It's one of the models of cryptographic proof, used for DDoS before being part of the Bitcoin protocol because in both cases it's really valuable for security to demand a serious workload that can be verified trivially. Since a lot of DDoS schemes rely on abbreviating the request as much as...