Paper 2011/665

Efficient Modular Exponentiation-based Puzzles for Denial-of-Service Protection

Jothi Rangasamy, Douglas Stebila, Lakshmi Kuppusamy, Colin Boyd, and Juan Gonzalez Nieto


Client puzzles are moderately-hard cryptographic problems --- neither easy nor impossible to solve --- that can be used as a countermeasure against denial of service attacks on network protocols. Puzzles based on modular exponentiation are attractive as they provide important properties such as non-parallelisability, deterministic solving time, and linear granularity. We propose an efficient client puzzle based on modular exponentiation. Our puzzle requires only a few modular multiplications for puzzle generation and verification. For a server under denial of service attack, this is a significant improvement as the best known non-parallelisable puzzle proposed by Karame and Čapkun (ESORICS 2010) requires at least $2k$-bit modular exponentiation, where $k$ is a security parameter. We show that our puzzle satisfies the unforgeability and difficulty properties defined by Chen \etal{} (Asiacrypt 2009). We present experimental results which show that, for $1024$-bit moduli, our proposed puzzle can be up to $30 \times$ faster to verify than the Karame-Čapkun puzzle and $ 99 \times$ faster than the Rivest \etal's time-lock puzzle.

Note: to appear in ICISC 2011 proceedings

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
client puzzlestime-lock puzzlesdenial of service resistanceRSApuzzle difficulty
Contact author(s)
j rangasamy @ qut edu au
2011-12-09: received
Short URL
Creative Commons Attribution


      author = {Jothi Rangasamy and Douglas Stebila and Lakshmi Kuppusamy and Colin Boyd and Juan Gonzalez Nieto},
      title = {Efficient Modular Exponentiation-based Puzzles for Denial-of-Service Protection},
      howpublished = {Cryptology ePrint Archive, Paper 2011/665},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.