Complexity
The “complexity” in the proof-of-work mechanism refers to the level of computational effort required by a client to solve the challenge presented by the server. The complexity is controlled by adjusting the maximum value of the random number generated by the server during challenge creation.
The complexity setting serves as a measure to balance security against automated abuse/spam and user experience. By controlling the range of the randomly generated number, the system adjusts the difficulty of the computational task required from the client.
Adjust the number of iterations and test the computational complexity on your device.
Adjusting complexity
The complexity can be adjusted by modifying the minimum and maximum values of the randomly generated secret number on the server side. A lower maximum value creates a less complex challenge, requiring fewer computational iterations for the client to find a matching solution. Conversely, a higher maximum value increases the complexity, demanding more computational resources and time from the client.
Performance Benchmarks
These benchmarks illustrate the time required for different devices to solve an ALTCHA challenge. The table below shows the number of computations (operations) each device can perform per second and the corresponding time to solve a challenge with a complexity of 100,000. A higher number of operations per second indicates better performance.
Device | Performance | Time to Solve |
---|---|---|
MacBook Pro M3-Pro (2023) | 3 ops/s | 0.33 sec |
iPhone 12 mini (2020) | 1.2 ops/s | 0.83 sec |
AWS EC2 (c6a.xlarge) | 1 ops/s | 1 sec |
Samsung Galaxy A14 (2023) | 0.4 ops/s | 2.5 sec |
AWS Lambda (1GB) | 0.12 ops/s | 8 sec |
Considerations
-
Performance impact
Higher complexity may significantly increase the computational load on client devices, potentially impacting user experience.
-
Low-end versus high-end devices
What takes less than a second on a new iPhone, might take 30 seconds on a low-end Android phone. Test with physical devices typical for your users.
-
Security trade-offs
Lower complexity might reduce security against automated attacks but can enhance user accessibility.
Recommended practices
-
Dynamic complexity
Implement a dynamic system that adapts complexity based on server load or user behavior, ensuring a balance between security and usability.
-
Testing and optimization
Conduct thorough testing to determine an optimal complexity level that prevents abuse without excessively burdening legitimate users.