{"id":31827825,"url":"https://github.com/lambdapioneer/sloth","last_synced_at":"2025-10-11T19:19:01.384Z","repository":{"id":207775164,"uuid":"686670023","full_name":"lambdapioneer/sloth","owner":"lambdapioneer","description":"Key stretching and deniable encryption using Secure Elements on Android and iOS","archived":false,"fork":false,"pushed_at":"2025-03-06T10:41:40.000Z","size":2969,"stargazers_count":7,"open_issues_count":4,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-13T11:46:12.213Z","etag":null,"topics":["android","cryptography","ios","password-hashing","security","sloth"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lambdapioneer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-03T15:09:02.000Z","updated_at":"2025-05-23T06:07:12.000Z","dependencies_parsed_at":"2024-04-10T10:25:31.112Z","dependency_job_id":"fd70211f-fd86-4ff4-8bf7-24861c53c364","html_url":"https://github.com/lambdapioneer/sloth","commit_stats":null,"previous_names":["lambdapioneer/sloth"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/lambdapioneer/sloth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lambdapioneer%2Fsloth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lambdapioneer%2Fsloth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lambdapioneer%2Fsloth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lambdapioneer%2Fsloth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lambdapioneer","download_url":"https://codeload.github.com/lambdapioneer/sloth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lambdapioneer%2Fsloth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279008463,"owners_count":26084460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","cryptography","ios","password-hashing","security","sloth"],"created_at":"2025-10-11T19:18:57.523Z","updated_at":"2025-10-11T19:19:01.374Z","avatar_url":"https://github.com/lambdapioneer.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🦥 Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones\n\nThis repository contains the code and analysis scripts for the [Sloth paper](https://petsymposium.org/popets/2024/popets-2024-0123.pdf).\nSloth describes a set of cryptographic protocols that leverage the Secure Element (SE) of smartphones for key stretching and deniable encryption.\n\nIn particular, this repository provides the following:\n\n- An Android library implementing:\n  - The **LongSloth** key stretching scheme using StrongBox.\n  - The **HiddenSloth** multi-snapshot deniable encryption scheme using StrongBox.\n  - Benchmarking tests that can be run against emulators and real devices.\n  - A Python script to automatically run these tests on AWS DeviceFarm against many real devices.\n- An iOS demo project implementing:\n  - The **RainbowSloth** key stretching scheme using the Secure Enclave.\n  - A simple Python server to collect the results,\n- The evaluation scripts used to generate the plots and tables in the paper.\n\n\n## Abstract 📄\n\nTraditional key stretching lacks a strict time guarantee due to the ease of parallelized password guessing by attackers.\nThis paper introduces Sloth, a key stretching method leveraging the Secure Element (SE) commonly found in modern smartphones to provide a strict rate limit on password guessing.\nWhile this would be straightforward with full access to the SE, Android and iOS only provide a very limited API. \nSloth utilizes the existing developer SE API and novel cryptographic constructions to build an effective rate-limit for password guessing on recent Android and iOS devices.\nOur approach ensures robust security even for short, randomly-generated, six-character alpha-numeric passwords against adversaries with _virtually unlimited_ computing resources.\nOur solution is compatible with approximately 96% of iPhones and 45% of Android phones and Sloth seamlessly integrates without device or OS modifications, making it immediately usable by app developers today.\nWe formally define the security of Sloth and evaluate its performance on various devices.\nFinally, we present HiddenSloth, a deniable encryption scheme, leveraging Sloth and the SE to withstand multi-snapshot adversaries.\n\n\n## This repository\n\n[![Android](https://github.com/lambdapioneer/sloth/actions/workflows/android.yaml/badge.svg?branch=main)](https://github.com/lambdapioneer/sloth/actions/workflows/android.yaml) [![iOS](https://github.com/lambdapioneer/sloth/actions/workflows/ios.yaml/badge.svg?branch=main)](https://github.com/lambdapioneer/sloth/actions/workflows/ios.yaml)\n\nThis repository is organized into the following folders:\n\n- [`android`](android/): The Android implementation of LongSloth and HiddenSloth.\n- [`evaluation`](evaluation/): The analysis scripts used to generate the plots and tables in the paper.\n- [`ios`](ios/): The iOS implementation of RainbowSloth. This is a demo project and not production-ready.\n- [`results`](results/): An empty folder to store the collected results locally.\n\nSee the individual `README.md` files in the respective folders for more information.\n\n\n## Bibtex 📚\n\n```bibtex\n@article{hugenroth2024sloth,\n  title={Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones},\n  author={Hugenroth, Daniel and Sonnino, Alberto and Cutler, Sam and Beresford, Alastair R},\n  journal={Proceedings on Privacy Enhancing Technologies},\n  year={2024}\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flambdapioneer%2Fsloth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flambdapioneer%2Fsloth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flambdapioneer%2Fsloth/lists"}