Using the computational resources of an untrusted third party to crack a password hash can pose a high number of privacy and security risks. The act of revealing the hash digest could in itself negatively impact both the data subject who created the password, and the data controller who stores the hash digest. This paper solves this currently open problem by presenting a Privacy-Preserving Password Cracking protocol (3PC), that prevents the third party cracking server from learning any useful information about the hash digest, or the recovered cleartext. This is achieved by a tailored anonymity set of decoy hashes, based on the concept of predicate encryption, where we extend the definition of a predicate function, to evaluate the output of a one way hash function. The protocol allows the client to maintain plausible deniability where the real choice of hash digest cannot be proved, even by the client itself. The probabilistic information the server obtains during the cracking process can be calculated and minimized to a desired level. While in theory cracking a larger set of hashes would decrease computational speed, the 3PC protocol provides constant-time lookup on an arbitrary list size, bounded by the input/output operation per second (IOPS) capabilities of the third party server, thereby allowing the protocol to scale efficiently. We demonstrate these claims both theoretically and in practice, with a real-life use case implemented on an FPGA architecture.

翻译：利用不可信第三方的计算资源破解密码哈希会带来大量隐私和安全风险。暴露哈希摘要本身可能对创建密码的数据主体和存储哈希摘要的数据控制者造成负面影响。本文通过提出一种隐私保护的密码破解协议（3PC），解决了这一当前未解决的问题。该协议防止第三方破解服务器获取关于哈希摘要或恢复的明文的任何有用信息。这通过基于谓词加密概念的定制诱饵哈希匿名集实现，其中我们扩展了谓词函数的定义，以评估单向哈希函数的输出。该协议允许客户端保持合理的否认性，即使客户端自身也无法证明哈希摘要的真实选择。服务器在破解过程中获得的概率信息可以计算并降至期望水平。虽然理论上破解更大规模的哈希集可能降低计算速度，但3PC协议提供了对任意大小列表的恒定时间查找，其性能受限于第三方服务器的输入/输出操作每秒（IOPS）能力，从而使该协议能够高效扩展。我们通过基于FPGA架构实现的实际用例，在理论上和实践中均验证了这些主张。