Reminds me of Adam Back's hashcash[1], which was originally devised for similar purposes and was cited in Satoshi's Bitcoin paper[2]. Bitcoin's PoW scheme is a sightly embellished version of hashcash. I wish this work cited it too.
This is using the hashcash PoW.
The use of scrypt as underlying hash function is a rather poor choice though, as scrypt's memory hardness makes PoW verification unnecessarily expensive. To limit the damage, a rather small memory footprint is used for scrypt.
It's perfectly possible to make a memory hard PoW that's instantly verifiable, by using something other than hashcash. Examples include Cuckoo Cycle [1], and Equihash [2]. These can easily be made to use hundreds of MB in solving, while verification is memory less.
[1]: http://www.hashcash.org/papers/hashcash.pdf
[2]: https://bitcoin.org/bitcoin.pdf