• Corpus ID: 238531534

Parallel Quantum Pebbling: Analyzing the Post-Quantum Security of iMHFs

@article{Blocki2021ParallelQP,
  title={Parallel Quantum Pebbling: Analyzing the Post-Quantum Security of iMHFs},
  author={Jeremiah Blocki and Seunghoon Lee},
  journal={ArXiv},
  year={2021},
  volume={abs/2110.04191}
}
The classical (parallel) black pebbling game is a useful abstraction which allows us to analyze the resources (space, space-time, cumulative space) necessary to evaluate a function f with a static data-dependency graph G. Of particular interest in the field of cryptography are data-independent memory-hard functions fG,H which are defined by a directed acyclic graph (DAG) G and a cryptographic hash function H . The pebbling complexity of the graph G characterized the amortized cost of evaluating… 

Figures from this paper

References

SHOWING 1-10 OF 34 REFERENCES
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions
TLDR
Several exceedingly simple and efficient to navigate practical DAGs for use in iMHFs and other applications and improve the best known empirical attacks on the aAT of Argon2i by implementing and testing several heuristic versions of a (hitherto purely theoretical) depth-reduction attack.
Data-Independent Memory Hard Functions: New Attacks and Stronger Constructions
TLDR
This work constructs a new iMHF with a strong sustained space-complexity guarantee and empirically demonstrates that the construction is asymptotically optimal under every MHF criteria, and empirical analysis reverses the prior conclusion that DRSample provides stronger resistance to known pebbling attacks.
Reversible Pebbling Game for Quantum Memory Management
TLDR
This work develops a SAT-based algorithm that returns a valid clean-up strategy, taking the limitations of the quantum hardware into account, and applies it to straight-line programs, widely used in cryptographic applications.
On the Security of Proofs of Sequential Work in a Post-Quantum World
TLDR
Cohen and Pietrzak (EUROCRYPT 2018) gave a more efficient construction of proofs of sequential work in the random oracle model that does not require depth-robust graphs.
High Parallel Complexity Graphs and Memory-Hard Functions
TLDR
A new, more robust, type of Memory-Hard Functions (MHF) is obtained; a security primitive which has recently been gaining acceptance in practice as an effective means of countering brute-force attacks on security relevant functions.
Depth-Robust Graphs and Their Cumulative Memory Complexity
TLDR
Data-independent Memory Hard Functions (iMHFS) are finding a growing number of applications in security; especially in the domain of password hashing, where the quality of that iMHF is captured by the following two pebbling complexities.
Time and space complexity of reversible pebbling
TLDR
This paper investigates one possible model of reversible computations, an important paradigm in the context of quantum computing, and shows a tight optimal space bound for the binary tree of height h of the form h + Θ(lg* h ) and discusses space complexity for the butterfly.
Random Oracles in a Quantum World
TLDR
It is shown that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure.
Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks
TLDR
This work presents the Balloon password-hashing algorithm, the first practical cryptographic hash function that has proven memory-hardness properties in the random-oracle model, and demonstrates and implements a practical attack against Argon2i that successfully evaluates the function with less space than was previously claimed possible.
Towards Practical Attacks on Argon2i and Balloon Hashing
TLDR
This work extends the theoretical attacks of Alwen and Blocki to the recent Argon2i-B proposal demonstrating severe asymptotic deficiencies in its security and introduces several novel heuristics for improving the attack's concrete memory efficiency even when on-chip memory bandwidth is bounded.
...
1
2
3
4
...