Proof of Work

HUMAN Scenario-optimized Proof of Work (PoW)

What is PoW?

Scenario-optimized Proof of Work (PoW) requires computational effort to be expended before users can add items to a shopping cart, complete transactions, or do similar tasks. PoW consumes a significant amount of energy and CPU cycles at scale, making it costly for attackers to execute automated fraudulent tasks at once. With its’ scenario-optimized approach, the HUMAN platform dynamically adjusts the work required based on device and risk profile. This preserves the user experience for regular users while building an economic disincentive for future attacks on sites protected by HUMAN.

PoW is executed as a cryptographic challenge that requires a certain amount of CPU time to solve. Threat actors can’t “cheat” — the only solution is to guess the result of the equation and check if it works (also called a numeric solution). The variable difficulty of the challenge dictates how much work the cybercriminal must perform in order to solve the problem (a.k.a puzzle). Therefore, this means that finding the solution proves the user completed enough work in order to solve the puzzle.

PoW is a method to slow down bots, by forcing them to work harder in order to access certain resources. It’s an added layer of detection requiring the correct solution of a puzzle in order to be exonerated and solve the human challenge. PoW requires no user interaction or customer integration.

FAQ

  • When is PoW enabled (e.g., only during challenges)? Does this only happen in the background?
    It happens exclusively on the Human Challenge page and in the background. In the near future, it will be added as an additional option to the Hype Sale Challenge, Login page and others.
  • How does this tax the attacker but not the legitimate user?
    When solving a single puzzle, the computational effort is minimal. For bots that are operating at scale, the cost becomes significant, especially when a more complex puzzle is being presented (as it’s identified by having a malicious source) which makes it costly for cybercriminals to execute simultaneous automated fraud attacks tasks at once.
908
  • What is needed (if anything) on the customer side to enable or improve PoW.
    Nothing is needed from the customer’s end. Scenario-optimized Proof of Work (PoW) is an added layer of detection to the Human Challenge flow.
  • Can an attacker harvest puzzle solutions?
    There is no option to cache a puzzle’s solution. HUMAN serves a new puzzle for every attempt so that the attacker must solve the latest puzzle as we verify that the answer is from the latest puzzle.