Abstract
Pseudorandom function (PRF) services are utilized to cryptographically harden password hashes against offline brute-force attacks. State-of-the-art implementations of PRF services can additionally offer benefits such as detection of online attacks and practical key rotation, but the cost of doing so in a publicly distributed setting is requiring clients to trust a third party service. These third party services are not incentivized to behave honestly and pose as a single point of failure for Denial of Service (DoS) attacks. A successful DoS attack mounted against a deployed PRF service would prevent its clients from authenticating their users’ passwords, thus making it impossible for users to log in to those clients’ services.
To address these issues, we design and implement Parcae, the first blockchain-based publicly distributed PRF service. Parcae offers all of the additional benefits provided by state-of-the-art PRF services while also providing DoS attack resilience and service auditing capabilities through use of a permissioned blockchain. Performance analysis shows that our implementation of Parcae is practical and can scale to meet the needs of a dynamically growing client base in a publicly distributed setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Binary1985: Gigabyte RTX 2080ti Hashcat benchmarks. GitHub (2018). https://gist.github.com/binary1985/c8153c8ec44595fdabbf03157562763e
Brost, J., Egger, C., Lai, R.W.F., Schmid, F., Schröder, D., Zoppelt, M.: Threshold password-hardened encryption services. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS 2020, pp. 409–424. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3372297.3417266
Clement, J.: Number of monthly active facebook users worldwide as of 3rd quarter 2020. Brandwatch (2020). https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/
Everspaugh, A., Chaterjee, R., Scott, S., Juels, A., Ristenpart, T.: The pythia PRF service. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 547–562. USENIX Association, Washington, D.C. (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/everspaugh
Fabric, H.: A blockchain platform for the enterprise. Hyperledger-Fabric (2020). https://hyperledger-fabric.readthedocs.io/en/release-2.2/
Inc, A.: ios security. Apple (2016). https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S.M., Maffei, M., Schröder, D.: Simple password-hardened encryption services. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1405–1421. USENIX Association, Baltimore, MD, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/lai
Lai, R.W.F., Egger, C., Schröder, D., Chow, S.S.M.: Phoenix: rebirth of a cryptographic password-hardening service. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 899–916. USENIX Association, Vancouver, BC, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/lai
Muffet, A.: Facebook: password hashing and authentication. Real World Crypto (2015)
Schneider, J., Fleischhacker, N., Schröder, D., Backes, M.: Efficient cryptographic password hardening services from partially oblivious commitments. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1192–1203. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2976749.2978375
Verizon: Data breach investigations report (2019). https://www.key4biz.it/wp-content/uploads/2019/05/2019-data-breach-investigations-report.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wyss, E., Davidson, D. (2022). Parcae: A Blockchain-Based PRF Service for Everyone. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-06365-7_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06364-0
Online ISBN: 978-3-031-06365-7
eBook Packages: Computer ScienceComputer Science (R0)