Paper 2023/1792

Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones

Daniel Hugenroth, University of Cambridge
Alberto Sonnino, Mysten Labs, University College London
Sam Cutler, The Guardian
Alastair R. Beresford, University of Cambridge

Traditional key stretching lacks a strict time guarantee due to the ease of parallelized password guessing by attackers. This paper introduces Sloth, a key stretching method leveraging the Secure Element (SE) commonly found in modern smartphones to provide a strict rate limit on password guessing. While this would be straightforward with full access to the SE, Android and iOS only provide a very limited API. Sloth utilizes the existing developer SE API and novel cryptographic constructions to build an effective rate-limit for password guessing on recent Android and iOS devices. Our approach ensures robust security even for short, randomly-generated, six-character alpha-numeric passwords against adversaries with virtually unlimited computing resources. Our solution is compatible with approximately 96% of iPhones and 45% of Android phones and Sloth seamlessly integrates without device or OS modifications, making it immediately usable by app developers today. We formally define the security of Sloth and evaluate its performance on various devices. Finally, we present HiddenSloth, a deniable encryption scheme, leveraging Sloth and the SE to withstand multi-snapshot adversaries.

Available format(s)
Cryptographic protocols
Publication info
key stretchingdeniable encryptionsecure elementmobile
Contact author(s)
dh623 @ cam ac uk
2023-11-29: revised
2023-11-20: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-ShareAlike


      author = {Daniel Hugenroth and Alberto Sonnino and Sam Cutler and Alastair R. Beresford},
      title = {Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1792},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.