Jump to content

Memory-hard function

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Bluedeck (talk | contribs) at 20:25, 25 November 2019 (Variants). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In cryptography, a memory hard function (MHF) is a function that costs a significant amount of memory to evaluate. It is different from memory bound functions, the latter incurs cost by slowing down computation through memory latency. MHFs find their use as a form of proof-of-work.

Memory hard measure

There are different ways to measure the memory hardness of a function. A commonly seen measure is Cumulative Memory Complexity (CMC). In a parallel model, CMC measures memory hardness by summing up all the inputs on each step. [1]

Another viable measure is integrating memory against physical time.[2]

Yet another measure is the memory bandwidth consumption on a memory bus.[3] This category of functions are also dubbed "Bandwidth-hard functions".

Motivation

There is a reason why MHFs cost a lot of memory instead of, say, CPU cycles.

Variants

Based on their evaluation patterns, MHFs can be put into two camps: data-dependent (dMHF) and data-independent (iMHF). Examples of dMHFs are scrypt, argon2d. Examples of iMHFs are argon2i, catena. Many of these MHFs are developed to be used as key derivation functions exactly because of their memory hardness.

References

  1. ^ (AS15) Alwen, Serbineko, High Parallel Complexity Graphs and Memory-Hard Functions, 2015
  2. ^ (MO16) Moran, Orlov, Simple Proofs of Space-Time and Rational Proofs of Storage, 2016
  3. ^ (BR18) Blocki, Ren, Bandwidth-Hard Functions: Reductions and Lower Bounds, 2018
Retrieved from "https://en.wikipedia.org/w/index.php?title=Memory-hard_function&oldid=927947108"