[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Apr 2015 19:22:41 +0000
From: Gregory Maxwell <gmaxwell@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] "Attack on the iterative compression function"
On Fri, Apr 17, 2015 at 5:05 PM, Bill Cox <waywardgeek@...il.com> wrote:
> The Argon team does great work, but they continually warp there conclusions
> to favor their incorrect world-view that the original Argon algorithm is
> better than all the rest. They use outlandish definitions for common things
> like "time*memory" defense, and wafer-sized ASICs holding zero latency
> multi-gigabyte nearly-zero power cache RAM.
I'm appreciative of their approach, as it strikes me as more
conservative generally.
When I asked previously the PHC list failed to present strong
arguments on how much of the presumed hardness of 'memory hard'
functions are fundamental. I have not seen strong evidence that anyone
has a firm grasp on what the impact of future memory technologies and
silicon topologies (e.g. what effect does through silicon vias and 3d
parts have on your latency assumptions) will do this this problem, or
a good handle on how "operating cost" vs amortizable construction
costs, should be handled. In that light, it can be useful to analyze
thing where more debatable costs are set in the attacker's favor.
Powered by blists - more mailing lists