Balloon hashing

{{short description|Memory-hard key derivation function}}

Balloon hashing is a key derivation function presenting proven memory-hard password-hashing and modern design. It was created by Dan Boneh, Henry Corrigan-Gibbs (both at Stanford University) and Stuart Schechter (Microsoft Research) in 2016.{{cite journal | url=https://eprint.iacr.org/2016/027 | title=Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks | journal=Cryptology ePrint Archive | volume=2016 | issue=27 | date=2016-01-11 |accessdate=2019-09-03 | last1=Boneh | first1=Dan | last2=Corrigan-Gibbs | first2=Henry | last3=Schechter | first3=Stuart}}{{cite web | url=https://crypto.stanford.edu/balloon/ | title=Balloon Hashing | website=Stanford Applied Crypto Group | publisher=Stanford University | accessdate=2019-09-03}} It is a recommended function in NIST password guidelines.[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf NIST SP800-63B Section 5.1.1.2]

The authors claim that Balloon:

• has proven memory-hardness properties,
• is built from standard primitives: it can use any standard non-space-hard cryptographic hash function as a sub-algorithm (e.g., SHA-3, SHA-512),
• is resistant to side-channel attacks: the memory access pattern is independent of the data to be hashed,
• is easy to implement and matches the performance of similar algorithms.

Balloon is compared by its authors with Argon2, a similarly performing algorithm.