Threshold Password-Hardened Encryption Services

Brost J, Egger C, Lai RWF, Schmid F, Schröder D, Zoppelt M (2020)

Publication Type: Conference contribution, Conference Contribution

Publication year: 2020

Publisher: Association for Computing Machinery

Series: CCS '20

City/Town: New York, NY, USA

Pages Range: 409–424

Conference Proceedings Title: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Event location: Virtual Event, USA

ISBN: 9781450370899

DOI: 10.1145/3372297.3417266


Password-hardened encryption (PHE) was introduced by Lai et al. at USENIX 2018 and immediately productized by VirgilSecurity. PHE is a password-based key derivation protocol that involves an oblivious external crypto service for key derivation. The security of PHE protects against offline brute-force attacks, even when the attacker is given the entire database. Furthermore, the crypto service neither learns the derived key nor the password. PHE supports key-rotation meaning that both the server and crypto service can update their keys without involving the user. While PHE significantly strengthens data security, it introduces a single point of failure because key-derivation always requires access to the crypto service. In this work, we address this issue and simultaneously increase security by introducing threshold password-hardened encryption. Our formalization of this primitive revealed shortcomings of the original PHE definition that we also address in this work. Following the spirit of prior works, we give a simple and efficient construction using lightweight tools only. We also implement our construction and evaluate its efficiency. Our experiments confirm the practical efficiency of our scheme and show that it is more efficient than common memory-hard functions, such as scrypt. From a practical perspective this means that threshold PHE can be used as an alternative to scrypt for password protection and key-derivation, offering better security in terms of offline brute force attacks.

Authors with CRIS profile

How to cite


Brost, J., Egger, C., Lai, R.W.F., Schmid, F., Schröder, D., & Zoppelt, M. (2020). Threshold Password-Hardened Encryption Services. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (pp. 409–424). Virtual Event, USA: New York, NY, USA: Association for Computing Machinery.


Brost, Julian, et al. "Threshold Password-Hardened Encryption Services." Proceedings of the ACM CCS, Virtual Event, USA New York, NY, USA: Association for Computing Machinery, 2020. 409–424.

BibTeX: Download