Filters








51 Hits in 2.5 sec

On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model [chapter]

Joël Alwen, Binyi Chen, Chethan Kamath, Vladimir Kolmogorov, Krzysztof Pietrzak, Stefano Tessaro
2016 Lecture Notes in Computer Science  
of a node is the hash h (modelled as a random oracle with w-bit output) of the labels of its parents.  ...  We investigate lower bounds in terms of time and memory on the parallel complexity of an adversary A computing labels of randomly selected challenge nodes in direct acyclic graphs, where the w-bit label  ...  This work was done in part while the authors were visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through  ... 
doi:10.1007/978-3-662-49896-5_13 fatcat:vi4jj37t4negbmthhobqm3m4jm

Scrypt Is Maximally Memory-Hard [chapter]

Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin, Stefano Tessaro
2017 Lecture Notes in Computer Science  
We prove that scrypt is optimally memory hard, i.e., its cumulative memory complexity (cmc) in the parallel random oracle model is Ω(n 2 w), where w and n are the output length and number of invocations  ...  This paper focuses on scrypt, a simple candidate MHF designed by Percival, and described in RFC 7914.  ...  We are also grateful to anonymous referees and Jeremiah Blocki for their careful reading of our proof and detailed suggestions.  ... 
doi:10.1007/978-3-319-56617-7_2 fatcat:hgoqht4am5hv7gzssya5icaxta

Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks [chapter]

Dan Boneh, Henry Corrigan-Gibbs, Stuart Schechter
2016 Lecture Notes in Computer Science  
The techniques we develop are general: we also use them to give a proof of security of the scrypt and Argon2i password-hashing functions in the random-oracle model.  ...  This is the first practical cryptographic hash function that: (i) has proven memory-hardness properties in the random-oracle model, (ii) uses a password-independent access pattern, and (iii) meets or exceeds  ...  Opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DARPA.  ... 
doi:10.1007/978-3-662-53887-6_8 fatcat:suv2aimhkvcelggdqh45jmgfie

Bandwidth Hard Functions for ASIC Resistance [chapter]

Ling Ren, Srinivas Devadas
2017 Lecture Notes in Computer Science  
Cryptographic hash functions have wide applications including password hashing, pricing functions for spam and denial-of-service countermeasures and proof of work in cryptocurrencies.  ...  We propose a model for hardware energy cost that has sound foundations in practice. We then analyze the bandwidth hardness property of ASIC resistant candidates.  ...  Acknowledgements: The authors are grateful to Krzysztof Pietrzak, Joël Alwen and Jeremiah Blocki for valuable discussions.  ... 
doi:10.1007/978-3-319-70500-2_16 fatcat:unrob26zazdarb4pbnz6efgo6y

On Locally Decodable Codes in Resource Bounded Channels

Jeremiah Blocki, Shubhang Kulkarni, Samson Zhou, Daniel Wichs, Adam D. Smith, Yael Tauman Kalai
2020 Conference on Information-Theoretic Cryptography  
Specifically, in the random oracle model we show how to construct explicit constant rate LDCs with locality of polylog in the security parameter against various resource constrained channels.  ...  Constructions of locally decodable codes (LDCs) have one of two undesirable properties: low rate or high locality (polynomial in the length of the message).  ...  Parallel Random Oracle Model Computation in the pROM proceeds in rounds.  ... 
doi:10.4230/lipics.itc.2020.16 dblp:conf/icits/BlockiKZ20 fatcat:yo542jd4uzakbmrcwwbpffzeq4

On Locally Decodable Codes in Resource Bounded Channels [article]

Jeremiah Blocki, Shubhang Kulkarni, Samson Zhou
2020 arXiv   pre-print
Specifically, in the random oracle model we show how to construct explicit constant rate LDCs with locality of polylog in the security parameter against various resource constrained channels.  ...  Constructions of locally decodable codes (LDCs) have one of two undesirable properties: low rate or high locality (polynomial in the length of the message).  ...  This research was supported in part by the National Science Foundation (CCF Award #1910659).  ... 
arXiv:1909.11245v4 fatcat:mmvd3aartzh4xow6lbdcc5s6j4

Proofs of Catalytic Space

Krzysztof Pietrzak, Michael Wagner
2018 Innovations in Theoretical Computer Science  
Our first contribution is a security proof for the original PoS from CRYPTO'15 in the random oracle model (the original proof only applied to a restricted class of adversaries which can store a subset  ...  We discuss how some of these variants can be used as proofs of catalytic space (PoCS), a notion we put forward in this work, and which basically is a PoS where most of the space required by the prover  ...  An exception is the recent security proof for the datadependent MHF called SCRYPT [7] , which proves that SCRYPT has high cumulative memory complexity in the parallel random-oracle model.  ... 
doi:10.4230/lipics.itcs.2019.59 dblp:conf/innovations/Pietrzak19 fatcat:voopwoywivda7fdq77ock2vjwm

On the Hardness of Massively Parallel Computation [article]

Kai-Min Chung, Kuan-Yi Ho, Xiaorui Sun
2020 arXiv   pre-print
We investigate whether there are inherent limits of parallelization in the (randomized) massively parallel computation (MPC) model by comparing it with the (sequential) RAM model.  ...  Based on the widely-used random oracle methodology in cryptography with a cryptographic hash function h:{0,1}^n →{0,1}^n computable in time t_h, we show that there exists a function that can be computed  ...  The security (i.e., lower bounds on the so-called "cumulative memory complexity") of MHFs is analyzed in the RO model based on the random oracle methodology.  ... 
arXiv:2008.06554v1 fatcat:vacszplacjhtlaaiyu2nc4vl2y

Optimizing a Password Hashing Function with Hardware-Accelerated Symmetric Encryption

Rafael Álvarez, Alicia Andrade, Antonio Zamora
2018 Symmetry  
This design is based on (1) employing a symmetric cipher, the Advanced Encryption Standard (AES), as a pseudo-random generator and (2) taking advantage of the support for the hardware acceleration for  ...  as Scrypt and Argon2, with favorable results.  ...  Diffie-Hellman assumption in the random oracle model.  ... 
doi:10.3390/sym10120705 fatcat:2zmwx5k2vjf4dly2umqsrq2dum

Symmetrically and Asymmetrically Hard Cryptography [chapter]

Alex Biryukov, Léo Perrin
2017 Lecture Notes in Computer Science  
The main efficiency metrics for a cryptographic primitive are its speed, its code size and its memory complexity.  ...  For a variety of reasons, many algorithms have been proposed that, instead of optimizing, try to increase one of these hardness forms.  ...  The work of Léo Perrin was supported by the CORE project ACRYPT (ID C12-15-4009992) funded by the Fonds National de la Recherche, Luxembourg.  ... 
doi:10.1007/978-3-319-70700-6_15 fatcat:ppxfwa4pgfhpxlnycdbyx7mpna

Proofs of Space: When Space Is of the Essence [chapter]

Giuseppe Ateniese, Ilario Bonacina, Antonio Faonio, Nicola Galesi
2014 Lecture Notes in Computer Science  
To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount  ...  We give a complete and detailed algorithmic description of our model.  ...  We are grateful to Krzysztof Pietrzak for his insightful comments and suggestions. References  ... 
doi:10.1007/978-3-319-10879-7_31 fatcat:tm6osznpdzcd7d5howg2njos2i

Proof of Space from Stacked Expanders [chapter]

Ling Ren, Srinivas Devadas
2016 Lecture Notes in Computer Science  
Recently, proof of space (PoS) has been suggested as a more egalitarian alternative to the traditional hash-based proof of work.  ...  In PoS, a prover proves to a verifier that it has dedicated some specified amount of space.  ...  At the moment, PoTS and PoPS are still far less efficient than PoW in terms of proof size and verifier complexity. A PoW is a single hash, while a PoS consists of hundreds (or more) of Merkle paths.  ... 
doi:10.1007/978-3-662-53641-4_11 fatcat:fz5nszj5jngtpmaqtpnvw427j4

Depth-Robust Graphs and Their Cumulative Memory Complexity [chapter]

Joël Alwen, Jeremiah Blocki, Krzysztof Pietrzak
2017 Lecture Notes in Computer Science  
We give the first lower bounds on the memory hardness of the Catena and Balloon Hashing functions in a parallel model of computation and we give the first lower bounds of any kind for (a version) of Argon2i  ...  -The sequential space-time pebbling complexity Πst(Gn) should be as close as possible to Π cc(Gn) (to ensure that using many cores in parallel and amortizing over many instances does not give much of an  ...  The first and third authors were supported by the ERC starting grant (259668-PSPC).  ... 
doi:10.1007/978-3-319-56617-7_1 fatcat:22amxglqore6demzrsy2dwl3wm

High Parallel Complexity Graphs and Memory-Hard Functions

Joël Alwen, Vladimir Serbinenko
2015 Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing - STOC '15  
We develop new theoretical tools for proving lower-bounds on the (amortized) complexity of functions in a parallel setting.  ...  We demonstrate their use by constructing the first provably secure Memory-hard functions (MHF); a class of functions recently gaining acceptance in practice as an effective means to counter brute-force  ...  In particular G ω,φ,i has (φ + 1)I nodes which we identify with the set V = N <(φ+1)I such that the nodes of D 4 φ−j ω,I are numbered in topological order.  ... 
doi:10.1145/2746539.2746622 dblp:conf/stoc/AlwenS15 fatcat:mlcyoknonveyvcq46q2icczwjq

Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions

Joel Alwen, Jeremiah Blocki, Ben Harsha
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
A memory-hard function (MHF) f n with parameter n can be computed in sequential time and space n. Simultaneously, a high amortized parallel area-time complexity (aAT) is incurred per evaluation.  ...  Finally, for the best performing of the new DAGs we implement an iMHF using the Argon2i round function and code base and show that on a standard off-the-shelf CPU the new iMHF can actually be evaluated  ...  Thus the memory-hardness of the graph functions is usually analyzed in the random oracle (RO) model where h is modeled as an ideal compression function (i.e. fixed input length RO).  ... 
doi:10.1145/3133956.3134031 dblp:conf/ccs/AlwenBH17 fatcat:st4qlbjw7jaapdz3j4iscvv7ni
« Previous Showing results 1 — 15 out of 51 results