Skip to content

Complexity

The “complexity” in the proof-of-work mechanism refers to the level of computational effort required by a client to solve the challenge presented by the server. The complexity is controlled by adjusting the maximum value of the random number generated by the server during challenge creation.

The complexity setting serves as a measure to balance security against automated abuse/spam and user experience. By controlling the range of the randomly generated number, the system adjusts the difficulty of the computational task required from the client.

Complexity test

Adjust the number of iterations and test the computational complexity on your device.

Iterations: 0

Adjusting complexity

The complexity can be adjusted by modifying the minimum and maximum values of the randomly generated secret number on the server side. A lower maximum value creates a less complex challenge, requiring fewer computational iterations for the client to find a matching solution. Conversely, a higher maximum value increases the complexity, demanding more computational resources and time from the client.

Performance Benchmarks

These benchmarks illustrate the time required for different devices to solve an ALTCHA challenge. The table below shows the number of computations (operations) each device can perform per second and the corresponding time to solve a challenge with a complexity of 100,000. A higher number of operations per second indicates better performance.

DevicePerformanceTime to Solve
MacBook Pro M3-Pro (2023)3 ops/s0.33 sec
iPhone 12 mini (2020)1.2 ops/s0.83 sec
AWS EC2 (c6a.xlarge)1 ops/s1 sec
Samsung Galaxy A14 (2023)0.4 ops/s2.5 sec
AWS Lambda (1GB)0.12 ops/s8 sec

Considerations

  • Performance impact

    Higher complexity may significantly increase the computational load on client devices, potentially impacting user experience.

  • Low-end versus high-end devices

    What takes less than a second on a new iPhone, might take 30 seconds on a low-end Android phone. Test with physical devices typical for your users.

  • Security trade-offs

    Lower complexity might reduce security against automated attacks but can enhance user accessibility.

  • Dynamic complexity

    Implement a dynamic system that adapts complexity based on server load or user behavior, ensuring a balance between security and usability.

  • Testing and optimization

    Conduct thorough testing to determine an optimal complexity level that prevents abuse without excessively burdening legitimate users.