ROM-port-hard functions Not a precise definition, more like word play on Colin Percival's sequential memory-hard functions concept We might access only a tiny fraction of array elements per hash computed (vs. scrypt's 100% write, 63% read), but that's OK as long as each element is equally likely to be needed and the access pattern is not predictable Because of the above and since the ROM must stay read-only, can't defeat the time-memory trade-off by modifying the array (we could in scrypt) However, can defeat the TMTO by pre-filling the ROM differently (not allowing for one array element to be quickly computed from another)