Luhn algorithm

From Wikipedia, the free encyclopedia

The Luhn algorithm or Luhn formula, also known as the "modulus 10" or "mod 10" algorithm, is a simple checksum formula used to validate a variety of identification numbers, such as credit card numbers, National Provider Identification Number in US and Canadian Social Insurance Numbers. It was created by IBM scientist Hans Peter Luhn and described in U.S. Patent 2,950,048 , filed on January 6, 1954, and granted on August 23, 1960.

The algorithm is in the public domain and is in wide use today. It is specifed in ISO/IEC 7812-1^[1]. It is not intended to be a cryptographically secure hash function; it was designed to protect against accidental errors, not malicious attacks. Most credit cards and many government identification numbers use the algorithm as a simple method of distinguishing valid numbers from collections of random digits.

[edit] Strengths and weaknesses

The Luhn algorithm will detect any single-digit error, as well as almost all transpositions of adjacent digits. It will not, however, detect transposition of the two-digit sequence 09 to 90 (or vice versa). It will detect 7 of the 10 possible twin errors (it will not detect 22 ↔ 55, 33 ↔ 66 or 44 ↔ 77).

Other, more complex check-digit algorithms (such as the Verhoeff algorithm) can detect more transcription errors. The Luhn mod N algorithm is an extension that supports non-numerical strings.

Because the algorithm operates on the digits in a right-to-left manner and zero digits only affect the result if they cause shift in position, zero-padding the beginning of a string of numbers does not affect the calculation. Therefore, systems that normalize to a specific number of digits by converting 1234 to 00001234 (for instance) can perform Luhn validation before or after the normalization and achieve the same result.

The algorithm appeared in a US Patent for a hand-held, mechanical device for computing the checksum. It was therefore required to be rather simple. The device took the mod 10 sum by mechanical means. The substitution digits, that is, the results of the double and reduce procedure, were not produced mechanically. Rather, the digits were marked in their permuted order on the body of the machine.

[edit] Informal explanation

The formula verifies a number against its included check digit, which is usually appended to a partial account number to generate the full account number. This account number must pass the following test:

1. Counting from the check digit, which is the rightmost, and moving left, double the value of every second digit.
2. Sum the digits of the products together with the undoubled digits from the original number.
3. If the total ends in 0 (put another way, if the total modulus 10 is congruent to 0), then the number is valid according to the Luhn formula; else it is not valid.

As an illustration, if the account number is 49927398716, it will be validated as follows:

1. Double every second digit, from the rightmost: (1×2) = 2, (8×2) = 16, (3×2) = 6, (2×2) = 4, (9×2) = 18
2. Sum all digits (digits in parentheses are the products from Step 1): 6 + (2) + 7 + (1+6) + 9 + (6) + 7 + (4) + 9 + (1+8) + 4 = 70
3. Take the sum modulo 10: 70 mod 10 = 0; the account number is valid.

[edit] Mod 10+5 Variant

Some credit cards use the "Mod 10 plus 5" variant to extend the space of valid card numbers. In this variant, if the sum ends in 0 or 5, the number is considered valid.

[edit] Implementation

This Python function implements the algorithm described above, returning True if the given array of digits represents a valid Luhn number, and False otherwise.

def check_number(digits):
    _sum = 0
    alt = False
    for d in reversed(digits):
        assert 0 <= d <= 9
        if alt:
            d *= 2
            if d > 9:
                d -= 9
        _sum += d
        alt = not alt
    return (_sum % 10) == 0

This is a PHP implementation of the Luhn Algorithm (not validation but creation)

// Returns a control-character based on the modulus 10 algorithm
function CreateLuhnControlChar($source) {
	$totalSum = 0;
	for ($counter = 0; $counter <= strlen($source); $counter++) {
		$singleSum = ($counter % 2 == 0) ? 1 * substr($source,$counter,1) : 2 * substr($source,$counter,1);
		$singleSum = ($singleSum >= 10) ? substr($singleSum,0,1) + substr($singleSum,1,1) : $singleSum;
		$totalSum += $singleSum;
	}
	return (($totalSum % 10) == 0) ? 0 : 10 - ($totalSum % 10);
}

[edit] Other implementations

• Luhn validation code in Actionscript2, with generation code
• Luhn validation code in C
• Luhn validation code in C#
• Luhn validation code in VB.Net and C# with Card Identification
• Luhn validation code in ColdFusion
• Luhn validation code in FileMaker Pro
• Luhn validation code in Common Lisp
• Luhn validation code in Java
• Luhn validation code in Java, with test cases
• Luhn validation code in JavaScript, with test page
• Luhn validation and creation code in Haskell, as a library
• Luhn validation code in MS Excel
• Luhn validation code in Perl
• Luhn validation code in Perl
• Luhn validation code in PowerShell
• Luhn validation code in ProvideX
• Luhn validation code in PHP
• Luhn validation code in PureBasic
• Luhn validation code in Python
• Luhn validation code in Python, as a library
• Luhn validation code in Ruby
• Luhn validation code in Ruby, with card type check
• Luhn validation code in Scheme
• Luhn validation code in Transact-SQL
• Luhn validation code in VBScript (ASP)
• Alternative validation technique in C, awk and Python

[edit] References

1. ^ ISO/IEC 7812-1:2006 Identification cards -- Identification of issuers -- Part 1: Numbering system

• U.S. Patent 2,950,048 , Computer for Verifying Numbers, Hans P. Luhn, August 23, 1960.