English

RiffleScrambler - a memory-hard password storing function

Cryptography and Security 2020-08-10 v1

Abstract

We introduce RiffleScrambler: a new family of directed acyclic graphs and a corresponding data-independent memory hard function with password independent memory access. We prove its memory hardness in the random oracle model. RiffleScrambler is similar to Catena -- updates of hashes are determined by a graph (bit-reversal or double-butterfly graph in Catena). The advantage of the RiffleScrambler over Catena is that the underlying graphs are not predefined but are generated per salt, as in Balloon Hashing. Such an approach leads to higher immunity against practical parallel attacks. RiffleScrambler offers better efficiency than Balloon Hashing since the in-degree of the underlying graph is equal to 3 (and is much smaller than in Ballon Hashing). At the same time, because the underlying graph is an instance of a Superconcentrator, our construction achieves the same time-memory trade-offs.

Keywords

Cite

@article{arxiv.1807.06443,
  title  = {RiffleScrambler - a memory-hard password storing function},
  author = {Karol Gotfryd and Pawel Lorek and Filip Zagorski},
  journal= {arXiv preprint arXiv:1807.06443},
  year   = {2020}
}

Comments

Accepted to ESORICS 2018

R2 v1 2026-06-23T03:04:22.249Z