03 Jakob Wenzel - Catena Variants

Catena Variants - Different Instantiations for an Extremely Flexible Password-Hashing Framework Abstract: Catena is a password-scrambling framework characterized by its high flexibility. The user (defender) can simply adapt the underlying (cryptographic) primitives, the underlying memory-hard function, and the time (λ) and memory (garlic) parameters, to render it suitable for a wide range of applications. This enables Catena to maximize the defense against specific adversaries, their capabilities and goals, and to cope with a high variation of hardware and constraints on the side of the defender. Catena has obtained special recognition of the Password Hashing Competition (PHC), alongside of the winner Argon2. Since the specification document of the PHC submission discusses and specifies only six default instantiations with limited parameter recommendations, we want to use this document to introduce further variants of Catena, or rather, further instantiations of the Catena framework. Our instantiations use different hash functions, and we evaluate their influence on the computational time and the throughput. Next, we discuss how instantiations of the memory-hard graph-based algorithm influence the computational time and resistance against low-memory attacks. Furthermore, we introduce possible extensions of Catena accommodat ing strong resistance against GPU- and ASIC-based adversaries, e.g., by providing sequential memory-hardness due to a data-dependent indexing function. At the end, we combine particular instantiations discussed so far to construct full-fledged variants of Catena for certain goals. Hence, this document can be seen as an additional guide to the PHC submission of Catena when considering its usage under certain restrictions. -- Jakob Wenzel: In 2011, after finishing my B. Sc. and M. Sc. in Computer Science and Media, I startet my PhD at the Bauhaus-Universität Weimar, Germany. Since then, I am working in the group of Prof. Stefan Lucks and we are focusing on symmetric cryptographc. More detailed, we mainly work on provable security, differential cryptanalysis, and since 2012 we also focus on password security. I am a co-author of the PHC finalist Catena as well as the 2nd-round candidate POET (CAESAR competition).