Learning Center
Plans & pricing Sign in
Sign Out



     By Luis von Ahn, Manuel Blum, and John Langford

    You’ve probably seen them—colorful images with
    distorted text in them at the bottom of Web registration
    forms. CAPTCHAs are used by Yahoo, Hotmail, PayPal and               How lazy
    many other popular Web sites to prevent automated regis-          cryptographers
    trations, and they work because no computer program can
    currently read distorted text as well as humans can. What             do AI.
    you probably don’t know is that a CAPTCHA is something
          illustration by Jean-François Podevin

                             This is trial version     COMMUNICATIONS OF THE ACM February 2004/Vol. 47, No. 2   57
   more than just an image with distorted text: it is a           Carnegie Mellon found a way to stuff the ballots by
   test, any test, that can be automatically generated,           using programs that voted for CMU thousands of
   which most humans can pass, but that current com-              times: CMU’s score started growing rapidly. The
   puter programs cannot pass. Notice the paradox: a              next day, students at MIT wrote their own voting
   CAPTCHA is a program that can generate and                     program and the poll became a contest between vot-
   grade tests that it itself cannot pass (much like some         ing “bots.” MIT finished with 21,156 votes,
   professors).                                                   Carnegie Mellon with 21,032 and every other
      CAPTCHA stands for “Completely Automated                    school with less than 1,000. Can the result of any
   Public Turing Test to Tell Computers and Humans                online poll be trusted? Not unless the poll requires
   Apart.” The P for Public means that the code and               that only humans can vote.
   the data used by a CAPTCHA should be publicly                      Another application involves free email services.
   available. This is not an open source requirement,             Several companies offer free email services that have
   but a security guarantee: it should be difficult for           suffered from a specific type of attack: “bots” that
   someone to write a computer program that can pass              signed up for thousands of email accounts every
   the tests generated by a                                                                    minute. This situation
   CAPTCHA even if they                                                                        has been improved
   know exactly how the                                                                        by requiring users to
   CAPTCHA works (the                                                                          prove they are human
   only hidden information                                                                     before they can get a
   is a small amount of ran-                                                                   free email account.
   domness utilized to gener-                                                                  Yahoo, for instance, uses
   ate the tests). The T for                                                                   a CAPTCHA of our
   “Turing Test to Tell” is                                                                    design to prevent bots
   because CAPTCHAs are                                                                        from registering for
   like Turing Tests [10]. In                                                                  accounts.
   the original Turing Test, a                                                                    Some Web sites don’t
   human judge was allowed to ask a series of questions           Figure 1. Can you read three want to be indexed by
   to two players, one of which was a computer and the            words in this image?         search engines. There is
   other a human. Both players pretended to be the                                             a HTML tag to prevent
   human, and the judge had to distinguish between                search engine bots from reading Web pages, but the
   them. CAPTCHAs are similar to the Turing Test in               tag doesn’t guarantee that bots won’t read the pages;
   that they distinguish humans from computers, but               it only serves to say “no bots, please.” Search engine
   they differ in that the judge is now a computer. A             bots, since they usually belong to large companies,
   CAPTCHA is an Automated Turing Test. We delib-                 respect Web pages that don’t want to allow them in.
   erately avoid using the term Reverse Turing Test (or           However, in order to truly guarantee bots won’t
   even worse, RTT) because it can be misleading—                 enter a Web site, CAPTCHAs are needed.
   Reverse Turing Test has been used to refer to a form               CAPTCHAs also offer a plausible solution against
   of the Turing Test in which both players pretend to            email worms and spam: only accept an email message
   be a computer.                                                 if you know there is a human behind the other com-
                                                                  puter. A few companies, such as www.spamarrest.
   Applications                                                   com are already marketing this idea.
   Although the goal of the original Turing Test was to               Pinkas and Sander [9] have also suggested using
   serve as a measure of progress for artificial intelli-         CAPTCHAs to prevent dictionary attacks in pass-
   gence—a computer would be said to be intelligent if            word systems. The idea is simple: prevent a com-
   it passed the Turing Test—making the judge be a                puter from being able to iterate through the entire
   computer allows CAPTCHAs to be useful for other                space of passwords by requiring a human to type the
   practical applications.                                        passwords.
      In November 1999, for example, the Web site released an online poll asking which              Examples of CAPTCHAs
   was the best graduate school in computer science—              CAPTCHAs further differ from the original Turing
   a dangerous question to ask over the Web. As is the            Test in that they can be based on a variety of sensory
   case with most online polls, IP addresses of voters            abilities. The original Turing Test was conversa-
   were recorded in order to prevent single users from            tional—the judge was only allowed to ask questions
   voting more than once. However, students at                    over a text terminal. In the case of a CAPTCHA, the

                                            This is trial version
         February 2004/Vol. 47, No. 2 COMMUNICATIONS OF THE ACM

            CAPTCHAs are similar to the
    Turing Test in that they distinguish humans
      from computers, but they differ in that the
                                judge is now a computer.
   computer judge can ask                                                                    which side does the iso-
   any question that can be                                                                  lated block belong in Fig-
   transmitted over a com-                                                                   ure 3? (Answer: the right
   puter network.                                                                            side.)
      GIMPY and OCR-based                                                                       PIX. PIX [2] is a pro-
   CAPTCHAs. GIMPY [2]                                                                       gram that has a large
   is one of the many                                                                        database of labeled
   CAPTCHAs based on the                                                                     images. All of these
   difficulty of reading dis-                                                                images are pictures of
   torted text. GIMPY works                                                                  concrete objects (a horse,
   by selecting seven words                                                                  a table, a house, a flower).
   out of a dictionary and rendering a distorted image       Figure 2. Everything on the     The program picks an
   containing the words (as shown in Figure 1). GIMPY        left is drawn with thick lines, object at random, finds
                                                             while everything on the right
   then presents a test to its user, which consists of the   is drawn with thin lines.       six images of that object
   distorted image and the directions: “type three words                                     from its database, pre-
   appearing in the image.” Given the types of distor-                                       sents them to the user
   tions that GIMPY uses, most humans can read three         and then asks the question “what are these pictures
   words from the distorted image, but current com-          of?” Current computer programs should not be able
   puter programs can’t. The majority of CAPTCHAs            to answer this question, so PIX should be a
   used on the Web today                                                                     CAPTCHA. However,
   are similar to GIMPY in                                                                   PIX, as stated, is not a
   that they rely on the dif-                                                                CAPTCHA: it is very
   ficulty of optical charac-                                                                easy to write a program
   ter recognition (the                                                                      that can answer the ques-
   difficulty of reading dis-                                                                tion “what are these pic-
   torted text).                                                                             tures of?” Remember that
      Bongo. Another exam-                                                                   all the code and data of a
   ple of a CAPTCHA is                                                                       CAPTCHA should be
   the program we call                                                                       publicly available; in par-
   BONGO [2]. BONGO                                                                          ticular, the image data-
   is named after M.M.                                                                       base that PIX uses should
   Bongard, who published                                                                    be public. Hence, writing
   a book of pattern recog-                                                                  a program that can
   nition problems in the                                                                    answer the question
   1970s [3]. BONGO asks                                                                     “what are these pictures
   the user to solve a visual                                                                of?” is easy: search the
   pattern         recognition                                                               database for the images
   problem. It displays two series of blocks, the left and   Figure 3. To which side does    presented and find their
   the right. The blocks in the left series differ from      the block on the bottom         label. Fortunately, this
   those in the right, and the user must find the char-                                      can be fixed. One way for
   acteristic that sets them apart. A possible left and                                      PIX to become a
   right series is shown in Figure 2. After seeing the two   CAPTCHA is to randomly distort the images before
   series of blocks, the user is presented with a single     presenting them to the user, so that computer pro-
   block and is asked to determine whether this block        grams cannot easily search the database for the
   belongs to the left series or to the right. The user      undistorted image.
   passes the test if he or she correctly determines the         Sound-based CAPTCHAs. The final example we
   side to which the block belongs. Try it yourself: to      offer is based on sound. The program picks a word
                                     This is trial version         COMMUNICATIONS OF THE ACM February 2004/Vol. 47, No. 2   59
            this approach has the beneficial side
        effect of inducing security researchers, as
         well as otherwise malicious programmers, to
                  advance the field of AI.
   or a sequence of numbers at random, renders the                                A good example of this process is the recent
   word or the numbers into a sound clip and distorts                          progress in reading distorted text images motivated
   the sound clip; it then presents the distorted sound                        by the CAPTCHA in use at Yahoo. In response to
   clip to the user and asks users to enter its contents.                      the challenge provided by this test, Malik and Mori
   This CAPTCHA is based on the difference in abil-                            [7] have developed a program that can pass the test
   ity between humans and computers in recognizing                             with over 80% accuracy. Malik and Mori’s algo-
   spoken language. Nancy Chan of the City Univer-                             rithm represents significant progress in the general
   sity in Hong Kong was the first to implement a                              area of text recognition, and it is extremely encour-
   sound-based system of this type [4].                                        aging to see such progress. A CAPTCHA implies a
      It is extremely important to have CAPTCHAs                               win-win situation: either the CAPTCHA is not bro-
   based on a variety of sensory abilities. All                                ken and there is a way to differentiate humans from
   CAPTCHAs presented here, except for the sound-                              computers, or the CAPTCHA is broken and a use-
   based CAPTCHA, rely on the user being able to see                           ful AI problem is solved. c
   an image. However, since there are many visually
   impaired people using the Web, CAPTCHAs based                               References
   on sound are necessary for accessibility.                                    1. Ahn, L. von, Blum, M., Hopper, N.J., and Langford, J. CAPTCHA:
                                                                                   Telling humans and computers apart. In Advances in Cryptology, Euro-
      Unfortunately, images and sound alone are not                                crypt ‘03, volume 2656 of Lecture Notes in Computer Science, (2003),
   sufficient: there are people who use the Web that are                           294–311 .
                                                                                2. Ahn, L. von, Blum, M., Hopper, N.J., and Langford, J. The
   both visually and hearing impaired. The construc-                               CAPTCHA Web page;
   tion of a CAPTCHA based on a text domain such as                             3. Bongard, M.M. Pattern Recognition. Spartan Books, Rochelle Park, NJ,
   text understanding or generation is an important                                1970.
                                                                                4. Chan, N. Program Byan;
   open problem for the project.                                                5. Coates, A.L., Baird, H.S., and Fateman, R.J. Pessimal print: A Reverse
                                                                                   Turing Test. In Proceedings of the International Conference on Document
                                                                                   Analysis and Recognition (ICDAR ’01), Seattle, WA, 2001, 1154–1159.
   Lazy Cryptographers Doing AI                                                 6. Lillibridge, M.D., Abadi, M., Bharat, K., and Broder, A. Method for
   Modern cryptography has shown that open or                                      selectively restricting access to computer systems. U.S. Patent
   intractable problems in number theory can be use-                               6,195,698.
                                                                                7. Mori, G. and Malik, J. Recognizing objects in adversarial clutter—
   ful: an adversary cannot act maliciously unless he                              Breaking a visual CAPTCHA. In Proceedings of the Conference on Com-
   can solve an open problem (like factor a very large                             puter Vision and Pattern Recognition, June 2003.
                                                                                8. Naor, M. Verification of a human in the loop or identification via the Tur-
   number). Similarly, CAPTCHAs show that open                                     ing Test;\~naor/PAPERS/
   problems in AI can be useful: adversaries cannot                             9. Pinkas, B. and Sander, T. Securing passwords against dictionary
   vote thousands of times in online polls or obtain                               attacks. In Proceedings of the ACM Computer and Security Conference
                                                                                   (CCS ’02), ACM Press, 161–170.
   millions of free email accounts unless they can solve                       10. Turing, A.M. Computing machinery and intelligence. Mind 59, 236
   an open problem in AI.                                                          (1950), 433–460.
      In the case of ordinary cryptography, it is
   assumed (for example) that the adversary cannot fac- Luis von Ahn ( is a graduate student in the
   tor 1024-bit integers in any reasonable amount of Department of Computer Science at Carnegie Mellon University.
   time. In our case, we assume the adversary cannot Manuel Blum ( isScience at Carnegie
                                                            Professor in the Department of Computer
                                                                                                                    the Bruce Nelson

   solve an artificial intelligence problem with higher Mellon University.
   accuracy than what’s currently known to the AI John Langford ( is a research associate in the
   community [1, 2, 5, 6, 8]. This approach has the Toyota Technological Institute at Chicago.
   beneficial side effect of inducing security researchers,
                                                            Permission to make digital or hard copies of all or part of this work for personal or class-
   as well as otherwise malicious programmers, to room use is granted without fee provided that copies are not made or distributed for
   advance the field of AI (much like computational profit or page. To copy otherwise, tothat copies bearpost on servers orthe full citation on
                                                            the first
                                                                      commercial advantage and
                                                                                                 republish, to
                                                                                                                   this notice and
                                                                                                                                     to redistribute to
   number theory has been advanced since the advent lists, requires prior specific permission and/or a fee.
   of modern cryptography). This is how lazy cryptog-
   raphers do AI.                                           © 2004 ACM 0002-0782/04/0200 $5.00

                                                This is trial version
            February 2004/Vol. 47, No. 2 COMMUNICATIONS OF THE ACM


To top