online course) (2015).
  47. 47.
    Park, S., Pietrzak, K., Kwon, A., Alwen, J., Fuchsbauer, G., Gaži, P.: Spacemint: a cryptocurrency based on proofs of space. Cryptology ePrint Archive, Report 2015/528 (2015).
  48. 48.
    Pass, R., Seeman, L.: abhi shelat. Analysis of the blockchain protocol in asynchronous networks. In: Cryptology ePrint Archive, Report 2016/454 (2016).
  49. 49.
    Rogaway, P.: Formalizing human ignorance. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  50. 50.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 475–484. ACM Press, May/June 2014Google Scholar
  51. 51.
    Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. In: FC (2016).
  52. 52.
    Sauer, G., Hochheiser, H., Feng, J., Lazar, J.: Towards a universally usable CAPTCHA. In: Proceedings of the 4th Symposium on Usable Privacy and Security (2008)Google Scholar
  53. 53.
    Szabo, N.: Formalizing and securing relationships on public networks. In: First Monday (1997).
  54. 54.
    Tam, J., Simsa, J., Hyde, S., Von Ahn, L.: Breaking audio captchas. Advan. Neural Inf. Process. Syst. 1(4), 1625–1632 (2008)Google Scholar
  55. 55.
    Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  56. 56.
    Von Ahn, L., Maurer, B., McMillen, C., Abraham, D., Blum, M.: reCAPTCHA: human-based character recognition via web security measures. Science 321(5895), 1465–1468 (2008)MathSciNetCrossRefMATHGoogle Scholar
  57. 57.
    Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for DoS resistance. In: Atluri, V., Pfitzmann, B., Mc-Daniel, P. (eds.) ACM CCS 2004, pp. 246–256. ACM Press, October (2004)Google Scholar
  58. 58.
    Wilkins, J.: Strong CAPTCHA guidelines v1.2. (2009).

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Purdue UniversityWest LafayetteUSA
  2. 2.Virginia Commonwealth UniversityRichmondUSA

Personalised recommendations