Symmetrically and Asymmetrically Hard Cryptography

Abstract : The main efficiency metrics for a cryptographic primitive are its speed, its code size and its memory complexity. For a variety of reasons, many algorithms have been proposed that, instead of optimizing, try to increase one of these hardness forms. We present for the first time a unified framework for describing the hardness of a primitive along any of these three axes: code-hardness, time-hardness and memory-hardness. This unified view allows us to present modular block cipher and sponge constructions which can have any of the three forms of hardness and can be used to build any higher level symmetric primitive: hash function, PRNG, etc. We also formalize a new concept: asymmetric hardness. It creates two classes of users: common users have to compute a function with a certain hardness while users knowing a secret can compute the same function in a far cheaper way. Functions with such an asymmetric hardness can be directly used in both our modular structures, thus constructing any symmetric primitive with an asymmetric hardness. We also propose the first asymmetrically memory-hard function, Diodon. As illustrations of our framework, we introduce Whale and Skipper. Whale is a code-hard hash function which could be used as a key derivation function and Skipper is the first asymmetrically time-hard block cipher.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01650044
Contributor : Léo Perrin <>
Submitted on : Tuesday, November 28, 2017 - 11:11:35 AM
Last modification on : Thursday, April 26, 2018 - 10:27:46 AM

File

414.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Alex Biryukov, Léo Perrin. Symmetrically and Asymmetrically Hard Cryptography. Asiacrypt 2017 - Advances in Cryptology, Dec 2017, Hong Kong, China. pp.417--445, ⟨10.1007/978-3-319-70700-6_15⟩. ⟨hal-01650044⟩

Share

Metrics

Record views

889

Files downloads

814