Paper 2015/430

Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing

Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich


Memory-hard functions are becoming an important tool in the design of password hashing schemes, cryptocurrencies, and more generic proof-of-work primitives that are x86-oriented and can not be computed on dedicated hardware more efficiently. We develop a simple and cryptographically secure approach to the design of such functions and show how to exploit the architecture of modern CPUs and memory chips to make faster and more secure schemes compared to existing alternatives such as scrypt. We also propose cryptographic criteria for the components, that prevent cost reductions using time-memory tradeoffs and side-channel leaks. The concrete proof-of-work instantiation, which we call Argon2, can fill GBytes of RAM within a second, is resilient to various tradeoffs, and is suitable for a wide range of applications, which aim to bind a computation to a certain architecture. Concerning potential DoS attacks, our scheme is lightweight enough to offset the bottleneck from the CPU to the memory bus thus leaving sufficient computing power for other tasks. We also propose parameters for which our scheme is botnet resistant. As an application, we suggest a cryptocurrency design with fast and memory-hard proof-of-work, which allows memoryless verification.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
khovratovich @ gmail com
alex biryukov @ uni lu
dumitru-daniel dinu @ uni lu
2015-05-06: received
Short URL
Creative Commons Attribution


      author = {Alex Biryukov and Daniel Dinu and Dmitry Khovratovich},
      title = {Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing},
      howpublished = {Cryptology ePrint Archive, Paper 2015/430},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.