[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140122130702.GA2860@openwall.com>
Date: Wed, 22 Jan 2014 17:07:02 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Modified pseudo-random distribution in NoelKDF
On Wed, Jan 22, 2014 at 07:43:53AM -0500, Bill Cox wrote:
> This reduced the 25% coverage attack to 24.5X penalty for a 1% cheat
> killer pass. I did the same for the sliding window. I increased the
> minimum edge length to pebble a node to 22,500 to keep it at 25.0%
> pebble coverage, and the penalty dropped to 0.88X for my 1% pass.
What is meant by a penalty of 0.88X? Perhaps a penalty below 1X is not
actually a penalty. Is this only a math abstraction useful for actually
relevant conclusions like:
> A 100% pass would have a penalty of 88X. Also, a 20% pass (pebble every
> 16 instead of 12, and edge length <= 10,000) gets 10X penalty for 1%,
> or 1000X penalty for 100% coverage.
>
> It still looks pretty good to me, though the cubed distribution seems
> stronger in defense.
... speaking of defense against TMTO only, but that's not the only thing
we should care about. I don't want to move too far from uniform
distribution for reasons I previously explained.
Thank you for running these simulations!
Oh, and would you post the code for others in here to play with? Have
you actually implemented working TMTO attacks (computing the hashes in
less memory, and checking them against test vectors), or are you only
calculating what it'd take?
Alexander
Powered by blists - more mailing lists