From CryptoLUX
Jump to: navigation, search



Argon2 is a new hash function, which summarizes the state of the art in the design of memory-hard functions. It is a streamlined and simple design. It aims at the highest memory filling rate and effective use of multiple computing units, while still providing defense against tradeoff attacks. Argon2 is optimized for the x86 architecture and exploits the cache and memory organization of the recent Intel and AMD processors.


Argon2 has two variants: Argon2d and Argon2i. Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks. Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks. It summarizes the research our group has done in the concept of memory-hard functions and uses a number of novel ideas to achieve very high performance.

Winner of PHC

Argon2 (version 1.3) is the winner of the Password Hashing Competition. In addition to the PHC release, the Argon2 specification also defines two specific modes Argon2id and Argon2ds.


Specification of Argon2 IRTF draft of Argon2


Reference and optimized extended implementations in C99 and C++11

Reference implementation in C89 (PHC release)

Python implementation


Research paper "Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing". Introduces Argon2 and its fast-verification feature.

Design Rationality and Security Analysis of PHC Candidates: Overview

Research paper "Tradeoff cryptanalysis of memory-hard functions" (Asiacrypt 2015), Talk at PasswordsCon'14, extended version,

Argon1 Presentation Slides

Argon1 Reference Guide

Other resources

Online hash generator

Go wrapper

Reference and optimized implementations of Argon1

Egalitarian Computing

It is a new concept that to remedy the disparity between hardware-equipped attackers and legitimate security engineers one has to amalgamate computing for security with a memory-hard function.

"Argon2 and Egalitarian Computing" at Real World Cryptography 2016

Asiacrypt 2015 rump session slides

Personal tools