Questions tagged [balloon]

Balloon is a password hashing/password based key derivation function published in 2016.

Balloon is a password hashing/password based key derivation function.

References:

https://crypto.stanford.edu/balloon/

6 questions

votes

2 answers

Does the Balloon hashing paper deprecate Argon2?

Does the recent Balloon hashing paper and the included attack on Argon2 effectively negate the result of the Password Hashing Competition? On one hand it seems that only a constant-factor improvement has been achieved, which is rarely critical in…

password-hashing argon2 balloon

asked Sep 15 '16 at 05:35

rmalayter

2,297
17
24

votes

1 answer

What's the use of the `delta` parameter in Balloon's hash?

The image below shows Balloon's pseudo code from its paper, and relevant parameters to my question is delta. Question: What is its impact on memory hardness?

key-derivation memory-hard balloon balloon-hashing

asked Jan 15 '25 at 16:36

caveman

vote

0 answers

How do side channel attacks on memory hard key derivation work?

Is it solely by exploiting that accessing a given memory address depends on its location? E.g. column hit? Or is it just the CPU cache pre-fetching? Or is it something else (or more)? Also, how does the attacker find out the location of picked…

side-channel-attack argon2 memory-hard balloon balloon-hashing

asked Feb 13 '25 at 06:55

caveman

vote

1 answer

How is pseudo-randomly key-independently picked dependencies better than a sequential arithmetic order one?

In Balloon, a salt is used seed a CSPRNG that picks dependency blocks pseudo-randomly. This salt is obviously not a secret, and an adversary can know that it would pick a given sequence. For example, if we have memory blocks 1 … 10, this salted …

argon2 memory-hard balloon

asked Feb 09 '25 at 09:38

caveman

vote

1 answer

What does Balloon's theorem really mean?

Balloon's theorem says: Questions: Am I understanding the variables correctly? $n$ is number of blocks the user chooses. $r$ is number of rounds the user chooses. $\delta$ is number of pseudorandom dependencies the user chooses per-round…

brute-force-attack memory-hard proof balloon balloon-hashing

asked Jan 22 '25 at 13:47

caveman

votes

1 answer

Choice of delta-neighbors in Balloon Hash algorithm

Reference Document: https://eprint.iacr.org/2016/027.pdf According to appendix D section 4 definition 27 each vertex in V has predecessors sampled independently and uniformly at random from the set U It appears from the pseudo-code in section 3.1…

password-hashing balloon

asked Jun 11 '19 at 19:04

Gregor y