International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 12 January 2016

Henry Corrigan-Gibbs, Dan Boneh, Stuart Schechter
ePrint Report ePrint Report
We present the Balloon family of password hashing functions. These are the first cryptographic hash functions with proven space-hardness properties that: (i) use a password-independent access pattern, (ii) build exclusively upon standard cryptographic primitives, and (iii) are fast enough for real-world use. Space-hard functions require a large amount of working space to evaluate efficiently and, when used for password hashing, they dramatically increase the cost of offline dictionary attacks. The central technical challenge of this work was to devise the graph-theoretic and linear-algebraic techniques necessary to prove the space-hardness properties of the Balloon functions (in the random-oracle model). To motivate our interest in security proofs, we demonstrate that it is possible to compute Argon2i, a recently proposed space-hard function that lacks a formal analysis, in a fifth of the claimed required space with no increase in the computation time.
Expand

Additional news items may be found on the IACR news page.