We use cookies and other tracking technologies to improve your browsing experience on our site, analyze site traffic, and understand where our audience is coming from. To find out more, please read our privacy policy.

By choosing 'I Accept', you consent to our use of cookies and other tracking technologies.

We use cookies and other tracking technologies to improve your browsing experience on our site, analyze site traffic, and understand where our audience is coming from. To find out more, please read our privacy policy.

By choosing 'I Accept', you consent to our use of cookies and other tracking technologies. Less

We use cookies and other tracking technologies... More

Login or register
to apply for this job!

Login or register to start contributing with an article!

Login or register
to see more jobs from this company!

Login or register
to boost this post!

Show some love to the author of this blog by giving their post some rocket fuel πŸš€.

Login or register to search for your ideal job!

Login or register to start working on this issue!

Engineers who find a new job through Blockchain Works average a 15% increase in salary πŸš€

Blog hero image

One of the greatest advancements in Cybersecurity: The Sponge Function (Keccak and SHAKE)

Professor Bill Buchanan OBE 26 July, 2019 (2 min read)

I think that the Sponge function, as used by IOTA, SHA-3, and SHAKE, is one of the greatest advancements in cybersecurity within the last decade. With this, we may be reaching a method which allows us to do a wide range of operations, with just a single technique. While SHA-3 is used as a hashing method, at its core is Keccak, and which is adaptable to a range of applications. SHAKE, for example, can be used to create a wide range of output data sizes. In fact, with STROBE, we can used Keccak to produce digest methods, signing, and symmetric key encryption. This replaces methods such as AES, ChaCha20, SHA-1, SHA-256, HMAC, and much more.

For hashing, we have generally moved from MD5 (a 128-bit signature) onto SHA-1 (a 160-bit function). Unfortunately, Google created a real-life collision on SHA-1, and, generally, it has been deprecated as a hashing method. NIST also defined a new standard with SHA-2, and which supported 224-bit (SHA-224), 256-bit (SHA-256), 384-bit (SHA-384) and 512-bit (SHA-512) hash signatures. Each of these is secure, but NIST decided that they needed an alternative method, and created a competition for SHA-3. It was finally won by Keccak, and which uses a sponge function:

sponge1.png

SHA-3 was thus standardised with defined output sizes. Basically with SHA-3, we define a state size (S) of 1600 bits (Keccak-f[1600]). This state (S) is made up from r (rate) and c (capacity). For SHA3–224, we have a rate (r) of 1,152 bits and a capacity (c) of 448 bits. The total bits in the state is thus 1,600 bits. For SHAKE128 and SHA256, we can have a variable number of bits on the output:

sponge2.png

IOTA, for example, uses the Keccak-384 hash. In the first part of the process, we break the data into r bits chunks, and then EX-OR it with the rate part of the state (and which will initially be set to all zeros):

spong3.png

The output of this goes into the function (f), and which has 24 rounds and is created with EX-OR, AND and NOT functions. This output is the new state (S). If there is more data, it is then fed into the next stage, and will do the same method of EX-ORing the r state value with the message (X1), and then feeding this into f. This generates the next state.

spong4.png

We then continue until we have exhausted all the message data, and then go into a squeezing function:

spong5.png

Again we feed into f, and produce an output (Y0). This output will then be truncated to the required hash size, or we will continue until we have produced the required output size (as with SHAKE128 and SHAKE256).

Here are some demos:

  • 1
  • [2}(https://asecuritysite.com/encryption/shake?source=post_pageβ€”β€”β€”β€”β€”β€”β€”β€”β€”)
  • 3

Conclusions

The potential of the sponge function is amazing, and we should start to see it creeping into IoT implementations for crypto.

Originally published on medium.com