Paper 2015/136

Lyra2: Efficient Password Hashing with High Security against Time-Memory Trade-Offs

Marcos A. Simplicio Jr., Leonardo C. Almeida, Ewerton R. Andrade, Paulo C. F. dos Santos, and Paulo S. L. M. Barreto


We present Lyra2, a password hashing scheme (PHS) based on cryptographic sponges. Lyra2 was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that uses multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine tune its memory and processing costs according to the desired level of security against brute force password-guessing. Lyra2 is an improvement of the recently proposed Lyra algorithm, providing an even higher security level against different attack venues and overcoming some limitations of this and other existing schemes.

Note: Updating the name of the article to match the version published at IEEE-TC. The eprint version is a much more detailed document (71 pages) when compared with the version published at IEEE-TC (13 pages)

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.IEEE Transactions on Computers
password hashingprocessing timememory usagecryptographic sponges.
Contact author(s)
eandrade @ larc usp br
2020-01-20: last of 5 revisions
2015-02-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marcos A.  Simplicio Jr. and Leonardo C.  Almeida and Ewerton R.  Andrade and Paulo C.  F.  dos Santos and Paulo S.  L.  M.  Barreto},
      title = {Lyra2: Efficient Password Hashing with High Security against Time-Memory Trade-Offs},
      howpublished = {Cryptology ePrint Archive, Paper 2015/136},
      year = {2015},
      doi = {10.1109/TC.2016.2516011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.