• Publications
  • Influence
Generating Shorter Bases for Hard Random Lattices
TLDR
We revisit the problem of generating a ‘hard’ random lattice together with a basis of relatively short vectors. Expand
  • 367
  • 42
  • PDF
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
We study the design of cryptographic primitives resilient to key-leakage attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to theExpand
  • 277
  • 26
  • PDF
Public-Key Encryption in the Bounded-Retrieval Model
TLDR
We construct the first public-key encryption scheme in the Bounded-Retrieval Model (BRM), providing security against various forms of adversarial “key leakage” attacks. Expand
  • 185
  • 22
  • PDF
High Parallel Complexity Graphs and Memory-Hard Functions
TLDR
We develop new theoretical tools for proving lower-bounds on the (amortized) complexity of certain functions in models of parallel computation in a simple and intuitive parallel setting. Expand
  • 65
  • 9
  • PDF
Efficiently Computing Data-Independent Memory-Hard Functions
TLDR
A memory-hard function MHF f is equipped with a space cost $${\sigma } $$ and time cost$${\tau } $$ parameter such that repeatedly computing it on an application specific integrated circuit ASIC is not economically advantageous relative to a general purpose computer. Expand
  • 52
  • 9
  • PDF
The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol
TLDR
Signal is a famous secure messaging protocol used by billions of people, by virtue of many secure text messaging applications including Signal itself, WhatsApp, Facebook Messenger, Skype, and Allo. Expand
  • 39
  • 9
  • PDF
Learning with Rounding, Revisited: New Reduction, Properties and Applications
TLDR
The learning with rounding (LWR) problem, introduced by Banerjee, Peikert and Rosen at EUROCRYPT ’12, is a variant of learning with errors, where one replaces random errors with deterministic rounding. Expand
  • 103
  • 7
  • PDF
Scrypt Is Maximally Memory-Hard
TLDR
Memory-hard functions (MHFs) are hash algorithms whose evaluation cost is dominated by memory cost. Expand
  • 49
  • 5
  • PDF
Collusion-Preserving Computation
TLDR
In collusion-free protocols, subliminal communication is impossible and parties are thus unable to communicate “any information beyond what the protocol allows”. Expand
  • 25
  • 5
  • PDF
Towards Practical Attacks on Argon2i and Balloon Hashing
  • J. Alwen, J. Blocki
  • Computer Science
  • IEEE European Symposium on Security and Privacy…
  • 26 April 2017
TLDR
We extend the theoretical attacks of Alwen and Blocki (CRYPTO 2016) to the recent Argon2i-B proposal demonstrating severe asymptotic deficiencies in its security. Expand
  • 28
  • 3
  • PDF