On the Indifferentiability of Fugue and Luffa
Indifferentiability is currently considered to be an important security notion for a cryptographic hash function to instantiate Random Oracles in different security proofs. In this paper, we prove indifferentiability of Fugue and Luffa, two SHA3 second round candidates. We also analyze the indifferentiability of a modified Luffa mode replacing multiple small permutations by a single large permutation.
Our technique is quite general and can be applicable to any sponge based design which uses affine function for message insertion. To the best of our knowledge, our result for Luffa is the first indifferentiability analysis of a mode of operation based on variable (more than two) number of small permutations.
KeywordsHash function Indifferentiability Fugue Luffa
Unable to display preview. Download preview PDF.
- 2.Andreeva, E., Mennink, B., Preneel, B.: Security reductions of the second round sha-3 candidates. Cryptology ePrint Archive, Report 2010/381 (2010), http://eprint.iacr.org/
- 3.Aumasson, J.-P., Phan, R.C.W.: Distinguisher for the full final round of fugue-256. In: NIST Second Sha3 Conference (2010)Google Scholar
- 7.De Canniere, C., Sato, H., Watanabe, D.: Hash Function Luffa: Specification Ver 2.0.1 @Sha3 Zoo (2009)Google Scholar
- 11.Halevi, S., Hall, W.E., Jutla, C.S.: The Hash Function “Fugue” @Sha3 Zoo (2009)Google Scholar
- 12.Halevi, S., Hall, W.E., Jutla, C.S., Roy, A.: Weak ideal functionalities for designing random oracles with application to fugue. Sha3 Zoo (2010)Google Scholar