One of the greatest advancements in Cybersecurity: The Sponge Function (Keccak and SHAKE)

I think that the Sponge function, as used by IOTA, SHA-3, and SHAKE, is one of the greatest enhancement in cybersecurity within the last…

One of the greatest advancements in Cybersecurity: The Sponge Function (Keccak, SHAKE and ASCON)

In Feb 2023, it was annouced that ASCON won the NIST light-weight cryptography competition. One of the great things about it, is that it uses a Sponge function to perform both encryption and hashing at the same time. You can learn more about ASCON 1.2 here:

Slow And Steady Wins The Light-weight Race: Meet ASCON
Since 2016, NIST has been assessing light-weight encryption methods, and, in 2022, NIST published the final 10: ASCON…medium.com

Here are are some implementations:

https://asecuritysite.com/ascon

Introduction

In 2007, Bertoni et al outlined the usage of sponge function. It basically defined that we could store a finite state and then derive a hashed output for a given input data set. This moved away from the approaches of the interactive methods of hashing:

Within two years of this paper, Bertoni, Daemen (one of the creators of the AES encryption method), Peeters and Assche created the Keccak method [2]:

This sponge function, as used by IOTA, SHA-3, and SHAKE, is possibly one of the greatest advancements in cybersecurity within the last decade. With this, we may reach a way that allows us to do a wide range of cryptographic operations within a single cryptographic method: the sponge.

While SHA-3 is used as a hashing method, at its core is Keccak, and which is adaptable to a range of applications. SHAKE, for example, can be used to create a wide range of output data sizes. In fact, with STROBE, we can use Keccak to produce digest methods, signing, and symmetric key encryption. This replaces methods such as AES, ChaCha20, SHA-1, SHA-256, HMAC, and much more.

The road to SHA-3

We have generally moved from MD5 (a 128-bit signature) to SHA-1 (a 160-bit function) for hashing. Unfortunately, Google created a real-life collision on SHA-1, and, generally, it has been deprecated as a hashing method. NIST also defined a new standard with SHA-2, and which supported 224-bit (SHA-224), 256-bit (SHA-256), 384-bit (SHA-384) and 512-bit (SHA-512) hash signatures. Each of these is secure, but NIST decided they needed an alternative method, creating a competition for SHA-3 [2]. It was finally won by Keccak, and which uses a sponge function:

SHAKE it

SHA-3 was thus standardised with defined output sizes. Basically with SHA-3, we define a state size (S) of 1600 bits (Keccak-f[1600]). This state (S) is made up of r (rate) and c (capacity). For SHA3–224, we have a rate (r) of 1,152 bits and a capacity (c) of 448 bits. The total bits in the state is thus 1,600 bits. For SHAKE128 and SHA256, we can have a variable number of bits on the output:

IOTA, for example, uses the Keccak-384 hash. In the first part of the process, we break the data into r bits chunks, and then EX-OR it with the rate part of the state (and which will initially be set to all zeros):

This output goes into the function (f), which has 24 rounds and is created with EX-OR, AND and NOT functions. This output is the new state (S). If there is more data, it is then fed into the next stage, and will do the same method of EX-ORing the r state value with the message (X1), and then feeding this into f. This generates the next state.

We then continue until we have exhausted all the message data, and then go into a squeezing function:

Again we feed into f, and produce an output (Y0). This output will then be truncated to the required hash size, or we will continue until we have produced the required output size (as with SHAKE128 and SHAKE256).

Here are some demos:

SHA-3, Keccak and SHAKE: https://asecuritysite.com/hash/s3
SHAKE: https://asecuritysite.com/hash/shake
SHAKE n Go: https://asecuritysite.com/hash/goshake

Conclusions

The potential of the sponge function is amazing, and we should start to see it creeping into IoT implementations for cryptography. If you want to learn about ASCON, try here:

https://medium.com/asecuritysite-when-bob-met-alice/ascon-is-a-light-weight-champion-bfd81853d61a

References

[1] Bertoni, G., Daemen, J., Peeters, M., & Van Assche, G. (2007, May). Sponge functions. In ECRYPT hash workshop (Vol. 2007, №9).

[2] Bertoni, G., Daemen, J., Peeters, M., & Van Assche, G. (2009). Keccak sponge function family main document. Submission to NIST (Round 2), 3(30), 320–337.