lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Sep 2014 17:47:58 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - Catena

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/19/2014 01:28 PM, Christian Forler wrote:
> Am 15.09.2014 um 14:19 schrieb Dmitry Khovratovich: Here, we
> introduced a new instantiation of Catena based on a 
> lambda-memory-hard function, called Double-Butterfly Hashing
> (DBH), which basically is a back-to-back placed Fast Fourier
> Transformation. Further information can be found on the ePrint
> paper.
> 
> BTW: Sascha Schmidt, one of our graduated students, already
> implemented a reference implementation of Catena-DBH that is
> available at github (https://github.com/cforler/catena)
> 
> Best regards, Christian Forler
> 
> 

I look forward to reading about the Double-Butterfly Hashing.  I saw
something you might find interesting while trying to attack Makwa.  If
2 is a group generator modulo an odd prime, then multiplying to a
power of 2-inverse behaves a lot like a bit-reversal.

Any power-of-two long sequence, when multiplied by 2-iverse ^ bits in
sequence, evenly distributes (almost) the values throughout the
address space.  The most they can be off by is the length of the
sequence in bits.  However, unlike bit-reversal, if you apply the
operation again, you do not get back to where you started, and the
locations become difficult to predict.  It occurred to me that this
might be an interesting memory access pattern for a cache-timing
resistant algorithm.  I think you could still do your pebbling proofs

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUHKSKAAoJEAcQZQdOpZUZkIIP/0tv/PSGNNb7bIQ+UXwmgisH
3VTNRlrr5MTLnL8ugoOBhR0gyNpWkB7/eib1iUywyILYpgxnMYDVyNwKXQVZWqGB
8D7QqiirF8tfzn0NbxgT3GZYn5El6Nn4TWFBLYOADbk2jqmqpjKpPVfycUYmZCRO
rCD3rwaSqdakp/p/eneDEM2DWH1AyaMWc+c5Q2+syLb/NVvYFlJjnjI6GA68hodi
BC9wrwHH3LUWKQ87SIcxDAxoxnyGZkeweIZggPkmrnKYr8mdIlzpG9Cul8POcKN3
qfEJamstTR7HCSJ8eQu8wFgevKmDSttubXNSoAyebxQyDpkeoLmeYIeT6IP+6XI3
6p3bfu4mDLg4BSkM/1+FV7MQ+Defm0dGDYQw6pl9ICHGLd9waBpouNVMD2moAESJ
kdq9bi4TA+aOACN9hJQ3QLozOXrgucJRO0rkLlYE3/IvFV6WNiWCxHlG0sbpU0dj
V84vc4kS6d7dUiKhvJlojIo/l0lFGsx30z8QSL/9e7yBCWMF8VZkL7POv4y3PHq2
9VQ0BZfS9DmayTjvMKw2cASoHtHHSVxvhvXYhQ2O3Ahqbzw521YWaBrr0tNwSQAY
elIK6OLy2sqAv6EfyjhPeu5Aka0l/5YPDiEA6Oek3+iVVDIFNvUkXvuVTll8BVUa
8CyI4qeIVM+Gq6+Ytnq+
=X400
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists