Skip to main content
Cryptography

Questions tagged [memory-hard]

Ask Question

Memory-hardness is a property that, if proven to be possesed, makes an algorithm "immune" to time-memory tradeoffs, by "punishing" memory reductions. Usually algorithms possesing this property can't easily be computed with significantly less memory than intended by the author without accepting a severe performance penalty. This property is often used to counter ASICs and FPGAs for password-hashing.

44 questions
Newest Active Bountied Unanswered
1 vote
1 answer
125 views

So the challenge with memory-hard KDFs is to have a large - preferrably tunable - piece of data that should be stored in memory in its entirety for the duration of the computation, thereby taking up ...
user115528's user avatar
  • 21
1 vote
0 answers
55 views

Is it solely by exploiting that accessing a given memory address depends on its location? E.g. column hit? Or is it just the CPU cache pre-fetching? Or is it something else (or more)? Also, how ...
caveman's user avatar
  • 721
1 vote
1 answer
68 views

In Balloon, a salt is used seed a CSPRNG that picks dependency blocks pseudo-randomly. This salt is obviously not a secret, and an adversary can know that it would pick a given sequence. For example, ...
caveman's user avatar
  • 721
2 votes
0 answers
96 views

Even though this sounds hardware related, it's essential to understand the actual security one obtains from memory hard key derivation functions, such as Balloon, as its strongest security guarantee ...
caveman's user avatar
  • 721
1 vote
1 answer
89 views

Balloon's theorem says: Questions: Am I understanding the variables correctly? $n$ is number of blocks the user chooses. $r$ is number of rounds the user chooses. $\delta$ is number of pseudorandom ...
caveman's user avatar
  • 721
2 votes
1 answer
174 views

The image below shows Balloon's pseudo code from its paper, and relevant parameters to my question is delta. Question: What is its impact on memory hardness?
caveman's user avatar
  • 721
2 votes
0 answers
60 views

Current memory hard key derivation techniques rely on functions that allow for serialisation on tiny memory, except for requiring a quadratic time penalty. But, with Quantum's light-speed defying ...
caveman's user avatar
  • 721
2 votes
0 answers
90 views

Argon2 has a parallolism parameter, that basically works like this: In a given pass, threads work alone, independent of other threads. Within this pass, there isn't much memory-hardness, as each ...
caveman's user avatar
  • 721
5 votes
1 answer
166 views

For password hashing, is it better to compute a pseudorandom data-independent memory access pattern using the salt, the cost parameters (memory size, iterations, and parallelism), or some other way? ...
samuel-lucas6's user avatar
  • 2,270
6 votes
1 answer
622 views

bscrypt is a cache-hard password hashing algorithm/KDF from Steve Thomas (aka Sc00bz/TobTu), who was on the Password Hashing Competition (PHC) panel. He argues it is better than the alternative ...
samuel-lucas6's user avatar
  • 2,270
5 votes
0 answers
168 views

Searches have returned absolutely no results on this question. With that in mind, I assume the answer is either painfully obvious ('of course quantum computers get no advantage when it comes to ...
user7778287's user avatar
  • 160
1 vote
0 answers
147 views

Background. All MKDF (memory-hard KDF) algorithms that I know (Scrypt, Argon2, Balloon) don't really require all the memory at every moment during the run time of algorithm's implementation, but ...
caveman's user avatar
  • 721
3 votes
1 answer
240 views

This says $f_n$ is memory hard if, for any space $S$ and time $T$, $S\cdot T \in \Omega(n^2)$. My questions: What is $S$? Space? E.g. bytes of available memory? What is $n$? Bytes of requested ...
caveman's user avatar
  • 721
6 votes
1 answer
2k views

My understanding is that the memory bandwidth of CPUs and GPUs is roughly one order of magnitude difference4, unlike cores which a GPU has many of and a CPU a handful. That is why PBKDF2-HMAC-SHA1 ...
Luc's user avatar
  • 1,558
6 votes
0 answers
225 views

The Scrypt paper here defines memory-hard and sequential memory hard functions as follows: Definition 1. A memory-hard algorithm on a Random Access Machine is an algorithm which uses $S(n)$ space and ...
Modal Nest's user avatar
  • 1,473

15 30 50 per page
1
2 3