[{"publisher":"ACM","quality_controlled":"1","oa":1,"acknowledgement":"Leonid Reyzin was supported in part by IST Austria and by US NSF grants 1012910, 1012798, and 1422965; this research was performed while he was visiting IST Austria.","page":"51 - 65","date_published":"2018-06-01T00:00:00Z","doi":"10.1145/3196494.3196534","date_created":"2018-12-11T11:45:07Z","isi":1,"year":"2018","day":"01","publication":"Proceedings of the 2018 on Asia Conference on Computer and Communication Security","project":[{"_id":"25FBA906-B435-11E9-9278-68D0E5697425","call_identifier":"FP7","name":"Discrete Optimization in Computer Vision: Theory and Practice","grant_number":"616160"},{"name":"Teaching Old Crypto New Tricks","grant_number":"682815","call_identifier":"H2020","_id":"258AA5B2-B435-11E9-9278-68D0E5697425"}],"publist_id":"7723","author":[{"id":"2A8DFA8C-F248-11E8-B48F-1D18A9856A87","first_name":"Joel F","full_name":"Alwen, Joel F","last_name":"Alwen"},{"last_name":"Gazi","full_name":"Gazi, Peter","first_name":"Peter"},{"last_name":"Kamath Hosdurg","full_name":"Kamath Hosdurg, Chethan","id":"4BD3F30E-F248-11E8-B48F-1D18A9856A87","first_name":"Chethan"},{"id":"3E83A2F8-F248-11E8-B48F-1D18A9856A87","first_name":"Karen","full_name":"Klein, Karen","last_name":"Klein"},{"full_name":"Osang, Georg F","orcid":"0000-0002-8882-5116","last_name":"Osang","first_name":"Georg F","id":"464B40D6-F248-11E8-B48F-1D18A9856A87"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654","last_name":"Pietrzak"},{"last_name":"Reyzin","full_name":"Reyzin, Lenoid","first_name":"Lenoid"},{"first_name":"Michal","id":"3CB3BC06-F248-11E8-B48F-1D18A9856A87","last_name":"Rolinek","full_name":"Rolinek, Michal"},{"id":"2B3E3DE8-F248-11E8-B48F-1D18A9856A87","first_name":"Michal","last_name":"Rybar","full_name":"Rybar, Michal"}],"article_processing_charge":"No","external_id":{"isi":["000516620100005"]},"title":"On the memory hardness of data independent password hashing functions","citation":{"mla":"Alwen, Joel F., et al. “On the Memory Hardness of Data Independent Password Hashing Functions.” Proceedings of the 2018 on Asia Conference on Computer and Communication Security, ACM, 2018, pp. 51–65, doi:10.1145/3196494.3196534.","short":"J.F. Alwen, P. Gazi, C. Kamath Hosdurg, K. Klein, G.F. Osang, K.Z. Pietrzak, L. Reyzin, M. Rolinek, M. Rybar, in:, Proceedings of the 2018 on Asia Conference on Computer and Communication Security, ACM, 2018, pp. 51–65.","ieee":"J. F. Alwen et al., “On the memory hardness of data independent password hashing functions,” in Proceedings of the 2018 on Asia Conference on Computer and Communication Security, Incheon, Republic of Korea, 2018, pp. 51–65.","apa":"Alwen, J. F., Gazi, P., Kamath Hosdurg, C., Klein, K., Osang, G. F., Pietrzak, K. Z., … Rybar, M. (2018). On the memory hardness of data independent password hashing functions. In Proceedings of the 2018 on Asia Conference on Computer and Communication Security (pp. 51–65). Incheon, Republic of Korea: ACM. https://doi.org/10.1145/3196494.3196534","ama":"Alwen JF, Gazi P, Kamath Hosdurg C, et al. On the memory hardness of data independent password hashing functions. In: Proceedings of the 2018 on Asia Conference on Computer and Communication Security. ACM; 2018:51-65. doi:10.1145/3196494.3196534","chicago":"Alwen, Joel F, Peter Gazi, Chethan Kamath Hosdurg, Karen Klein, Georg F Osang, Krzysztof Z Pietrzak, Lenoid Reyzin, Michal Rolinek, and Michal Rybar. “On the Memory Hardness of Data Independent Password Hashing Functions.” In Proceedings of the 2018 on Asia Conference on Computer and Communication Security, 51–65. ACM, 2018. https://doi.org/10.1145/3196494.3196534.","ista":"Alwen JF, Gazi P, Kamath Hosdurg C, Klein K, Osang GF, Pietrzak KZ, Reyzin L, Rolinek M, Rybar M. 2018. On the memory hardness of data independent password hashing functions. Proceedings of the 2018 on Asia Conference on Computer and Communication Security. ASIACCS: Asia Conference on Computer and Communications Security , 51–65."},"user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1","scopus_import":"1","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2016/783"}],"month":"06","abstract":[{"lang":"eng","text":"We show attacks on five data-independent memory-hard functions (iMHF) that were submitted to the password hashing competition (PHC). Informally, an MHF is a function which cannot be evaluated on dedicated hardware, like ASICs, at significantly lower hardware and/or energy cost than evaluating a single instance on a standard single-core architecture. Data-independent means the memory access pattern of the function is independent of the input; this makes iMHFs harder to construct than data-dependent ones, but the latter can be attacked by various side-channel attacks. Following [Alwen-Blocki'16], we capture the evaluation of an iMHF as a directed acyclic graph (DAG). The cumulative parallel pebbling complexity of this DAG is a measure for the hardware cost of evaluating the iMHF on an ASIC. Ideally, one would like the complexity of a DAG underlying an iMHF to be as close to quadratic in the number of nodes of the graph as possible. Instead, we show that (the DAGs underlying) the following iMHFs are far from this bound: Rig.v2, TwoCats and Gambit each having an exponent no more than 1.75. Moreover, we show that the complexity of the iMHF modes of the PHC finalists Pomelo and Lyra2 have exponents at most 1.83 and 1.67 respectively. To show this we investigate a combinatorial property of each underlying DAG (called its depth-robustness. By establishing upper bounds on this property we are then able to apply the general technique of [Alwen-Block'16] for analyzing the hardware costs of an iMHF."}],"oa_version":"Submitted Version","ec_funded":1,"publication_status":"published","language":[{"iso":"eng"}],"type":"conference","conference":{"name":"ASIACCS: Asia Conference on Computer and Communications Security ","start_date":"2018-06-04","location":"Incheon, Republic of Korea","end_date":"2018-06-08"},"status":"public","_id":"193","department":[{"_id":"KrPi"},{"_id":"HeEd"},{"_id":"VlKo"}],"date_updated":"2023-09-13T09:13:12Z"},{"status":"public","conference":{"location":"Tel Aviv, Israel","end_date":"2018-05-03","start_date":"2018-04-29","name":"Eurocrypt: Advances in Cryptology"},"type":"conference","_id":"300","department":[{"_id":"KrPi"}],"date_updated":"2023-09-13T09:12:04Z","intvolume":" 10820","month":"03","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2018/077"}],"scopus_import":"1","alternative_title":["LNCS"],"oa_version":"Submitted Version","abstract":[{"lang":"eng","text":"We introduce a formal quantitative notion of “bit security” for a general type of cryptographic games (capturing both decision and search problems), aimed at capturing the intuition that a cryptographic primitive with k-bit security is as hard to break as an ideal cryptographic function requiring a brute force attack on a k-bit key space. Our new definition matches the notion of bit security commonly used by cryptographers and cryptanalysts when studying search (e.g., key recovery) problems, where the use of the traditional definition is well established. However, it produces a quantitatively different metric in the case of decision (indistinguishability) problems, where the use of (a straightforward generalization of) the traditional definition is more problematic and leads to a number of paradoxical situations or mismatches between theoretical/provable security and practical/common sense intuition. Key to our new definition is to consider adversaries that may explicitly declare failure of the attack. We support and justify the new definition by proving a number of technical results, including tight reductions between several standard cryptographic problems, a new hybrid theorem that preserves bit security, and an application to the security analysis of indistinguishability primitives making use of (approximate) floating point numbers. This is the first result showing that (standard precision) 53-bit floating point numbers can be used to achieve 100-bit security in the context of cryptographic primitives with general indistinguishability-based security definitions. Previous results of this type applied only to search problems, or special types of decision problems."}],"ec_funded":1,"volume":10820,"language":[{"iso":"eng"}],"publication_status":"published","project":[{"grant_number":"682815","name":"Teaching Old Crypto New Tricks","_id":"258AA5B2-B435-11E9-9278-68D0E5697425","call_identifier":"H2020"}],"title":"On the bit security of cryptographic primitives","article_processing_charge":"No","external_id":{"isi":["000517097500001"]},"author":[{"last_name":"Micciancio","full_name":"Micciancio, Daniele","first_name":"Daniele"},{"last_name":"Walter","full_name":"Walter, Michael","orcid":"0000-0003-3186-2482","id":"488F98B0-F248-11E8-B48F-1D18A9856A87","first_name":"Michael"}],"publist_id":"7581","user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1","citation":{"chicago":"Micciancio, Daniele, and Michael Walter. “On the Bit Security of Cryptographic Primitives,” 10820:3–28. Springer, 2018. https://doi.org/10.1007/978-3-319-78381-9_1.","ista":"Micciancio D, Walter M. 2018. On the bit security of cryptographic primitives. Eurocrypt: Advances in Cryptology, LNCS, vol. 10820, 3–28.","mla":"Micciancio, Daniele, and Michael Walter. On the Bit Security of Cryptographic Primitives. Vol. 10820, Springer, 2018, pp. 3–28, doi:10.1007/978-3-319-78381-9_1.","apa":"Micciancio, D., & Walter, M. (2018). On the bit security of cryptographic primitives (Vol. 10820, pp. 3–28). Presented at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-319-78381-9_1","ama":"Micciancio D, Walter M. On the bit security of cryptographic primitives. In: Vol 10820. Springer; 2018:3-28. doi:10.1007/978-3-319-78381-9_1","short":"D. Micciancio, M. Walter, in:, Springer, 2018, pp. 3–28.","ieee":"D. Micciancio and M. Walter, “On the bit security of cryptographic primitives,” presented at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel, 2018, vol. 10820, pp. 3–28."},"oa":1,"publisher":"Springer","quality_controlled":"1","acknowledgement":"Research supported in part by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under the SafeWare program. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views, position or policy of the Government. The second author was also supported by the European Research Council, ERC consolidator grant (682815 - TOCNeT).","date_created":"2018-12-11T11:45:42Z","date_published":"2018-03-31T00:00:00Z","doi":"10.1007/978-3-319-78381-9_1","page":"3 - 28","day":"31","year":"2018","isi":1},{"main_file_link":[{"open_access":"1","url":"http://pdfs.semanticscholar.org/d2d5/6da00fbc674e6a8b1bb9d857167e54200dc6.pdf"}],"scopus_import":"1","intvolume":" 32","month":"03","abstract":[{"lang":"eng","text":"Motivated by biological questions, we study configurations of equal spheres that neither pack nor cover. Placing their centers on a lattice, we define the soft density of the configuration by penalizing multiple overlaps. Considering the 1-parameter family of diagonally distorted 3-dimensional integer lattices, we show that the soft density is maximized at the FCC lattice."}],"oa_version":"Submitted Version","issue":"1","volume":32,"publication_status":"published","publication_identifier":{"issn":["08954801"]},"language":[{"iso":"eng"}],"type":"journal_article","article_type":"original","status":"public","_id":"312","department":[{"_id":"HeEd"}],"date_updated":"2023-09-13T09:34:38Z","oa":1,"quality_controlled":"1","publisher":"Society for Industrial and Applied Mathematics ","acknowledgement":"This work was partially supported by the DFG Collaborative Research Center TRR 109, “Discretization in Geometry and Dynamics,” through grant I02979-N35 of the Austrian Science Fund (FWF).","page":"750 - 782","date_created":"2018-12-11T11:45:46Z","date_published":"2018-03-29T00:00:00Z","doi":"10.1137/16M1097201","year":"2018","isi":1,"publication":"SIAM J Discrete Math","day":"29","project":[{"name":"Persistence and stability of geometric complexes","grant_number":"I02979-N35","call_identifier":"FWF","_id":"2561EBF4-B435-11E9-9278-68D0E5697425"}],"article_processing_charge":"No","external_id":{"isi":["000428958900038"]},"author":[{"orcid":"0000-0002-9823-6833","full_name":"Edelsbrunner, Herbert","last_name":"Edelsbrunner","id":"3FB178DA-F248-11E8-B48F-1D18A9856A87","first_name":"Herbert"},{"last_name":"Iglesias Ham","full_name":"Iglesias Ham, Mabel","first_name":"Mabel","id":"41B58C0C-F248-11E8-B48F-1D18A9856A87"}],"publist_id":"7553","title":"On the optimality of the FCC lattice for soft sphere packing","citation":{"ama":"Edelsbrunner H, Iglesias Ham M. On the optimality of the FCC lattice for soft sphere packing. SIAM J Discrete Math. 2018;32(1):750-782. doi:10.1137/16M1097201","apa":"Edelsbrunner, H., & Iglesias Ham, M. (2018). On the optimality of the FCC lattice for soft sphere packing. SIAM J Discrete Math. Society for Industrial and Applied Mathematics . https://doi.org/10.1137/16M1097201","ieee":"H. Edelsbrunner and M. Iglesias Ham, “On the optimality of the FCC lattice for soft sphere packing,” SIAM J Discrete Math, vol. 32, no. 1. Society for Industrial and Applied Mathematics , pp. 750–782, 2018.","short":"H. Edelsbrunner, M. Iglesias Ham, SIAM J Discrete Math 32 (2018) 750–782.","mla":"Edelsbrunner, Herbert, and Mabel Iglesias Ham. “On the Optimality of the FCC Lattice for Soft Sphere Packing.” SIAM J Discrete Math, vol. 32, no. 1, Society for Industrial and Applied Mathematics , 2018, pp. 750–82, doi:10.1137/16M1097201.","ista":"Edelsbrunner H, Iglesias Ham M. 2018. On the optimality of the FCC lattice for soft sphere packing. SIAM J Discrete Math. 32(1), 750–782.","chicago":"Edelsbrunner, Herbert, and Mabel Iglesias Ham. “On the Optimality of the FCC Lattice for Soft Sphere Packing.” SIAM J Discrete Math. Society for Industrial and Applied Mathematics , 2018. https://doi.org/10.1137/16M1097201."},"user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1"},{"quality_controlled":"1","publisher":"Elsevier","oa":1,"day":"01","publication":"Comptes Rendus Mathematique","isi":1,"year":"2018","date_published":"2018-04-01T00:00:00Z","doi":"10.1016/j.crma.2018.03.005","date_created":"2018-12-11T11:46:19Z","page":"412-414","user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1","citation":{"ista":"Akopyan A. 2018. On the number of non-hexagons in a planar tiling. Comptes Rendus Mathematique. 356(4), 412–414.","chicago":"Akopyan, Arseniy. “On the Number of Non-Hexagons in a Planar Tiling.” Comptes Rendus Mathematique. Elsevier, 2018. https://doi.org/10.1016/j.crma.2018.03.005.","ama":"Akopyan A. On the number of non-hexagons in a planar tiling. Comptes Rendus Mathematique. 2018;356(4):412-414. doi:10.1016/j.crma.2018.03.005","apa":"Akopyan, A. (2018). On the number of non-hexagons in a planar tiling. Comptes Rendus Mathematique. Elsevier. https://doi.org/10.1016/j.crma.2018.03.005","short":"A. Akopyan, Comptes Rendus Mathematique 356 (2018) 412–414.","ieee":"A. Akopyan, “On the number of non-hexagons in a planar tiling,” Comptes Rendus Mathematique, vol. 356, no. 4. Elsevier, pp. 412–414, 2018.","mla":"Akopyan, Arseniy. “On the Number of Non-Hexagons in a Planar Tiling.” Comptes Rendus Mathematique, vol. 356, no. 4, Elsevier, 2018, pp. 412–14, doi:10.1016/j.crma.2018.03.005."},"title":"On the number of non-hexagons in a planar tiling","author":[{"id":"430D2C90-F248-11E8-B48F-1D18A9856A87","first_name":"Arseniy","full_name":"Akopyan, Arseniy","orcid":"0000-0002-2548-617X","last_name":"Akopyan"}],"publist_id":"7420","article_processing_charge":"No","external_id":{"arxiv":["1805.01652"],"isi":["000430402700009"]},"oa_version":"Preprint","abstract":[{"text":"We give a simple proof of T. Stehling's result [4], whereby in any normal tiling of the plane with convex polygons with number of sides not less than six, all tiles except a finite number are hexagons.","lang":"eng"}],"month":"04","intvolume":" 356","scopus_import":"1","main_file_link":[{"url":"https://arxiv.org/abs/1805.01652","open_access":"1"}],"language":[{"iso":"eng"}],"publication_identifier":{"issn":["1631073X"]},"publication_status":"published","issue":"4","volume":356,"_id":"409","status":"public","type":"journal_article","article_type":"original","date_updated":"2023-09-13T09:34:12Z","department":[{"_id":"HeEd"}]},{"project":[{"_id":"2581B60A-B435-11E9-9278-68D0E5697425","call_identifier":"FP7","grant_number":"279307","name":"Quantitative Graph Games: Theory and Applications"},{"grant_number":"P 23499-N23","name":"Modern Graph Algorithmic Techniques in Formal Verification","_id":"2584A770-B435-11E9-9278-68D0E5697425","call_identifier":"FWF"},{"name":"Rigorous Systems Engineering","grant_number":"S 11407_N23","call_identifier":"FWF","_id":"25832EC2-B435-11E9-9278-68D0E5697425"},{"grant_number":"291734","name":"International IST Postdoc Fellowship Programme","_id":"25681D80-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}],"publist_id":"7404","author":[{"id":"2FDF8F3C-F248-11E8-B48F-1D18A9856A87","first_name":"Christian","last_name":"Hilbe","orcid":"0000-0001-5116-955X","full_name":"Hilbe, Christian"},{"last_name":"Chatterjee","orcid":"0000-0002-4561-241X","full_name":"Chatterjee, Krishnendu","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","first_name":"Krishnendu"},{"last_name":"Nowak","full_name":"Nowak, Martin","first_name":"Martin"}],"external_id":{"isi":["000446612000016"]},"article_processing_charge":"No","title":"Partners and rivals in direct reciprocity","citation":{"chicago":"Hilbe, Christian, Krishnendu Chatterjee, and Martin Nowak. “Partners and Rivals in Direct Reciprocity.” Nature Human Behaviour. Nature Publishing Group, 2018. https://doi.org/10.1038/s41562-018-0320-9.","ista":"Hilbe C, Chatterjee K, Nowak M. 2018. Partners and rivals in direct reciprocity. Nature Human Behaviour. 2, 469–477.","mla":"Hilbe, Christian, et al. “Partners and Rivals in Direct Reciprocity.” Nature Human Behaviour, vol. 2, Nature Publishing Group, 2018, pp. 469–477, doi:10.1038/s41562-018-0320-9.","apa":"Hilbe, C., Chatterjee, K., & Nowak, M. (2018). Partners and rivals in direct reciprocity. Nature Human Behaviour. Nature Publishing Group. https://doi.org/10.1038/s41562-018-0320-9","ama":"Hilbe C, Chatterjee K, Nowak M. Partners and rivals in direct reciprocity. Nature Human Behaviour. 2018;2:469–477. doi:10.1038/s41562-018-0320-9","ieee":"C. Hilbe, K. Chatterjee, and M. Nowak, “Partners and rivals in direct reciprocity,” Nature Human Behaviour, vol. 2. Nature Publishing Group, pp. 469–477, 2018.","short":"C. Hilbe, K. Chatterjee, M. Nowak, Nature Human Behaviour 2 (2018) 469–477."},"user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1","quality_controlled":"1","publisher":"Nature Publishing Group","oa":1,"page":"469–477","date_published":"2018-03-19T00:00:00Z","doi":"10.1038/s41562-018-0320-9","date_created":"2018-12-11T11:46:22Z","isi":1,"has_accepted_license":"1","year":"2018","day":"19","publication":"Nature Human Behaviour","article_type":"review","type":"journal_article","status":"public","_id":"419","department":[{"_id":"KrCh"}],"file_date_updated":"2020-07-14T12:46:25Z","date_updated":"2023-09-13T09:38:54Z","ddc":["000"],"scopus_import":"1","month":"03","intvolume":" 2","abstract":[{"text":"Reciprocity is a major factor in human social life and accounts for a large part of cooperation in our communities. Direct reciprocity arises when repeated interactions occur between the same individuals. The framework of iterated games formalizes this phenomenon. Despite being introduced more than five decades ago, the concept keeps offering beautiful surprises. Recent theoretical research driven by new mathematical tools has proposed a remarkable dichotomy among the crucial strategies: successful individuals either act as partners or as rivals. Rivals strive for unilateral advantages by applying selfish or extortionate strategies. Partners aim to share the payoff for mutual cooperation, but are ready to fight back when being exploited. Which of these behaviours evolves depends on the environment. Whereas small population sizes and a limited number of rounds favour rivalry, partner strategies are selected when populations are large and relationships stable. Only partners allow for evolution of cooperation, while the rivals’ attempt to put themselves first leads to defection. Hilbe et al. synthesize recent theoretical work on zero-determinant and ‘rival’ versus ‘partner’ strategies in social dilemmas. They describe the environments under which these contrasting selfish or cooperative strategies emerge in evolution.","lang":"eng"}],"oa_version":"Submitted Version","related_material":{"link":[{"relation":"erratum","url":"http://doi.org/10.1038/s41562-018-0342-3"}]},"volume":2,"ec_funded":1,"publication_status":"published","file":[{"creator":"dernst","date_updated":"2020-07-14T12:46:25Z","file_size":598033,"date_created":"2019-11-19T08:19:51Z","file_name":"2018_NatureHumanBeh_Hilbe.pdf","access_level":"open_access","relation":"main_file","content_type":"application/pdf","file_id":"7052","checksum":"571b8cc0ba14e8d5d8b18e439a9835eb"}],"language":[{"iso":"eng"}]}]