Re: [Cfrg] Security analysis of scrypt
Stefano Tessaro <tessaro@cs.ucsb.edu> Wed, 10 February 2016 19:21 UTC
Return-Path: <stefano.tessaro@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4091B2EDA for <cfrg@ietfa.amsl.com>; Wed, 10 Feb 2016 11:21:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNGJxRyS2q_Q for <cfrg@ietfa.amsl.com>; Wed, 10 Feb 2016 11:21:22 -0800 (PST)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 225821B2EB9 for <cfrg@irtf.org>; Wed, 10 Feb 2016 11:21:22 -0800 (PST)
Received: by mail-io0-x235.google.com with SMTP id f81so31910331iof.0 for <cfrg@irtf.org>; Wed, 10 Feb 2016 11:21:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=exbtvo4BuQkwgBuWCGkB7znfvL42N6k2Y8TPWOiRPjE=; b=RiP67McWwai+h49PuThJniQKLOAnUkdaJA9dSp7pdNTbXknliyzYhJ+UW37WqZ7pjV ROxiUjNpSQYdLN8t+iMGE91Mmsigy6fOTBb2fCRpCa3DFIxKznj3kQJYJdNzSVwx6psZ uVJmL7WIlbQ0nZpO0emzY3Kvd+ZQ75JKjyDceAZ0y6K2/aU6Tm7KU0IcjhbsDuFcp+Jt RXAf6IgaSh1lEUXueLUuIFyOIaXNQYfqi5ZWtlxfIpxta4kM4fXzwVplB5q25wMg8HuP t4LD1lI+67xBl2Tfw9QaMMW8acADIJ2TkeVImCU1QnLrck+Wr3nmPtiQN20uAZQXE4gj /vgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=exbtvo4BuQkwgBuWCGkB7znfvL42N6k2Y8TPWOiRPjE=; b=KPO8eey+Nk+M9U1d6Kvn8VnbhBcIb8siS5tdwQ5bp53jmDRET1ATMlJsuuIH3oTJg6 V42yr9S9Mm9n+tEEsDSI9OjZmgeE/ycYQ6C+Vb4sjBWaPIkIexmxXHpOBZX0/AC8NtCe VZIUMiaphzt7uGQLGA0O8hdMGOiywmYAIy27lVCKQXg1j8AN8jdR06m5+jATX+U97REt uMgbXUxC7kTXTVamLTtn7POSAuCvfk6++K80CsIN+QAjwm6fBCaWPTZ2+4t1hpbW2A62 NVgON/rPsFY7oZnb1jbkGtpNK7CPSrniFqpiXnPXAPA1sNKPJLB4g0TAWeT5Z5wY2rPK O1lQ==
X-Gm-Message-State: AG10YOTZFXxA7A2RIpLWjgt32/Ou85ed8PsYyZsosCUQ4l1xWgb9eZUxa7nu7EuzlXUTaiH2J67F58gO2HmkCQ==
MIME-Version: 1.0
X-Received: by 10.107.4.213 with SMTP id 204mr39637986ioe.134.1455132081504; Wed, 10 Feb 2016 11:21:21 -0800 (PST)
Sender: stefano.tessaro@gmail.com
Received: by 10.79.6.143 with HTTP; Wed, 10 Feb 2016 11:21:21 -0800 (PST)
In-Reply-To: <CAKDPBw8QWAU4U3VADiQ-nMHxsQU=Av5_7QP8ExYPZt3V+4Qi4Q@mail.gmail.com>
References: <CAEB_pdf5ckqEtwC9N80YhNoqh77xPY2zJfuWq_BUio9wqg+Qxg@mail.gmail.com> <aaae2181e7274ad1b469c0302e182c65@ustx2ex-dag1mb1.msg.corp.akamai.com> <CAKDPBw8QWAU4U3VADiQ-nMHxsQU=Av5_7QP8ExYPZt3V+4Qi4Q@mail.gmail.com>
Date: Wed, 10 Feb 2016 11:21:21 -0800
X-Google-Sender-Auth: fEU5CrsIBN7gnJO06fI9oCO9bdk
Message-ID: <CAEB_pdfZ1LjpEQ9Mc2REn2FF2BSTzz4vwGb2m3sAKgGGa2ovqQ@mail.gmail.com>
From: Stefano Tessaro <tessaro@cs.ucsb.edu>
To: Paul Grubbs <pag225@cornell.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/1dcsvmV2V7Wod7pTjjFoLpM5PMU>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Security analysis of scrypt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2016 19:21:23 -0000
> Can your results be extended to Argon2d and/or Argon2i? If so, are you > planning on doing it? Given the analysis is essentially about ROMix, it should extend to Argon2d. There are syntactical differences -- so we have been a bit cautious about making a final statement about Argon2d in the current preliminary version, beyond a footnote stating essentially what I am writing here -- but we are planning to make explicit what is the strongest statement about Argon2d we can get out of our techniques. However, what is clear is that the results do not extend to Argon2i. The point of this work was to focus on data-dependent designs, which were not covered by the techniques from the paper of Alwen and Serbinenko. The lower bound proof inherently relies on the construction being data dependent, and there is no obvious way to adapt it to something like Argon2i. Stefano
- [Cfrg] Security analysis of scrypt Stefano Tessaro
- Re: [Cfrg] Security analysis of scrypt Salz, Rich
- Re: [Cfrg] Security analysis of scrypt Paul Grubbs
- Re: [Cfrg] Security analysis of scrypt Stefano Tessaro
- Re: [Cfrg] Security analysis of scrypt Stefano Tessaro
- Re: [Cfrg] Security analysis of scrypt Paul Grubbs
- Re: [Cfrg] Security analysis of scrypt Bill Cox
- Re: [Cfrg] Security analysis of scrypt Stefano Tessaro