Complexity

The “complexity” in the proof-of-work mechanism refers to the level of computational effort required by a client to solve the challenge presented by the server. The complexity is controlled by adjusting the maximum value of the random number generated by the server during challenge creation.

The complexity setting serves as a measure to balance security against automated abuse/spam and user experience. By controlling the range of the randomly generated number, the system adjusts the difficulty of the computational task required from the client.

Complexity test

Adjust the number of iterations and test the computational complexity on your device.

Use Web Worker

Iterations: 0

Adjusting complexity

The complexity can be adjusted by modifying the minimum and maximum values of the randomly generated secret number on the server side. A lower maximum value creates a less complex challenge, requiring fewer computational iterations for the client to find a matching solution. Conversely, a higher maximum value increases the complexity, demanding more computational resources and time from the client.

Considerations

Performance impact

Higher complexity may significantly increase the computational load on client devices, potentially impacting user experience.
Low-end versus high-end devices

What takes less than a second on a new iPhone, might take 30 seconds on a low-end Android phone. Test with physical devices typical for your users.
Security trade-offs

Lower complexity might reduce security against automated attacks but can enhance user accessibility.

Recommended practices

Dynamic complexity

Implement a dynamic system that adapts complexity based on server load or user behavior, ensuring a balance between security and usability.
Testing and optimization

Conduct thorough testing to determine an optimal complexity level that prevents abuse without excessively burdening legitimate users.