Combating spam and denial-of-service attacks with trusted puzzle solvers

Abstract

Cryptographic puzzles can be used to mitigate spam and denial-of-service (DoS) attacks, as well as to implement timed-release cryptography. However, existing crypto puzzles are impractical because: (1) solving them wastes computing resources and/or human time, (2) the time it takes to solve them can vary dramatically across computing platforms, and/or (3) applications become non-interoperable due to competition for resources when solving them. We propose the use of Trusted Computing in constructing crypto puzzles. Our puzzle constructions have none of the drawbacks above and only require each client machine to be equipped with a small tamper-resistant Trusted Puzzle Solver (TPS), which may be realized using the prevalent Trusted Platform Module (TPM) with minimal modifications. © 2008 Springer-Verlag Berlin Heidelberg.