Luffa

News

2 Oct. 2009: Thanks to Stefan Tillich, a bug in the specification is fixed. Please see the update package for the detail.
24 Sep. 2009: Thanks to Miroslav Knežević and Ingrid Verbauwhede, their hardware implementation result on Luffa v1 is updated to that on Luffa v2.
11 Sep. 2009: The Round 1 data is archived.

What is Luffa?

Luffa is a new family of hash functions submitted to NIST for their cryptographic hash algorithm competition.

Luffa is a variant of a sponge function proposed by Bertoni et al., whose security is based only on the randomness of the underlying permutation. Different from the original sponge, Luffa uses plural permutations in parallel and a stronger messsage injection function as depicted in the above figure.

Submission Packages

The latest version of the Round 2 package and some of the parted contents can be downloaded.

Full package (15 Sep. 2009) [download (ZIP, 12.5MB)]
Updated package (2 Oct. 2009) [download (ZIP, 157KB)]
Specification Version 2.0.1 (2 Oct. 2009) [download (PDF)]
Supporting document (15 Sep. 2009) [download (PDF)]
The Difference betweeen the Round 1 Package and the Round 2 Package of Luffa (15 Sep. 2009) [download (PDF)]
The Reasons for The Change of Luffa (15 Sep. 2009) [download (PDF)]
Higher Order Differential Attack on Step-Reduced Variants of Luffa (15 Sep. 2009) [download (PDF)]
Reference implementation version 2.0 (15 Sep. 2009) [download (ZIP)]
Optimized implementations version 2.0 (15 Sep. 2009) [download (ZIP)]
Additional implementations version 2.0 (15 Sep. 2009) [download (ZIP)]

And the Round 1 information is archived here. The obsolete documents can be found here.

Supplemental Information

The list of the newer coming security reports on security analysis, software and hardware implementations will be provided here. At this moment, there is no content for Luffa v2.

Security Analysis

None.

Software Implementations