ASCON Hashing and XOF (eXtendable-Output Functions) with RustAn EXtendable Output Function (XOF) produces an almost infinite sets of outputs, and where we could thus take a single byte and produce an output of a billion bytes, or even take a billion bytes of input and produce a single byte output. In essence, it is a state generator, and where with given inputs we can reach a well-defined state. We can expose the state to anyone, as they will not know the secrets that allow us to take us to the previous and the next state. In this case we will use Rust to implement an XOF with ASCON: |
XOF
Our existing hashing functions are split into two main categories. The first is the cryptography hashes, such as MD5, SHA-1, SHA-256 and SHA-3. These are typically fast methods and which can take any amount of data as an input and produce a fixed hash output — a fingerprint of the data. The other type of hash is the non-cryptographic hash and these tend to be even faster than the cryptographic hashes, but have a lesser security strength. Typical non-cryptographic methods are SipHash, xxHash and FarmHash. These hashes are typically used for indexing such as with hash tables and Bloom filters. But, there’s another type of permutated output, and these are defined as eXtendable-Output Functions (XOFs).
XOFs differ from hashing functions in that they can produce any length of output — from one byte to an infinitely long byte stream. They can thus be used in applications where we need something larger or smaller than the 256-bit (16 bytes) or 512-bit (32 bytes) output value that our cryptographic hashing methods produce. For cryptographic methods, most modern applications now use SHA-256 (256-bit hash), SHA-512 (512-bit hash) or SHA-3 (256-bit).
In designing a modern hashing the focus is typically on a fixed hash output, but designers also implement a variable-length output for XOF. Overall, the main XOF methods are SHAKE128, SHAKE256, SHAKE128, SHAKE256, BLAKE2XB and BLAKE2XS. With the SHA-3 hashing method, we have four different cryptographic hashing methods (SHA3–224, SHA3–256, SHA3–384, and SHA3–512) and two XOF functions (SHAKE128 and SHAKE256). With BLAKE2b — one of the fastest cryptographic hashing methods — we have an XOF of BLAKE2XB, and for BLAKE2s we have an XOF of BLAKE2XS. With a string input, we will get a digest output of a given byte length. For a random input, we can generate a digest of the random values for a given output size.
The applications of XOF include creating hashes of variable lengths and in creating encryption keys based on passwords. While HKDF focuses on creating an encryption key from passwords, XOFs have the advantage of producing a variable output size for the key. As XOFs always produce the same output for a given input, it is strongly recommended that a salt value is used with the password (and then stored for recovery). There are also applications of XOF into stream encryption, where we can create a seed value and then produce an infinitely long encryption key. This input key can then simply be XOR-ed with the data stream to produce the cipher stream.
Coding
An outline of the Rust code is:
use ascon_hash::{AsconXof, ExtendableOutput, Update, XofReader}; use hex::{self}; use std::env; fn main() { let mut msg="abc"; let mut length=20; let args: Vec= env::args().collect(); if args.len() >1 { msg = args[1].as_str();} if args.len() >2 { length = args[2].parse:: ().unwrap(); } let mut xof = AsconXof::default(); xof.update(msg.as_bytes()); let mut reader = xof.finalize_xof(); let mut dst = vec![0u8; length.into()]; reader.read(&mut dst); println!("Message:\t{}\n",msg); println!("Length:\t{}\n",length); println!("XOF:\t\t{}\n",hex::encode(dst)); }
Ans a sample run is:
Message: abc Length: 32 XOF: c90213a9e93b192c1d47f8aa20545f6f86686527896cb8d6530bbae9554e6dc5
and for Xof with 256 bytes:
Message: abc Length: 64 XOF: c90213a9e93b192c1d47f8aa20545f6f86686527896cb8d6530bbae9554e6dc59b037c848e1cb3aa369cf29746226495939c448fd7f0a8e2770042be2ff78905
and 256:
Message: abc Length: 256 XOF: c90213a9e93b192c1d47f8aa20545f6f86686527896cb8d6530bbae9554e6dc59b037c848e1cb3aa369cf29746226495939c448fd7f0a8e2770042be2ff78905116ad05fd8c697c22031871e95d186e7e3c51d10d08208c7943e404fbd7a0e3b7591ed678c19eda064c65b856dc2e92d0451d04883b725254904ec4aad54e6517c69a9f56ab81376c2cf6eb40ad278b39ee2cdbafcdd252ae3ebe412b87d617a55bd66fcdccf57039ea0159c6785af6c3532b25dcc49afe47011cbc81f905ee0de91bf2449bc9fbc2cddf86b40603052259a3ffe20a9045f34c8aa96581d916964bf208ac023c0f61709ca271f118bb1c355396ba97fb118e5aaf70a3be53923