Balloon hashing is a key derivation function presenting proven memory-hard password-hashing and modern design. It was created by Dan Boneh, Henry Corrigan-Gibbs (both at Stanford University) and Stuart Schechter (Microsoft Research) in 2016.12
The authors claim that Balloon:
- has proven memory-hardness properties,
- is built from standard primitives: it can use any standard non-space-hard cryptographic hash function as a sub-algorithm (e.g., SHA-3, SHA-512),
- is resistant to side-channel attacks: the memory access pattern is independent of the data to be hashed,
- is easy to implement and matches the performance of similar algorithms.
Balloon is compared by its authors with Argon2, a similarly performing algorithm.1
Algorithm
There are three steps in the algorithm:1
- Expansion, where an initial buffer is filled with a pseudorandom byte sequence derived from the password and salt repeatedly hashed.
- Mixing, where the bytes in the buffer are mixed time_cost number of times.
- Output, where a portion of the buffer is taken as the hashing result.
References
References
- Boneh, Dan; Corrigan-Gibbs, Henry; Schechter, Stuart (2016-01-11). "Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks". Cryptology ePrint Archive. 2016 (27). Retrieved 2019-09-03.
- "Balloon Hashing". Stanford Applied Crypto Group. Stanford University. Retrieved 2019-09-03.
Further reading
Further reading
- Alwen, Joel; Blocki, Jeremiah (2016). "Efficiently Computing Data-Independent Memory-Hard Functions". Cryptology ePrint Archive. 2016 (115).
- Alwen, Joël; Blocki, Jeremiah (2016). "Towards Practical Attacks on Argon2i and Balloon Hashing". Cryptology ePrint Archive. 2016 (759).
External links
External links