Luffa

From The ECRYPT Hash Function Website

Jump to: navigation, search

Contents

1 The algorithm


Christophe De Canniere, Hisayoshi Sato, Dai Watanabe - Hash Function Luffa: Specification
Submission to NIST (Round 2), 2009
[Electronic Edition] [Bibtex]
Author : Christophe De Canniere, Hisayoshi Sato, Dai Watanabe
Title : Hash Function Luffa: Specification
In : Submission to NIST (Round 2) -

Christophe De Canniere, Hisayoshi Sato, Dai Watanabe - Hash Function Luffa: Supporting Document
Submission to NIST (Round 2), 2009
[Electronic Edition] [Bibtex]
Author : Christophe De Canniere, Hisayoshi Sato, Dai Watanabe
Title : Hash Function Luffa: Supporting Document
In : Submission to NIST (Round 2) -

Christophe De Canniere, Hisayoshi Sato, Dai Watanabe - Hash Function Luffa: Specification
Submission to NIST (Round 1), 2008
[Electronic Edition] [Bibtex]
Author : Christophe De Canniere, Hisayoshi Sato, Dai Watanabe
Title : Hash Function Luffa: Specification
In : Submission to NIST (Round 1) -

Christophe De Canniere, Hisayoshi Sato, Dai Watanabe - Hash Function Luffa: Supporting Document
Submission to NIST (Round 1), 2008
[Electronic Edition] [Bibtex]
Author : Christophe De Canniere, Hisayoshi Sato, Dai Watanabe
Title : Hash Function Luffa: Supporting Document
In : Submission to NIST (Round 1) -


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameter: 8 rounds

2.1 Hash function

Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference
collision 256 4 rounds 290 - Preneel,Yoshida,Watanabe


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
distinguisher hash 256 Round 1 2251 - Boura,Canteaut,DeCanniere
distinguisher permutation 8 rounds 2252 - Boura,Canteaut,DeCanniere
semi-free-start collision hash 256 7 rounds 2104 2102 Khovratovich,Naya-Plasencia,Röck,Schläffer
distinguisher round function 256 8 rounds 2104 2102 Khovratovich,Naya-Plasencia,Röck,Schläffer
distinguisher permutation 8 rounds 2116.3  ? Khovratovich,Naya-Plasencia,Röck,Schläffer
distinguisher permutation 8 rounds 282 - Aumasson,Meier
free-start 2nd preimage hash all 1 - Jia
free-start preimage hash 256 2127 - Jia
free-start preimage hash 512 2171 - Jia
semi-free-start collision hash all any 2256*(w-1)/w - submission document
semi-free-start collision hash 512 any 2204.8 - submission document
non-randomness permutation 8 rounds 2224 - submission document


Christina Boura, Anne Canteaut, Christophe De Canni\`ere - Higher-order differential properties of Keccak and Luffa
Cryptology ePrint Archive, Report 2010/589, 2010
[Electronic Edition] [Bibtex]
Author : Christina Boura, Anne Canteaut, Christophe De Canni\`ere
Title : Higher-order differential properties of Keccak and Luffa
In : Cryptology ePrint Archive, Report 2010/589 -
[Abstract]

Bart Preneel, Hirotaka Yoshida, Dai Watanabe - Finding Collisions for Reduced Luffa-256 v2
NIST mailing list, 2010
[Electronic Edition] [Bibtex]
Author : Bart Preneel, Hirotaka Yoshida, Dai Watanabe
Title : Finding Collisions for Reduced Luffa-256 v2
In : NIST mailing list -
[Abstract]

Dmitry Khovratovich, Maria Naya-Plasencia, Andrea Röck, Martin Schläffer - Cryptanalysis of Luffa v2 Components
In Proceedings of SAC, LNCS, pp. , Springer, 2010
[Electronic Edition] [Bibtex]
Author : Dmitry Khovratovich, Maria Naya-Plasencia, Andrea Röck, Martin Schläffer
Title : Cryptanalysis of Luffa v2 Components
In : In Proceedings of SAC -
[Abstract]

Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
NIST mailing list, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : NIST mailing list -
[Abstract]

Keting Jia - Pseudo-Collision, Pseudo-Preimage and Pseudo-Second-Preimage Attacks on Luffa
Cryptology ePrint Archive, Report 2009/224, 2009
[Electronic Edition] [Bibtex]
Author : Keting Jia
Title : Pseudo-Collision, Pseudo-Preimage and Pseudo-Second-Preimage Attacks on Luffa
In : Cryptology ePrint Archive, Report 2009/224 -
[Abstract]
Personal tools