| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOU__fyR+OM=X16uFBgQC2QpiHRKgR+H1H+Z8Nfrisr=ShaKPg@mail.gmail.com> Date: Mon, 27 Jul 2015 15:46:37 -0400 From: John Tromp <john.tromp@...il.com> To: Bill Cox <waywardgeek@...il.com> Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, "cryptography@...zdowd.com" <cryptography@...zdowd.com> Subject: Re: [Cryptography] [OT] Improvement to Momentum PoW On Mon, Jul 27, 2015 at 2:29 PM, Bill Cox <waywardgeek@...il.com> wrote: > A problem with Momentum as currently implemented is that it can be run with > reduced memory, enabling efficient GPU attacks. Dave Andersen's latest remarks on his GPU code: https://bitcointalk.org/index.php?topic=826901.msg11944049#msg11944049 You can ask him what he thinks is a faster implementation. Fore reduced memory, you can find all collisions in 8MB, using Cuckoo Cycle's algorithm for finding 2 cycles in bipartite graphs. > I think we can get around > this problem simply by changing the parameters it uses. > If instead, we run with n == 26, and Hb's output also being 26 bits, then we > get around 2^26 collisions. To me, that's a completely different beast. I would no longer call that Momentum... -John
Powered by blists - more mailing lists