diff --git a/internal/pow/verifier.go b/internal/pow/verifier.go
new file mode 100644
index 0000000..d9a2018
--- /dev/null
+++ b/internal/pow/verifier.go
@@ -0,0 +1,28 @@
+package pow
+
+// Verifier handles validation of PoW challenges
+type Verifier struct {
+	config *Config
+}
+
+// NewVerifier creates a new challenge verifier
+func NewVerifier(config *Config) *Verifier {
+	return &Verifier{
+		config: config,
+	}
+}
+
+// VerifyChallenge validates challenge authenticity and expiration
+func (v *Verifier) VerifyChallenge(challenge *Challenge) error {
+	// Check expiration first (cheap operation)
+	if challenge.IsExpired(v.config.ChallengeTTL) {
+		return ErrExpiredChallenge
+	}
+
+	// Check HMAC signature (expensive operation)
+	if err := challenge.VerifyHMAC(v.config.HMACSecret); err != nil {
+		return err
+	}
+
+	return nil
+}