Argon2

From CryptoLUX
Revision as of 10:29, 30 March 2015 by Dmitry.khovratovich (talk | contribs) (Created page with " '''Argon2''' is a new hash function, which summarizes the state of the art in the design of memory-hard functions. It is a streamlined and simple design. It aims at the highe...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Argon2 is a new hash function, which summarizes the state of the art in the design of memory-hard functions. It is a streamlined and simple design. It aims at the highest memory filling rate and effective use of multiple computing units, while still

providing defense against tradeoff attacks. Argon2 is optimized for the x86 architecture and exploits the cache and memory organization of the recent Intel and AMD processors. Argon2 has two variants: Argon2d and Argon2i. Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks. Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks. It summarizes the research our group has done in the concept of memory-hard functions and uses a number of novel ideas to achieve very high performance.


Reference and optimized implementations

Design Rationality and Security Analysis of PHC Candidates: Overview

"Tradeoff cryptanalysis of password hashing schemes" -- Talk at PasswordsCon'14, extended version

Argon Presentation Slides