This work addresses the challenge of achieving both practicality and asymptotically optimal security trade-offs for data-dependent memory-hard functions (MHFs) in the parallel random oracle model (PROM). We propose EGSample, a novel MHF construction that abandons traditional complex graph-based structures. Instead, it leverages a dynamic pegging game framework and data-driven memory access patterns. For the first time in PROM, EGSample admits a direct proof of optimal space–time trade-offs: any adversary must either maintain Ω(N) persistent space over Ω(N) time or incur Ω(N^{2.5−ε}) cumulative memory complexity. This matches the current theoretical lower bound. The construction achieves strong formal security—proven via rigorous reductionist arguments—while retaining engineering feasibility. Consequently, EGSample establishes a new MHF paradigm that simultaneously provides provable resistance against brute-force attacks and fairness guarantees for proof-of-work protocols.

Memory-Hard Functions (MHF) are a useful cryptographic primitive to build egalitarian proofs-of-work and to help protect low entropy secrets (e.g., user passwords) against brute-forces attacks. Ideally, we would like for a MHF to have the property that (1) an honest party can evaluate the function in sequential time $Ω(N)$, and (2) any parallel party that evaluates the function is forced to lockup $Ω(N)$ memory for $Ω(N)$ sequential steps. Unfortunately, this goal is not quite achievable, so prior work of Blocki and Holman [BH22] focused on designing MHFs with strong tradeoff guarantees between sustained-space complexity (SSC) and cumulative memory costs (CMC). However, their theoretical construction is not suitable for practical deployment due to the reliance on expensive constructions of combinatorial graphs. Furthermore, there is no formal justification for the heuristic use of the dynamic pebbling game in MHF analysis so we cannot rule out the possibility that there are more efficient attacks in the Parallel Random Oracle Model (PROM). Towards the goal of developing a practical MHF with provably strong SSC/CMC tradeoffs we develop a new MHF called EGSample which does not rely on expensive combinatorial constructions like [BH22]. In the dynamic pebbling model, we prove equivalent SSC/CMC tradeoffs for EGSample i.e., any the dynamic pebbling strategy either (1) locks up $Ω(N)$ memory for $Ω(N)$ steps, or (2) incurs cumulative memory cost at least $Ω(N^{3-ε})$. We also develop new techniques to directly establish SSC/CMC tradeoffs in the parallel random oracle model. In particular, we prove that {em any} PROM algorithm evaluating our MHF either (1) locks up $Ω(N)$ blocks of memory for $Ω(N)$ steps or (2) incurs cumulative memory cost at least $Ω(N^{2.5-ε})$.