eXtendable-Output Function (XOF) using CIRCL[Blake Home][Home]
An eXtendable-Output Function (XOF) produces a bit string that can be of any length. In fact, we can create an infinitely long bit string, if required. The main methods are SHAKE128, SHAKE256, BLAKE2XB and BLAKE2XS. With the SHA-3 hashing method, we have four different cryptographic hashing methods (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) and two XOF functions (SHAKE128 and SHAKE256). With BLAKE2b we have an XOF of BLAKE2XB, and for BLAKE2s we have an XOF of BLAKE2XS. With a string input, we will get a digest output of a given byte length. For a random input, we can generate a digest of the random values for a given output size.
|
Outline
Our existing hashing functions are split into two main categories. The first is the cryptography hashes, such as MD5, SHA-1, SHA-256 and SHA-3 [here]. These are typically fast methods and which can take any amount of data as an input and produce a fixed hash output — a fingerprint of the data. The other type of hash is the non-cryptographic hash and these tend to be even faster than the cryptographic hashes, but have a lesser security strength. Typical non-cryptographic methods are SipHash, xxHash and FarmHash [here]. These hashes are typically used for indexing such as with hash tables and Bloom filters. But, there’s another type of permutated output, and these are defined as eXtendable-Output Functions (XOFs).
XOFs differ from hashing functions in that they can produce any length of output — from one byte to an infinitely long byte stream. They can thus be used in applications where we need something larger or smaller than the 256-bit (16 bytes) or 512-bit (32 bytes) output value that our cryptographic hashing methods produce. For cryptographic methods, most modern applications now use SHA-256 (256-bit hash), SHA-512 (512-bit hash) or SHA-3 (256-bit).
In designing a modern hashing the focus is typically on a fixed hash output, but designers also implement a variable-length output for XOF. Overall, the main XOF methods are SHAKE128, SHAKE256, BLAKE2XB and BLAKE2XS. With the SHA-3 hashing method, we have four different cryptographic hashing methods (SHA3–224, SHA3–256, SHA3–384, and SHA3–512) and two XOF functions (SHAKE128 and SHAKE256). With BLAKE2b — one of the fastest cryptographic hashing methods — we have an XOF of BLAKE2XB, and for BLAKE2s we have an XOF of BLAKE2XS. With a string input, we will get a digest output of a given byte length. For a random input, we can generate a digest of the random values for a given output size.
The applications of XOF include creating hashes of variable lengths and in creating encryption keys based on passwords. While HKDF focuses on creating an encryption key from passwords, XOFs have the advantage of producing a variable output size for the key. As XOFs always produce the same output for a given input, it is strongly recommended that a salt value is used with the password (and then stored for recovery). There are also applications of XOF into stream encryption, where we can create a seed value and then produce an infinitely long encryption key. This input key can then simply be XOR-ed with the data stream to produce the cipher stream.
Coding
The following is an outline of the code:
package main import ( "fmt" "os" "strconv" "github.com/cloudflare/circl/xof" ) func main() { length := 32 v := "The quick brown fox jumps over the lazy dog" meth := "BLAKE2XS" X := xof.BLAKE2XS.New() argCount := len(os.Args[1:]) if argCount > 0 { meth = os.Args[1] } if argCount > 1 { v = os.Args[2] } if argCount > 2 { length,_ = strconv.Atoi(os.Args[3]) } if meth == "SHAKE128" { X = xof.SHAKE128.New() } if meth == "SHAKE256" { X = xof.SHAKE256.New() } if meth == "BLAKE2XB" { X = xof.BLAKE2XB.New() } if meth == "BLAKE2XS" { X = xof.BLAKE2XS.New() } _, _ = X.Write([]byte(v)) fmt.Printf("Input: %s\n", v) fmt.Printf("Method: %s\n", meth) fmt.Printf("Size: %d bytes\n", length) xof_out := make([]byte, length) _, _ = X.Read(xof_out) fmt.Printf("\nHash: %x\n", xof_out[:length]) }
A sample run for SHAKE123 with a 256 byte output:
Input: The quick brown fox jumps over the lazy dog Method: SHAKE128 Size: 256 bytes XOF: f4202e3c5852f9182a0430fd8144f0a74b95e7417ecae17db0f8cfeed0e3e66eb5585ec6f86021cacf272c798bcf97d368b886b18fec3a571f096086a523717a3732d50db2b0b7998b4117ae66a761ccf1847a1616f4c07d5178d0d965f9feba351420f8bfb6f5ab9a0cb102568eabf3dfa4e22279f8082dce8143eb78235a1a54914ab71abb07f2f3648468370b9fbb071e074f1c030a4030225f40c39480339f3dc71d0f04f71326de1381674cc89e259e219927fae8ea2799a03da862a55afafe670957a2af3318d919d0a3358f3b891236d6a8e8d19999d1076b529968faefbd880d77bb300829dca87e9c8e4c28e0800ff37490a5bd8c36c0b0bdb2701a