Cumulative Memory Lower Bounds for Randomized and Quantum Computation

Authors Paul Beame , Niels Kornerup

Thumbnail PDF


  • Filesize: 0.92 MB
  • 20 pages

Document Identifiers

Author Details

Paul Beame
  • Computer Science & Engineering, University of Washington, Seattle, WA, USA
Niels Kornerup
  • Computer Science, University of Texas, Austin, TX, USA


Many thanks to David Soloveichik for his guidance and contributions to our initial results.

Cite AsGet BibTex

Paul Beame and Niels Kornerup. Cumulative Memory Lower Bounds for Randomized and Quantum Computation. In 50th International Colloquium on Automata, Languages, and Programming (ICALP 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 261, pp. 17:1-17:20, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Cumulative memory - the sum of space used per step over the duration of a computation - is a fine-grained measure of time-space complexity that was introduced to analyze cryptographic applications like password hashing. It is a more accurate cost measure for algorithms that have infrequent spikes in memory usage and are run in environments such as cloud computing that allow dynamic allocation and de-allocation of resources during execution, or when many multiple instances of an algorithm are interleaved in parallel. We prove the first lower bounds on cumulative memory complexity for both sequential classical computation and quantum circuits. Moreover, we develop general paradigms for bounding cumulative memory complexity inspired by the standard paradigms for proving time-space tradeoff lower bounds that can only lower bound the maximum space used during an execution. The resulting lower bounds on cumulative memory that we obtain are just as strong as the best time-space tradeoff lower bounds, which are very often known to be tight. Although previous results for pebbling and random oracle models have yielded time-space tradeoff lower bounds larger than the cumulative memory complexity, our results show that in general computational models such separations cannot follow from known lower bound techniques and are not true for many functions. Among many possible applications of our general methods, we show that any classical sorting algorithm with success probability at least 1/poly(n) requires cumulative memory ̃ Ω(n²), any classical matrix multiplication algorithm requires cumulative memory Ω(n⁶/T), any quantum sorting circuit requires cumulative memory Ω(n³/T), and any quantum circuit that finds k disjoint collisions in a random function requires cumulative memory Ω(k³n/T²).

Subject Classification

ACM Subject Classification
  • Theory of computation → Oracles and decision trees
  • Theory of computation → Quantum query complexity
  • Theory of computation → Quantum complexity theory
  • Cumulative memory complexity
  • time-space tradeoffs
  • branching programs
  • quantum lower bounds


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Scott Aaronson. Limitations of quantum advice and one-way communication. Theory of Computing, 1(1):1-28, 2005. URL:
  2. Karl R. Abrahamson. Generalized string matching. SIAM J. Comput., 16(6):1039-1051, 1987. URL:
  3. Karl R. Abrahamson. A time-space tradeoff for Boolean matrix multiplication. In 31st Annual IEEE Symposium on Foundations of Computer Science, Volume I, pages 412-419, 1990. URL:
  4. Karl R. Abrahamson. Time-space tradeoffs for algebraic problems on general sequential machines. J. Comput. Syst. Sci., 43(2):269-289, 1991. URL:
  5. Miklós Ajtai. Determinism versus nondeterminism for linear time RAMs with memory restrictions. J. Comput. Syst. Sci., 65(1):2-37, 2002. URL:
  6. Miklós Ajtai. A non-linear time lower bound for Boolean branching programs. Theory Comput., 1(1):149-176, 2005. URL:
  7. Joël Alwen and Jeremiah Blocki. Efficiently computing data-independent memory-hard functions. In Advances in Cryptology - CRYPTO 2016, pages 241-271, 2016. Google Scholar
  8. Joël Alwen, Jeremiah Blocki, and Krzysztof Pietrzak. Depth-robust graphs and their cumulative memory complexity. In Advances in Cryptology - EUROCRYPT 2017, pages 3-32, 2017. Google Scholar
  9. Joël Alwen, Binyi Chen, Chethan Kamath, Vladimir Kolmogorov, Krzysztof Pietrzak, and Stefano Tessaro. On the complexity of Scrypt and proofs of space in the parallel random oracle model. In Advances in Cryptology - EUROCRYPT 2016, Proceedings, Part II, volume 9666 of LNCS, pages 358-387, 2016. URL:
  10. Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin, and Stefano Tessaro. Scrypt is maximally memory-hard. In Advances in Cryptology - EUROCRYPT 2017, Proceedings, Part III, volume 10212 of Lecture Notes in Computer Science, pages 33-62, 2017. URL:
  11. Joël Alwen, Susanna F. de Rezende, Jakob Nordström, and Marc Vinyals. Cumulative space in black-white pebbling and resolution. In 8th Innovations in Theoretical Computer Science Conference (ITCS 2017), volume 67 of Leibniz International Proceedings in Informatics (LIPIcs), pages 38:1-38:21, 2017. URL:
  12. Joël Alwen and Vladimir Serbinenko. High parallel complexity graphs and memory-hard functions. In Proceedings of the Forty-Seventh Annual ACM Symposium on Theory of Computing, pages 595-603, 2015. URL:
  13. Andris Ambainis, Robert Špalek, and Ronald de Wolf. A new quantum lower bound method, with applications to direct product theorems and time-space tradeoffs. Algorithmica, 55(3):422-461, 2009. URL:
  14. Mohammad Hassan Ameri, Alexander R. Block, and Jeremiah Blocki. Memory-hard puzzles in the standard model with applications to memory-hard functions and resource-bounded locally decodable codes. Cryptology ePrint Archive, Paper 2021/801, 2021. URL:
  15. Andrew Baird, Bryant Bost, Stefano Buliani, Vyom Nagrani, Ajay Nair, Rahul Popat, and Brajendra Singh. AWS serverless multi-tier architectures with Amazon API Gateway and AWS Lambda, 2021. URL:
  16. Paul Beame. A general sequential time-space tradeoff for finding unique elements. SIAM J. Comput., 20(2):270-277, 1991. URL:
  17. Paul Beame, T. S. Jayram, and Michael E. Saks. Time-space tradeoffs for branching programs. J. Comput. Syst. Sci., 63(4):542-572, 2001. URL:
  18. Paul Beame and Niels Kornerup. Cumulative memory lower bounds for randomized and quantum computation. CoRR, abs/2301.05680, 2023. URL:
  19. Paul Beame, Michael E. Saks, Xiaodong Sun, and Erik Vee. Time-space trade-off lower bounds for randomized computation of decision problems. J. ACM, 50(2):154-195, 2003. URL:
  20. Jeremiah Blocki and Samson Zhou. On the depth-robustness and cumulative pebbling cost of Argon2i. In Theory of Cryptography, pages 445-465, 2017. Google Scholar
  21. Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter. Balloon hashing: A memory-hard function providing provable protection against sequential attacks. In Advances in Cryptology - ASIACRYPT 2016, pages 220-248, 2016. Google Scholar
  22. Allan Borodin and Stephen A. Cook. A time-space tradeoff for sorting on a general sequential model of computation. SIAM J. Comput., 11(2):287-297, 1982. URL:
  23. Allan Borodin, Michael J. Fischer, David G. Kirkpatrick, Nancy A. Lynch, and Martin Tompa. A time-space tradeoff for sorting on non-oblivious machines. J. Comput. Syst. Sci., 22(3):351-364, 1981. URL:
  24. Allan Borodin, Alexander A. Razborov, and Roman Smolensky. On lower bounds for read-k-times branching programs. Comput. Complex., 3:1-18, 1993. URL:
  25. Binyi Chen and Stefano Tessaro. Memory-hard functions from cryptographic primitives. In Advances in Cryptology - CRYPTO 2019, pages 543-572, 2019. Google Scholar
  26. Cynthia Dwork, Moni Naor, and Hoeteck Wee. Pebbling and proofs of work. In Advances in Cryptology - CRYPTO 2005, pages 37-54, 2005. Google Scholar
  27. Yassine Hamoudi and Frédéric Magniez. Quantum time-space tradeoff for finding multiple collision pairs. In 16th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2021), volume 197 of Leibniz International Proceedings in Informatics (LIPIcs), pages 1:1-1:21, 2021. URL:
  28. Stasys Jukna. A nondeterministic space-time tradeoff for linear codes. Inf. Process. Lett., 109(5):286-289, 2009. URL:
  29. Hartmut Klauck, Robert Špalek, and Ronald de Wolf. Quantum and classical strong direct product theorems and optimal time‐space tradeoffs. SIAM Journal on Computing, 36(5):1472-1493, 2007. URL:
  30. Yishay Mansour, Noam Nisan, and Prasoon Tiwari. The computational complexity of universal hashing. Theor. Comput. Sci., 107(1):121-133, 1993. URL:
  31. E. Okol'nishnikova. On lower bounds for branching programs. Siberian Advances in Mathematics, 3(1):152-166, 1993. Google Scholar
  32. Ling Ren and Srinivas Devadas. Proof of space from stacked expanders. In Proceedings, Part I, of the 14th International Conference on Theory of Cryptography - Volume 9985, pages 262-285. Springer-Verlag, 2016. URL:
  33. Martin Sauerhoff and Philipp Woelfel. Time-space tradeoff lower bounds for integer multiplication and graphs of arithmetic functions. In Proceedings of the 35th Annual ACM Symposium on Theory of Computing, pages 186-195, 2003. URL:
  34. John E. Savage. Models of Computation: Exploring the Power of Computing. Addison-Wesley Longman Publishing Co., Inc., USA, 1st edition, 1997. Google Scholar
  35. Martin Tompa. Time-space tradeoffs for computing functions, using connectivity properties of their circuits. J. Comput. Syst. Sci., 20(2):118-132, 1980. URL:
  36. Andrew Chi-Chih Yao. Probabilistic computations: Toward a unified measure of complexity (extended abstract). In 18th Annual IEEE Symposium on Foundations of Computer Science, pages 222-227, 1977. URL:
  37. Yaacov Yesha. Time-space tradeoffs for matrix multiplication and the discrete Fourier transform on any general sequential random-access computer. Journal of Computer and System Sciences, 29(2):183-197, 1984. URL:
  38. Mark Zhandry. How to record quantum queries, and applications to quantum indifferentiability. In Advances in Cryptology - CRYPTO 2019, pages 239-268, 2019. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail