One of the greatest advancements in Cybersecurity: The Sponge Function (Keccak and SHAKE)
I think that the Sponge function, as used by IOTA, SHA-3, and SHAKE, is one of the greatest advancements in cybersecurity within the last decade. With this, we may be reaching a method which allows us to do a wide range of operations, with just a single technique. While SHA-3 is used as a hashing method, at its core is Keccak, and which is adaptable to a range of applications. SHAKE, for example, can be used to create a wide range of output data sizes. In fact, with STROBE, we can used Keccak to produce digest methods, signing, and symmetric key encryption. This replaces methods such as AES, ChaCha20, SHA-1, SHA-256, HMAC, and much more.
For hashing, we have generally moved from MD5 (a 128-bit signature) onto SHA-1 (a 160-bit function). Unfortunately, Google created a real-life collision on SHA-1, and, generally, it has been deprecated as a hashing method. NIST also defined a new standard with SHA-2, and which supported 224-bit (SHA-224), 256-bit (SHA-256), 384-bit (SHA-384) and 512-bit (SHA-512) hash signatures. Each of these is secure, but NIST decided that they needed an alternative method, and created a competition for SHA-3. It was finally won by Keccak, and which uses a sponge function:
SHA-3 was thus standardised with defined output sizes. Basically with SHA-3, we define a state size (S) of 1600 bits (Keccak-f). This state (S) is made up from r (rate) and c (capacity). For SHA3–224, we have a rate (r) of 1,152 bits and a capacity (c) of 448 bits. The total bits in the state is thus 1,600 bits. For SHAKE128 and SHA256, we can have a variable number of bits on the output:
IOTA, for example, uses the Keccak-384 hash. In the first part of the process, we break the data into r bits chunks, and then EX-OR it with the rate part of the state (and which will initially be set to all zeros):
The output of this goes into the function (f), and which has 24 rounds and is created with EX-OR, AND and NOT functions. This output is the new state (S). If there is more data, it is then fed into the next stage, and will do the same method of EX-ORing the r state value with the message (X1), and then feeding this into f. This generates the next state.
We then continue until we have exhausted all the message data, and then go into a squeezing function:
Again we feed into f, and produce an output (Y0). This output will then be truncated to the required hash size, or we will continue until we have produced the required output size (as with SHAKE128 and SHAKE256).
Here are some demos:
The potential of the sponge function is amazing, and we should start to see it creeping into IoT implementations for crypto.
Originally published on medium.com