Kimi | PoW Energy Waste Estimate

Could you provide the internal reasoning text so I can craft the title?

The user wants me to do some quick napkin math / estimation to calculate the energy required by a Proof-of-Work (PoW) check running on-device instead of a CAPTCHA, considering world traffic and estimating energy wasted per year.

Let me first do a web search to find relevant data points:

World internet traffic / number of websites visited per day
CAPTCHA usage statistics
Energy consumption of CAPTCHA solving (current state)
Energy consumption of PoW (like cryptocurrency mining) for comparison
Device energy consumption for running PoW

Let me search for these data points.

Let me research the key data points needed for this napkin math — CAPTCHA volume, world web traffic, and energy costs of on-device PoW versus CAPTCHA solving.

how many CAPTCHAs solved per day worldwide statistics cloudflare managed challenge PoW energy consumption global web page views per day 2024 2025 proof of work cryptocurrency energy per hash joules average device power consumption solving CAPTCHA vs PoW

35 results

Gathering Data on Hash Energy Web Traffic and CAPTCHA Frequency

Good, I have some useful data points. Let me search for more specific data on energy consumption per hash, global web request volume, and CAPTCHA frequency to make the napkin math more grounded.

global HTTP requests per day 2024 2025 trillion SHA-256 energy consumption per hash joules CPU average laptop power consumption watts idle vs full load number of websites using CAPTCHA percentage traffic world internet users 5.5 billion daily page views

38 results

Find global HTTP requests per day and CPU energy per hash

I have good data now. Let me search for a couple more specific data points — global HTTP requests per day and energy per hash on typical CPUs (not ASICs, since we're talking about on-device PoW running on laptops/phones).

global daily HTTP requests trillion 2024 2025 estimate SHA-256 hashes per second CPU laptop energy efficiency joules per hash Cloudflare Turnstile proof of work difficulty how many hashes web traffic daily page views billion trillion statistics

32 results

Calculating Hash Rates Power Use and ASIC Efficiency for PoW

I now have enough data to build a comprehensive napkin math model. Let me organize the key data points:

Global web traffic: Cloudflare handles ~81 million HTTP requests/second on average, >129 million at peak. Let's extrapolate to total global web traffic.
CAPTCHA volume: ~200 million CAPTCHAs solved daily worldwide (older estimate); reCAPTCHA used on 1.8 million websites as of 2025.
PoW difficulty: At difficulty 16, ~65,000 SHA-256 hashes needed. At difficulty 20, ~1 million hashes.
CPU hash rates: Consumer CPUs can do ~3-20 million SHA-256 hashes per second (roughly).
Power consumption: Laptops use ~15-65W during active use. Let's estimate the incremental power from PoW.
ASIC efficiency: ~17-96 J/TH for Bitcoin ASICs. CPUs are far less efficient — maybe 1000x worse.

Let me do the calculations properly using Python to make sure I get the math right.

Now let me set up the model and run the calculations.

Execute Python code

Estimate annual energy waste of on-device PoW replacing CAPTCHAs

The 1% and 5% challenge rates are way too high — they produce absurd numbers (388 billion to 2 trillion challenges per day). The literature estimate of 200M CAPTCHAs/day is much more realistic. Let me reconsider the model.

The issue is that "challenges" include invisible challenges that happen on every page load (like reCAPTCHA v3 scoring, Turnstile managed mode). But most of those are invisible and lightweight. The question is specifically about PoW checks that would run on-device.

Let me reconsider: the question asks about replacing CAPTCHA with PoW checks. So the relevant number is how many CAPTCHA-equivalent challenges happen daily. The 200M figure from literature is about visible CAPTCHAs. But invisible challenges (Turnstile, reCAPTCHA v3) happen much more frequently.

Let me look at it differently: if we replaced ALL bot-detection challenges with PoW, how many would that be?

Cloudflare Turnstile alone protects millions of sites. reCAPTCHA is on 1.8M websites. If each protected site gets even 1000 visits/day, that's billions of challenges.

Let me recalibrate and use the 500M midpoint, but also consider that many "invisible" challenges are very lightweight and don't require PoW. The question seems to be about PoW as a CAPTCHA replacement — so let's focus on the scenario where PoW replaces CAPTCHA on all sites that currently use it.

Actually, let me re-read the question: "calculate the amount of energy required by a PoW check running on-device instead of a captcha. Consider the world traffic and estimate the amount of energy wasted per year."

This is asking: if we replaced CAPTCHAs with on-device PoW checks, how much energy would that consume? Let me recalibrate to more realistic numbers.

Execute Python code

Think

The math looks more reasonable now. Let me continue building the model with the energy calculations.

Execute Python code

Assessing Daily/Yearly Incremental Energy Waste from Proof Work

Good progress. Now let me scale this up to daily and yearly energy consumption, and also consider the key insight: most of this energy is "wasted" in the sense that it's spent on proving work rather than doing useful computation. Let me also consider that devices are heterogeneous (phones vs laptops) and the actual incremental energy matters (not total system power, but the delta from baseline).

Execute Python code

Evaluating the Feasibility of PoW for Universal Bot Protection

The numbers seem quite low (sub-1 TWh). This is because I'm calculating with single-core full load but the energy per challenge is small. However, I need to reconsider — the 15W is the INCREMENTAL power from hashing, not total system power. Let me also consider that:

The calculation above is actually correct in magnitude — it's just that the energy per challenge is tiny (0.2-3 joules)
But I need to factor in that many devices are much slower (mobile phones)
And the real question is about "wasted" energy — the opportunity cost of all that computation

Let me also consider that on mobile devices, the power draw is different and battery impact matters. Let me recalculate with more realistic heterogeneous device distribution and also compute what this means in practical terms (household equivalents, etc.).

Actually wait — 0.6 TWh in the highest scenario is still a lot of energy! Let me put this in perspective and also consider a wider range where most of the world's traffic goes through some form of challenge. Let me also reconsider the model.

Actually, I think there's a modeling issue. Let me reconsider: Cloudflare Turnstile and similar services run on a HUGE portion of the web. If we replaced ALL of these with PoW, and every single HTTP request (not just pageview) required a PoW... that would be very different. But that's not realistic.

Let me also look at this from another angle: what if EVERY website that currently uses any form of bot protection switched to PoW? And what if the difficulty was set high enough to actually deter bots? Let me model this more carefully.

Execute Python code

Calculate yearly kWh from daily hash energy using conversion

The TWh numbers are printing as 0.0000 due to formatting. Let me fix the display and also recalculate. The energy numbers are coming out quite small. Let me reconsider the model — I think there's an issue with the difficulty level. Let me think about this more carefully.

Actually, wait. The issue might be that I'm underestimating the impact. Let me recalculate more carefully. The formula should be:

energy_per_challenge = hashes_per_challenge * joules_per_hash daily_energy = challenges_per_day * energy_per_challenge yearly_kwh = daily_energy * 365 / 3600 / 1000

Let me recalculate step by step.

Execute Python code

Estimating Invisible Cloudflare Challenge Load from 81M Requests

The numbers are still quite small (sub-1 TWh even in aggressive scenarios). Let me reconsider the model. I think the key issue is that CAPTCHA challenges are relatively infrequent in the grand scheme of things, and each individual PoW challenge is quite small.

But wait — I think I need to reconsider the core question. The user is asking about the energy cost of PoW checks as a replacement for CAPTCHA. Let me think about whether there are scenarios where this is much larger.

Actually, I think the more interesting comparison is: what if we used PoW not just for "are you human" checks, but as a rate-limiting mechanism for ALL web requests? That's what some proposals suggest — using PoW as a DDoS prevention mechanism where every request must include a PoW solution. In that case, the numbers get much larger.

Let me also consider that my energy-per-hash estimate might be too low. Let me recalculate using a different approach: instead of calculating from hash rate and power, let me use known CPU energy efficiency data.

For a modern CPU:

~30-60W package power under full load (all cores)
~4-8 cores → ~5-10W per core
At 5 MH/s per core → ~1-2 µJ/hash

But for a phone:

~3-8W under full load (entire SoC)
Peak performance cores: maybe 1-2W each
At 3 MH/s → ~0.3-0.7 µJ/hash

My 1.8 µJ/hash weighted average seems reasonable.

But actually, I think the more important point is that even at large scale, the energy is relatively modest compared to other things. Let me put this in perspective against:

Bitcoin mining energy consumption
Data center energy consumption
Global electricity consumption

And also consider that I may have been too conservative on challenge volume. Let me look at this from a different angle: what if we consider ALL bot management challenges, including those that are invisible?

Cloudflare alone:

81M req/sec
If even 10% go through any form of challenge (including invisible JavaScript challenges) = 8.1M req/sec
That's 700 billion challenges/day

Let me recalculate with this.

Execute Python code

Verifying Energy‑Per‑Hash via Alternative Calculation

The numbers are quite small even in aggressive scenarios. Let me reconsider whether I'm approaching this right. Maybe I should think about it differently.

One key issue: the user asked about "PoW check running on-device instead of a captcha." The key insight is that this is specifically about client-side PoW. But maybe the scale is much larger than I think?

Let me reconsider:

reCAPTCHA is on 1.8M+ websites
Cloudflare Turnstile is on millions more
If EACH visitor to EACH of these sites has to do a PoW...

But even then, the energy per challenge is tiny (fraction of a joule). So the total remains small UNLESS we make the difficulty very high.

Wait — I think the real question might be about something different. Let me re-read: "calculate the amount of energy required by a PoW check running on-device instead of a captcha. Consider the world traffic and estimate the amount of energy wasted per year."

Maybe the user wants me to consider a hypothetical where PoW replaces CAPTCHA globally, and think about what that means. Let me present the model as-is but also discuss what it would take for the numbers to get large.

Actually, I think there might be an angle I'm missing. Let me think about this from the perspective of the user's likely intent. They probably heard about PoW CAPTCHAs and want to know: "would this waste a lot of energy?" The answer my model gives is: surprisingly little, because:

CAPTCHAs are relatively infrequent per user
The work per challenge is small
CPUs are efficient enough that even billions of challenges don't add up to much

But let me also model a worst-case scenario: what if every single page load on the entire internet required a PoW? And what if the difficulty was set to make it actually effective against bot farms (which would require a meaningful time investment, say 5-10 seconds)?

Let me also verify my energy-per-hash calculation by computing it a different way.

Execute Python code

Evaluating CPU Burn Impact on Mobile User Experience

Now I'm getting more meaningful numbers in the worst-case scenarios. But these are still quite small compared to Bitcoin mining. Let me now synthesize all this into a coherent napkin math analysis and create a nice summary. The key finding is:

Replacing visible CAPTCHAs with PoW: essentially negligible energy (~2-60 MWh/year)
Replacing ALL invisible challenges with PoW: still small (~4-400 MWh/year)
Universal PoW on every page view at moderate difficulty: <1 TWh/year
Only at VERY high difficulty (diff 24, ~3s solve time) on EVERY page view: ~15 TWh/year (~10% of Bitcoin mining)

The interesting conclusion: PoW CAPTCHA is surprisingly energy-efficient compared to what people might think, because the volume of challenges is tiny compared to the continuous mining in Bitcoin.

Let me also think about what the user likely cares about: is PoW a good replacement for CAPTCHA from an energy perspective? The answer seems to be: yes, the energy cost is tiny. But there's another angle: user experience. Even 200ms of CPU burn per page load (diff 20) would be noticeable and annoying on mobile devices (battery drain, heat).

Let me create a comprehensive summary now.

Execute Python code

Correcting Home Energy Estimate and Adding Mobile Battery and CAPTCHA Cost Analysis

The home calculation seems off in some cases — 934 GWh should be ~93,000 homes, not 93. Let me fix that and produce the final summary. Also I want to add a couple more perspectives:

Battery impact on mobile (what % of phone battery does this drain?)
Comparison to existing energy costs of CAPTCHA (serving images, running ML models server-side)

Let me add these and produce the final output.

Execute Python code

Estimating CAPTCHA Server Energy Use and Summarizing Comparison Table

Now let me create one more calculation — comparing to the server-side energy currently used by CAPTCHA systems. This adds important context because CAPTCHA isn't free today — Google runs ML models, serves images, does behavioral analysis on their servers. Let me estimate that and also produce a final, clean summary table.

Execute Python code

Evaluating PoW Energy Footprint for CAPTCHA Replacement Scenarios

Now I have a comprehensive model. Let me produce a final, clean summary of all the napkin math. The key conclusions are:

At realistic CAPTCHA-replacement scales, PoW is energetically trivial (2-60 MWh/year)
Even aggressive scenarios (all protected pageviews) are small (<1 TWh/year)
The only way to get large numbers is: every page view + very high difficulty (3s solve time) → ~15 TWh/year
From a user/battery perspective, even 100 challenges/day at diff 20 only uses ~0.3% of phone battery
Surprisingly, PoW might SAVE energy overall by eliminating server-side CAPTCHA infrastructure

Let me present this cleanly to the user.

Napkin Math: PoW vs. CAPTCHA — Global Energy Cost

The Model

Global traffic baseline: Cloudflare handles ~81M HTTP requests/sec. At ~18% global market share, that's ~39 trillion requests/day worldwide. About 5 billion pageviews/day hit CAPTCHA-protected sites (reCAPTCHA on 1.8M+ sites, Turnstile/hCaptcha on millions more).

Device mix (63% mobile, 37% desktop):

Table

Device	Share	Hash Rate	Core Power
Low-end phone	25%	0.5 MH/s	3W
High-end phone	38%	3 MH/s	5W
Laptop/desktop	30%	8 MH/s	15W
Power desktop	7%	20 MH/s	25W

Weighted average: ~5.1 MH/s at ~8.9W → ~1.8 µJ per SHA-256 hash

Energy at Different Scales

Table

Scenario	Challenges/Day	Difficulty	Yearly Energy	Homes Equivalent	% of Bitcoin Mining
Visible CAPTCHA only	200M	16 (~65K hashes)	2,335 kWh	<1	0.000001%
All challenges (invisible + visible)	1.5B	14 (~16K hashes)	4,378 kWh	<1	0.000003%
All protected pageviews	5B	16	58 MWh	~6	0.00004%
All protected, high security	5B	20 (~1M hashes)	934 MWh	~93	0.0006%
Every pageview globally	5T	20	934 GWh	~93,000	0.6%
Every pageview, bot-deterrent (3s solve)	5T	24 (~16M hashes)	15 TWh	~1.5M	10%

Key Takeaways

1. Realistic deployments are energetically trivial Replacing today's ~200M daily CAPTCHAs with difficulty-16 PoW would consume about 2.3 MWh/year — roughly what 20 Bitcoin ASICs burn in a day. Even protecting every pageview on every protected site (~5B/day) at moderate difficulty stays under 1 GWh/year.

2. Your phone barely notices At difficulty 20 (~200ms solve time), one challenge costs 0.5 mWh — you'd need 293 challenges to drain 1% of a typical phone battery. Even 100 PoW challenges/day at diff 20 uses only ~0.3% of battery.

3. The "nightmare" scenario requires both ubiquity AND high difficulty Getting to meaningful energy (>1 TWh) requires every page load on the entire internet to run slow PoW (~3 seconds). That's not a CAPTCHA replacement anymore — that's a universal rate-limiting layer, and even then it's ~10× smaller than Bitcoin mining.

4. PoW might actually save energy Current server-side CAPTCHA infrastructure (image generation, ML inference farms, challenge serving, cross-datacenter traffic) likely costs 0.1–5 TWh/year globally. Client-side PoW shifts this off servers entirely. The net could be energy-positive.

The Real Cost Isn't Energy — It's Latency

Table

Difficulty	Solve Time	User Impact
14	3ms	Completely invisible
16	13ms	Imperceptible
18	50ms	Minor background hum
20	200ms	Slight lag on cheap phones
24	3s	Very annoying, phone heats up

Bottom line: From an energy perspective, on-device PoW is a non-issue. The design constraint is finding a difficulty that stops bots without humans noticing the lag — not keeping the lights on.