Lyra2: Password Hashing Scheme with improved security against time-memory trade-offs
Resumo
To protect against brute force attacks, modern password-based authentication systems usually employ mechanisms known as Password Hashing Schemes (PHS). Basically, a PHS is a cryptographic algorithm that generates a sequence of pseudorandom bits from a user-defined password, allowing the user to configure the computational costs involved in the process aiming to raise the costs of attackers testing multiple passwords trying to guess the correct one. In this context, the goal of this research effort is to propose a novel and superior PHS alternative. Specifically, the objective is to improve the Lyra algorithm, a PHS built upon cryptographic sponges whose project counted with the authors' participation. The resulting solution, called Lyra2, preserves the efficiency and flexibility of Lyra, and it brings important improvements when compared to its predecessor: (1) it allows a higher security level against attack venues involving time-memory trade-offs; (2) it includes tweaks for increasing the costs involved in the construction of dedicated hardware to attack; (3) it balances resistance against side-channel threats and attacks relying on cheaper (and, hence, slower) storage devices. Besides describing the algorithm's design rationale in detail, the thesis also includes a detailed analysis of its security and performance.
Referências
Almeida, L., Andrade, E., Barreto, P., and Simplicio, M. (2014). Lyra: Password-based key derivation with tunable memory and processing costs. JCE, 4(2):75–89.
Andrade, E. R. (2016). Lyra2: Password Hashing Scheme with improved security against time-memory trade-offs. PhD thesis, Escola Politécnica da Universidade de São Paulo (Poli-USP), São Paulo. Available from: [link].
Andrade, E. R. and Simplicio Jr, M. A. (2014a). Lyra2: a password hashing schemes with tunable memory and processing costs. LATINCRYPT’14. Brazil.
Andrade, E. R. and Simplicio Jr, M. A. (2014b). Lyra2: Um Esquema de Hash de Senhas com custos de memória e processamento ajust´aveis. 53–55, October, III WPG-EC. São Paulo, SP, Brazil. [link].
Andrade, E. R., Simplicio Jr, M. A., Barreto, P. S. L. M., and Santos, P. C. F. d. (2016). Lyra2: efficient password hashing with high security against time-memory tradeoffs. IEEE Transactions on Computers, PP(99).
Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., and Winnerlein, C. (2013). BLAKE2: simpler, smaller, fast as MD5. [link].
Biryukov, A., Dinu, D., and Khovratovich, D. (2016). Argon2: the memory-hard function for password hashing and other applications. PHC, v1.3 of Argon2 edition.
Broz, M. (2014). Another PHC candidates “mechanical” tests – pub archives of PHC list.
Chakrabarti, S. and Singbal, M. (2007). Password-based authentication: Preventing dictionary attacks. Computer, 40(6):68–74.
Crypto Mining (2015). Updated Windows Binary of sgminer 5.1.1 With Fixed Lyra2Re Support – Crypto Mining Blog. [link].
Forler, C., List, E., Lucks, S., and Wenzel, J. (2014). Overview of the Candidates for the Password Hashing Competition - And Their Resistance Against Garbage-Collector Attacks. Cryptology ePrint Archive. [link].
Forler, C., Lucks, S., and Wenzel, J. (2013). Catena: A memory-consuming password scrambler. Cryptology ePrint Archive. eprint.iacr.org/2013/525.
ICISSP (2016). Previous awards. International Conference on Information Systems Security and Privacy – website. [link].
Kaliski, B. (2000). PKCS#5: Password-Based Cryptography Specif. v2.0 (RFC 2898).
NIST (2009). Special Publication 800-18 – Recommendation for Key Derivation Using Pseudorandom Functions. NIST, USA.
NIST (2011). Special Publication 800-63-1 – Electronic Authentication Guideline. NIST.
Percival, C. (2009). Stronger key derivation via sequential memory-hard functions. In BSD Conference.
PHC (2013). Password Hashing Competition. [link].
Provos, N. and Mazières, D. (1999). A future-adaptable password scheme. In USENIX’99.
SBSeg16 (2016). Trabalhos premiados. XVI SBSeg. [link].
ZCoin (2016). Lyra2 Mining switch: Update your wallet. [link].
