Scrypt (pronounced “ess-crypt”) is a cryptographic function that is both a password-based key derivation function (KDF) and, in crypto, a proof-of-work (PoW) hashing algorithm. Its defining feature is that it is “memory-hard,” meaning it requires substantial memory as well as computation, not just raw processing speed.
Origins and memory-hard design
Scrypt was created by Colin Percival in 2009 to make brute-force password cracking more expensive. Traditional password hashing can be accelerated heavily with specialized hardware, so scrypt was designed to force attackers to use large amounts of fast memory during computation. This raises the cost of parallelizing attacks, because memory is comparatively expensive and harder to scale than pure compute.
In practical terms, scrypt’s design makes it costly to build hardware that can run huge numbers of guesses at once without also provisioning lots of memory bandwidth and capacity. That “memory-hard” property is what later made it attractive for certain cryptocurrencies.
Scrypt in proof-of-work mining
Some PoW blockchains use scrypt instead of SHA-256 as the mining algorithm. The most well-known example is Litecoin, which adopted scrypt to reduce the early advantage of highly specialized mining hardware and to encourage broader participation when compared with SHA-256 mining.
Miners in a scrypt-based network repeatedly compute scrypt hashes while searching for a valid block, just as Bitcoin miners do with SHA-256. The difference is the resource profile: scrypt tends to be constrained by memory and memory bandwidth, not only by arithmetic operations. Over time, scrypt ASICs have been developed, but the algorithm’s memory focus still influences hardware design, mining economics, and decentralization dynamics.
Why this matters in crypto
Understanding scrypt helps explain why different blockchains choose different PoW algorithms, how mining centralization can emerge, and how security assumptions depend on real-world hardware costs, not just cryptographic theory.