[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55142548.4080504@larc.usp.br>
Date: Thu, 26 Mar 2015 12:27:04 -0300
From: Marcos Simplicio <mjunior@...c.usp.br>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Another PHC candidates "mechanical" tests (ROUND2)
>> Or more generic question: what about embedded world?
>>
>> PHC seems to be mainly about online services, where you have some big
>> Intel server hosting behind it but I would like to not forget about embedded
>> systems.
>
> You simply scale down the cost settings accordingly. yescrypt is
> designed to achieve decent attack resistance even at low settings (of
> course, I mean decent for those settings), including below 1 MB.
>
> Alternatively, there are PHC finalists that are well-suited specifically
> for such uses - that's Pufferfish and maybe POMELO - but yescrypt has
> the advantage of being a single scheme that is well-suited across the
> range from KBs to TBs (and beyond, when relevant).
>
> Lyra2 is less suitable for low sizes like this.
>
Just for the sake of clarity: why exactly? One can use Lyra2 with
small-state sponges (e.g., Blake2s or even something smaller), for
example, and the Lyra2 wrapper around this sponge would provide similar
protection against attacks involving TMTO (if that is relevant) or
parallel attacks (e.g., with bandwidth usage).
I mean, without further arguments, I'm not sure I can provide
counter-arguments... :)
Anyhow we do have some research initiatives in our department in which
we are planning to use Lyra2 on embedded systems and see interesting
parameters/underlying sponges.
Marcos.
Powered by blists - more mailing lists