A common anti-emulation trick is to introduce loops that take a relatively long time to compute. The loop may in fact take so long to emulate that the antivirus scanner gives up.
This paper formalises this approach, using a well-known system from the cryptographic literature called time-lock puzzles. In essence, a packed binary can be quickly created by an attacker which is guaranteed to require a predefined and easily adjustable number of computationally expensive operations to rebuild a cryptographic key. This key is then used in a strong cryptographic cipher to decrypt the next stage.
Although this approach bears some similarity to the brute-force guessing of keys used by the 1998 IDEA.6155 virus, it permits a completely adjustable workload, and guarantees no shortcuts are possible.
It could pose a serious nuisance to AV emulators if such a method was included as the middle stage of a polymorphic packer. This could be mitigated by blacklisting the packer, since there is no reason why legitimate software would be packed in a way that significantly delays execution, though care would need to be taken as the "puzzle" solving code is exactly the same as RSA encryption/decryption.