Algorithmic complexity attack

An algorithmic complexity attack is a form of computer attack that exploits known cases in which an algorithm used in a piece of software will exhibit worst case behavior. This type of attack can be used to achieve a denial-of-service.

• Billion laughs
• ReDoS
• Zip bomb

• Adversarial input
• Quicksort - popular and fast in-place sorting algorithm, running ${\displaystyle O(n\log n)}$ on average, but having ${\displaystyle O(n^{2})}$ behaviour if implemented naïvely.

• M. D. McIlroy (1999). "A Killer Adversary for Quicksort" (PDF). Archived from the original (PDF) on 2010-06-16. Retrieved 2010-06-16. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
• Scott A Crosby; Dan S Wallach (2003). "Denial of Service via Algorithmic Complexity Attacks". Archived from the original on 2007-02-02. Retrieved 2010-06-16.