On the Indifferentiability of Fugue and Luffa

  • Rishiraj Bhattacharyya
  • Avradip Mandal
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6715)


Indifferentiability is currently considered to be an important security notion for a cryptographic hash function to instantiate Random Oracles in different security proofs. In this paper, we prove indifferentiability of Fugue and Luffa, two SHA3 second round candidates. We also analyze the indifferentiability of a modified Luffa mode replacing multiple small permutations by a single large permutation.

Our technique is quite general and can be applicable to any sponge based design which uses affine function for message insertion. To the best of our knowledge, our result for Luffa is the first indifferentiability analysis of a mode of operation based on variable (more than two) number of small permutations.


Hash function Indifferentiability Fugue Luffa 


  1. 1.
    Andreeva, E., Mennink, B., Preneel, B.: On the indifferentiability of the grøstl hash function. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 88–105. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Andreeva, E., Mennink, B., Preneel, B.: Security reductions of the second round sha-3 candidates. Cryptology ePrint Archive, Report 2010/381 (2010),
  3. 3.
    Aumasson, J.-P., Phan, R.C.W.: Distinguisher for the full final round of fugue-256. In: NIST Second Sha3 Conference (2010)Google Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Bhattacharyya, R., Mandal, A., Nandi, M.: Security analysis of the mode of JH hash function. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 168–191. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology. J. ACM 51(4), 557–594 (2004) (revisited)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    De Canniere, C., Sato, H., Watanabe, D.: Hash Function Luffa: Specification Ver 2.0.1 @Sha3 Zoo (2009)Google Scholar
  8. 8.
    Chang, D., Lee, S.-J., Nandi, M., Yung, M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 283–298. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 429–443. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Halevi, S., Hall, W.E., Jutla, C.S.: The Hash Function “Fugue” @Sha3 Zoo (2009)Google Scholar
  12. 12.
    Halevi, S., Hall, W.E., Jutla, C.S., Roy, A.: Weak ideal functionalities for designing random oracles with application to fugue. Sha3 Zoo (2010)Google Scholar
  13. 13.
    Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Nandi, M.: A simple and unified method of proving indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317–334. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Rishiraj Bhattacharyya
    • 1
  • Avradip Mandal
    • 2
  1. 1.Cryptology Research Group, Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Université du LuxembourgLuxembourg

Personalised recommendations