**Cuckoo Cycle: a memory bound graph-theoretic proof-of-work**

*John Tromp*

**Abstract: **We introduce the first graph-theoretic proof-of-work system,
based on finding small cycles or other structures in large random graphs.
Such problems are trivially verifiable and arbitrarily scalable,
presumably requiring memory linear in graph size to solve efficiently.
Our cycle finding algorithm uses one bit per edge, and up to one bit per node.
Runtime is linear in graph size and dominated by random access latency,
ideal properties for a memory bound proof-of-work.
We exhibit two alternative algorithms that allow for a memory-time trade-off
(TMTO)---decreased memory usage, by a factor $k$, coupled with increased runtime, by a factor $\Omega(k)$.
The constant implied in $\Omega()$ gives a notion of memory-hardness, which is shown to be dependent
on cycle length, guiding the latter's choice. Our algorithms are shown to parallelize reasonably well.

**Category / Keywords: **proof-of-work graph-theory

**Date: **received 27 Jan 2014, last revised 1 Jan 2015

**Contact author: **john tromp at gmail com

**Available format(s): **PDF | BibTeX Citation

**Note: **Final version submitted to Bitcoin 2015 workshop.

**Version: **20150101:160919 (All versions of this report)

**Short URL: **ia.cr/2014/059

[ Cryptology ePrint archive ]