Content deleted Content added
m A876 moved page Memory hard function to Memory-hard function: compound modifier is hyphenated. |
some wordings. +hyphens. +links. checked some links. |
||
Line 1:
{{Multiple issues|{{
In [[cryptography]], a '''memory
== Memory hard measure ==
Line 8:
Another viable measure is integrating memory against physical time.<ref>(MO16) Moran, Orlov, [https://eprint.iacr.org/2016/035.pdf ''Simple Proofs of Space-Time and Rational Proofs of Storage''], 2016</ref>
Yet another measure is the memory [[bandwidth (computing)|bandwidth]] consumption on a memory bus.<ref>(BR18) Blocki, Ren, [https://eprint.iacr.org/2018/221.pdf ''Bandwidth-Hard Functions: Reductions and Lower Bounds''], 2018</ref> This category of functions are also dubbed "
== Motivation ==
There is a reason why MHFs cost a lot of memory instead of, say, CPU cycles. [[Bitcoin]] used repeated evaluation of [[SHA-2
Over time, it has been recognized that memory cost remains fairly equal across the board. Hence MHF.
Line 17:
== Variants ==
Based on their evaluation patterns, MHFs can be put into two camps: data-dependent (dMHF) and data-independent (iMHF). dMHFs are that which sometimes you don't know which pieces of information you would still need for later calculations, and iMHFs are ones that there's no such ambiguity. <!-- this is probably a very confusing explanation, need to change! --> Examples of dMHFs are [[scrypt]]
dMHFs have the glaring problem that they are prone to [[side
▲== Construction ==
===depth-robust graph===
For iMHFs in the parallel random oracle model (pROM), it is a known fact that the cumulative pebbling complexity is lower-bounded and upper-bounded by the depth-robustness of a graph.
===scrypt===
===bit-reversal-graph===▼
▲===bit-reversal-graph===
== References ==▼
{{Reflist}}
[[Category:Cryptography]]
|