The first cryptocurrency to implement the ‘Balloon’ memory-hard hashing function, superior in strength to Argon2, while remaining resistant to cache/side-channel attacks.
Additionally, the Balloon Hashing function does not require anywhere near as much memory to demonstrate its memory-hardness; making it possible for low-memory devices to verify hashes, an often overlooked but very important part of ‘Proof of Work’.
What’s a side-channel attack?
A term quickly referred to but rarely understood by most; a ‘side-channel’ attack refers to an attacker being able to use data obtained indirectly from the machine performing the hashing, to weaken or defeat the actual protection provided by the hashing in the first place.
Any hashing algorithm should not be susceptible to this; as i) multi-user operating system environments have become wide-spread since the 1980’s and ii) we should expect the attacker to be able to be on the same system (albeit without the same level of privilege) and gain no advantage over the protection the hashing algorithm offers.
Argon2 vs Balloon
This is the most often quoted comparison; however it is not safe/fair to compare the two algorithms, at least in a ‘Proof of Work’ paradigm.
Most algorithms, including all variations of Argon2 (Argon2d/i/id), converted in this sense pass the blockheader as the ‘password’ and the ‘salt’, to the hashing algorithm; which isn’t quite the ideal usage scenario in the minds of the algorithm authors, however it is safer than having a static ‘salt’.
In a purely ‘password hashing’ arena; it should be noted several fairly serious attack methods have been identified and trialled against Argon2, some of these same attacks were still resistant against Balloon Hashing. Additionally, the password-hashing competition doesn’t define cryptographic/hashing standards, it serves as a platform to bring the concept out in the open.
Argon2 is still a worthy candidate against Balloon, shoulder to shoulder. Unfortunately some of the best discussion/debate is no longer available (http://gmane.org/details.php?group=gmane.comp.security.phc) due to abuse/being pulled offline.
Intriguing Benson ..
The original password hashing algorithm was developed by Dan Boneh, Henry Corrigan-Gibbs and Stuart Schechter (https://crypto.stanford.edu/balloon/) and was submitted to the ‘Password Hashing Competition’ (https://password-hashing.net/).
The password hashing algorithm was later modified for PoW use last year and gradually refined since; the latest iteration being very small (2 files only requiring openssl lib/headers) and quite easy to implement; whilst remaining easy to introduce different length inputs, memory and mixing parameters.
Another version is currently being written/tested (identical parameters, so will be 100% compatible) that removes the current version’s reliance on the openssl library; while not being expected to be any quicker, it will then become 100% platform-independent/portable.
PoW algorithm barrystyle’s balloon implementation (128kb per thread/4 mixing rounds of AES)
Coin ticker DEFT
Coin codebase Litecoin 0.15.1
Retarget code Dual_KGW3 (with 3hr timeout)
Retarget strategy Per block
Block time 4 minutes
Block maturity 30 blocks
Block subsidy 8.5 DEFT per block
Emission strategy Starting off near zero, gradually increasing until 8.5 is reached by block 5000 (preventing instamining).
Emission decay Block reward halves every 150,000 blocks
Emission simulation Included in src folder as deftreward.c (gcc deftreward.c -o deftreward)
Coin marketcap Maximum of 2.8 million DEFT (lifetime)
Coin premine 250,000 DEFT (of this 150,000 DEFT set aside for bounties, marketing and competitions)
Pool module https://github.com/deftchain/balloon_hash.git
Official pool http://pool.deft.host
Block Explorer http://explorer.deft.host
Balloon webpage https://crypto.stanford.edu/balloon
Orig balloon code https://github.com/henrycg/balloon
Balloon Whitepaper https://eprint.iacr.org/2016/027.pdf
Disclaimer : This is a sponsored post* – Source