Towards Human Computable Passwords

Authors Jeremiah Blocki, Manuel Blum, Anupam Datta, Santosh Vempala

Thumbnail PDF


  • Filesize: 1.6 MB
  • 47 pages

Document Identifiers

Author Details

Jeremiah Blocki
Manuel Blum
Anupam Datta
Santosh Vempala

Cite AsGet BibTex

Jeremiah Blocki, Manuel Blum, Anupam Datta, and Santosh Vempala. Towards Human Computable Passwords. In 8th Innovations in Theoretical Computer Science Conference (ITCS 2017). Leibniz International Proceedings in Informatics (LIPIcs), Volume 67, pp. 10:1-10:47, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2017)


An interesting challenge for the cryptography community is to design authentication protocols that are so simple that a human can execute them without relying on a fully trusted computer. We propose several candidate authentication protocols for a setting in which the human user can only receive assistance from a semi-trusted computer - a computer that stores information and performs computations correctly but does not provide confidentiality. Our schemes use a semi-trusted computer to store and display public challenges C_i\in[n]^k. The human user memorizes a random secret mapping \sigma:[n]\rightarrow \mathbb{Z}_d and authenticates by computing responses f(\sigma(C_i)) to a sequence of public challenges where f:\mathbb{Z}_d^k\rightarrow \mathbb{Z}_d is a function that is easy for the human to evaluate. We prove that any statistical adversary needs to sample m=\tilde{\Omega}\paren{n^{s(f)}} challenge-response pairs to recover \sigma, for a security parameter s(f) that depends on two key properties of f. Our lower bound generalizes recent results of Feldman et al. [Feldman'15] who proved analogous results for the special case d=2. To obtain our results, we apply the general hypercontractivity theorem [O'Donnell'14] to lower bound the statistical dimension of the distribution over challenge-response pairs induced by f and \sigma. Our statistical dimension lower bounds apply to arbitrary functions f:\mathbb{Z}_d^k\rightarrow \mathbb{Z}_d (not just to functions that are easy for a human to evaluate). As an application, we propose a family of human computable password functions f_{k_1,k_2} in which the user needs to perform 2k_1+2k_2+1 primitive operations (e.g., adding two digits or remembering a secret value \sigma(i)), and we show that s(f) = \min{k_1+1, (k_2+1)/2}. For these schemes, we prove that forging passwords is equivalent to recovering the secret mapping. Thus, our human computable password schemes can maintain strong security guarantees even after an adversary has observed the user login to many different accounts.
  • Passwords
  • Cognitive Authentication
  • Human Computation
  • Planted Constraint Satisfaction Problem
  • Statistical Dimension


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Cert incident note in-98.03: Password cracking activity., July 1998. Retrieved 8 2011.
  2. Nato site hacked., June 2011. Retrieved 8 2011.
  3. Zappos customer accounts breached. , January 2012. Retrieved 5 2012.
  4. Oh man, what a day! an update on our security breach., April 2010. Retrieved 8 2011.
  5. Apple security blunder exposes lion login passwords in clear text., May 2012. Retrieved 5 2012.
  6. Update on playstation network/qriocity services., April 2011. Retrieved 5 2012.
  7. An update on linkedin member passwords compromised., June 2012. Retrieved 9 2012.
  8. Data breach at 100k plaintext passwords., September 2012. Retrieved 9 2012.
  9. Important customer security announcement., October 2013. Retrieved 2 2014.
  10. Noga Alon, Yossi Matias, and Mario Szegedy. The space complexity of approximating the frequency moments. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pages 20-29. ACM, 1996. Google Scholar
  11. Sam. Biddle. Anonymous leaks 90,000 military email accounts in latest antisec attack., July 2011. Retrieved 8 2011.
  12. Jeremiah Blocki, Manuel Blum, and Anupam Datta. Human-computable passwords. ASIACRYPT Rump Session, 2013. URL:
  13. Jeremiah Blocki, Manuel Blum, and Anupam Datta. Naturally rehearsing passwords. In Kazue Sako and Palash Sarkar, editors, Advances in Cryptology - ASIACRYPT 2013, volume 8270 of Lecture Notes in Computer Science, pages 361-380. Springer Berlin Heidelberg, 2013. URL:
  14. Jeremiah Blocki, Saranga Komanduri, Lorrie Faith Cranor, and Anupam Datta. Spaced repetition and mnemonics enable recall of multiple strong passwords. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2014, 2015. URL:
  15. Jeremiah Blocki, Saranga Komanduri, Ariel Procaccia, and Or Sheffet. Optimizing password composition policies. In Proceedings of the 14th ACM Conference on Electronic Commerce. ACM, 2013. Google Scholar
  16. Avrim Blum, Cynthia Dwork, Frank McSherry, and Kobbi Nissim. Practical privacy: the sulq framework. In Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 128-138. ACM, 2005. Google Scholar
  17. Manuel Blum and Santosh Vempala. Publishable humanly usable secure password creation schemas. Proc. of HCOMP, 2015. Google Scholar
  18. J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 538-552. IEEE, 2012. Google Scholar
  19. S. Boztas. Entropies, guessing, and cryptography. Department of Mathematics, Royal Melbourne Institute of Technology, Tech. Rep, 6, 1999. Google Scholar
  20. Julien Bringer, Hervé Chabanne, and Emmanuelle Dottax. Hb^+^+: a lightweight authentication protocol secure against some attacks. In Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, pages 28-33. IEEE, 2006. Google Scholar
  21. I.A.D. Center. Consumer password worst practices. Imperva (White Paper), 2010. Google Scholar
  22. Cheng Chu, Sang Kyun Kim, Yi-An Lin, YuanYuan Yu, Gary Bradski, Andrew Y Ng, and Kunle Olukotun. Map-reduce for machine learning on multicore. Advances in neural information processing systems, 19:281, 2007. Google Scholar
  23. Mary Cryan and Peter Bro Miltersen. On pseudorandom generators in nc0. In Mathematical Foundations of Computer Science 2001, pages 272-284. Springer, 2001. Google Scholar
  24. Martin Davis and Hilary Putnam. A computing procedure for quantification theory. J. ACM, 7(3):201-215, July 1960. URL:
  25. Arthur P Dempster, Nan M Laird, and Donald B Rubin. Maximum likelihood from incomplete data via the em algorithm. Journal of the Royal Statistical Society. Series B (Methodological), pages 1-38, 1977. Google Scholar
  26. Vitaly Feldman, Will Perkins, and Santosh Vempala. On the complexity of random satisfiability problems with planted solutions. In Proceedings of the 47th annual ACM symposium on Symposium on Theory of Computing. ACM, 2015. Google Scholar
  27. M. Figurska, M. Stanczyk, and K. Kulesza. Humans cannot consciously generate random numbers sequences: Polemic study. Medical hypotheses, 70(1):182-185, 2008. Google Scholar
  28. D. Florencio and C. Herley. A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web, pages 657-666. ACM, 2007. Google Scholar
  29. Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits. In Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, pages 40-49. IEEE, 2013. Google Scholar
  30. Alan E Gelfand and Adrian FM Smith. Sampling-based approaches to calculating marginal densities. Journal of the American statistical association, 85(410):398-409, 1990. Google Scholar
  31. Henri Gilbert, Matthew Robshaw, and Herve Sibert. Active attack against hb+: a provably secure lightweight authentication protocol. Electronics Letters, 41(21):1169-1170, 2005. Google Scholar
  32. Oded Goldreich. Candidate one-way functions based on expander graphs. In Studies in Complexity and Cryptography. Citeseer, 2000. Google Scholar
  33. Graham J Hitch. The role of short-term working memory in mental arithmetic. Cognitive Psychology, 10(3):302-323, 1978. Google Scholar
  34. N. Hopper and M. Blum. Secure human identification protocols. Advances in cryptology-ASIACRYPT 2001, pages 52-66, 2001. Google Scholar
  35. Ari Juels and Stephen A Weis. Authenticating pervasive devices with human protocols. In Advances in Cryptology-CRYPTO 2005, pages 293-308. Springer, 2005. Google Scholar
  36. Jonathan Katz and Ji Sun Shin. Parallel and concurrent security of the hb and hb+ protocols. In Advances in Cryptology-EUROCRYPT 2006, pages 73-87. Springer, 2006. Google Scholar
  37. Michael Kearns and Umesh Virkumar Vazirani. An introduction to computational learning theory. The MIT Press, 1994. Google Scholar
  38. S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman. Of passwords and people: measuring the effect of password-composition policies. In Proceedings of the 2011 annual conference on Human factors in computing systems, pages 2595-2604. ACM, 2011. Google Scholar
  39. H. Kruger, T. Steyn, B. Medlin, and L. Drevin. An empirical assessment of factors impeding effective password management. Journal of Information Privacy and Security, 4(4):45-59, 2008. Google Scholar
  40. J.L. Massey. Guessing and entropy. In Information Theory, 1994. Proceedings., 1994 IEEE International Symposium on, page 204. IEEE, 1994. Google Scholar
  41. G.A. Miller. The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological review, 63(2):81, 1956. Google Scholar
  42. Dave. Munger. Is 17 the "most random" number?, 2007. Retrieved 8 2011.
  43. Moni Naor and Benny Pinkas. Visual authentication and identification. In Advances in Cryptology-CRYPTO'97, pages 322-336. Springer, 1997. Google Scholar
  44. Moni Naor and Adi Shamir. Visual cryptography. In Advances in Cryptology-EUROCRYPT'94, pages 1-12. Springer, 1995. Google Scholar
  45. Ryan O'Donnell. Analysis of boolean functions. Textbook in Progress. Available online at, 2014.
  46. J. Pliam. On the incomparability of entropy and marginal guesswork in brute-force attacks. Progress in Cryptology-INDOCRYPT 2000, pages 113-123, 2000. Google Scholar
  47. N. Provos and D. Mazieres. Bcrypt algorithm. Google Scholar
  48. D Reichl. Keepass password safe, 2013. Retrieved July, 10, 2013. Google Scholar
  49. Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C Mitchell. Stronger password authentication using browser extensions. In Usenix security, pages 17-32. Baltimore, MD, USA, 2005. Google Scholar
  50. Abe. Singer. No plaintext passwords. ;login: THE MAGAZINE OF USENIX &SAGE, 26(7), November 2001. Retrieved 8 2011. Google Scholar
  51. Saul Sternberg. Memory-scanning: Mental processes revealed by reaction-time experiments. Cognitive psychology: Key readings, 48, 2004. Google Scholar
  52. Hedderik van Rijn, Leendert van Maanen, and Marnix van Woudenberg. Passing the test: Improving learning gains by balancing spacing and testing effects. In Proceedings of the 9th International Conference of Cognitive Modeling, 2009. Google Scholar
  53. W.A. Wagenaar. Generation of random sequences by human subjects: A critical survey of literature. Psychological Bulletin, 77(1):65, 1972. Google Scholar
  54. PA Wozniak and Edward J Gorzelanczyk. Optimization of repetition spacing in the practice of learning. Acta neurobiologiae experimentalis, 54:59-59, 1994. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail