lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Aug 2014 21:49:48 +0200
From: Dmitry Khovratovich <>
To: "" <>
Subject: Re: [PHC] Vertcoin moving to Lyra2

PHC candidates can also specify their parameters for use in
cryptocurrencies, so that we could compare the security of different
schemes in the same application. However we have to specify the upper bound
on the running time of such scheme, which would be OK for existing

One approach could be to require the hash computation taking less time that
needed to verify all transactions in the block. Given that an average
Bitcoin block has 80 transactions and each signature takes 10^6 CPU cycles
to verify on the recent CPUs , we obtain that the hash
computation should take no more than 1/40th of a second on a 3.2 GHz CPU.


On Tue, Aug 12, 2014 at 9:05 PM, Greg Zaverucha <> wrote:

>  Thanks for posting this Dean.
> It looks from their timeframe that they can't wait for the PHC to
> complete, which is unfortunate.  As we discussed at Passwords, having a
> crypto currency adopt the PHC winner would give us good benchmark data on
> the speed and cost of computing the function with custom hardware.
> Greg
> *From:* Dean Pierce []
> *Sent:* Wednesday, August 6, 2014 6:17 AM
> *To:*
> *Subject:* Re: [PHC] Vertcoin moving to Lyra2
> More details about the switch here :
> I actually started following the PHC to track the development of
> yescrypt.  I'm mostly interested in PHC competitors for use as Proof of
> Work algorithms, especially for crypto currencies.  I had not really looked
> much into Lyra2 before the Vertcoin announcement.
> I think the main thing is coin developers wanting to move away from
> Scrypt, since there are some very high end Scrypt ASICs on the market now.
> Most attempts at making a new ASIC resistant coin have been based on
> stacking a bunch of SHA3 competitors in a row, which is just ridiculous.
> There have been some slightly better attempts, such as MemoryCoin, and
> PrimeCoin went for about a year before someone managed to create a highly
> optimized GPU miner.  YaCoin (scrypt with a higher N value) has actually
> done a good job, but their poor marketing skills means they are still very
> much under appreciated.
> Look up "cpu coin" or "cpu mining" and you can see that despite the large
> amount of interest in such a thing, the field is relatively
> underdeveloped.  I think the reason Vertcoin is sticking with "GPU
> Friendly" claims is mostly because anyone claiming to be CPU only
> eventually falls to the GPU miners.
>    - DEAN
> On Aug 6, 2014 12:51 AM, "Krisztián Pintér" <> wrote:
> this would be interesting, if they were providing any details on why they
> chose lyra2. but their blog lists only one feature, decoupled memory and
> computation cost. any insider info on the rationale?

Best regards,
Dmitry Khovratovich

Content of type "text/html" skipped

Powered by blists - more mailing lists