[The idea isn't new.][1] It's a technique that asks the client to perform proof-of-work in order to increase the costs associated with spamming a website. For a single user the workload shouldn't be an issue at all, but a spammer (or indeed a brute-forcing hacker) might run into problems with being able to maintain a high throughput of requests. Validating the proof of work is trivially computational and hence will not put your server under the same amount of stress.
POWJS on my laptop takes 17 seconds to solve the problem in Chrome (50 seconds in IE 11) with 22 bits required to be zero. The workload can be started as soon as the user opens the page and will run asyncronously in the background (in a web worker if the browser supports them).
POWJS uses CryptoJS, but won't pollute your global namespace with it. This can't be used (as-is) to farm bitcoins or what-have-you, it merely performs a random POW.