For Speed — Go For 12 Kangaroos

The problem with competitions is that the winner will often take all until the next competition. Those competing could thus get better…

For Speed — Go For 12 Kangaroos

The problem with competitions is that the winner will often take all until the next competition. Those competing could thus get better than the winner, but it is often too late.

NIST created a competition for SHA-3, and it was Keccak that was crowned the champion. Since then, SHA-3 has received good adoption levels, but you’ll also see BLAKE2 — one of the finalists — being used in many applications. Keccak won because it was fast, and where BLAKE2 was submitted too late to compete against it. Since many have seen BLAKE2 as the better alternative [here]. We see here that BLAKE2 (BLAKE2b — the 64-bit version — and BLAKE2s) performs much better than SHA3 implementations:

BLAKE2b improved its speed by reducing the number of rounds from 16 to 12 and where BLAKE2s went from 14 to 10 rounds, with respect to BLAKE. BLAKE2bvhad been benchmarked as being faster than MD5 and using 30% less memory, along with a 25% speed improvement over BLAKE.

So, in 2016, the Keccak research team came up with a new method: KangarooTwelve. For this, they got significant speed improvements and reduced the number of rounds from 24 to 12 (with a security level of around 128 bits). A new method of tree hashing was also added, and which supports the parallel hashing of large files [paper]:

We can use an XOF to generate a hash output of a given length. In the following, we have Kangaroo 12 method [here]:

package main

import (
 "fmt"
 "os"
 "strconv"
 "github.com/cloudflare/circl/xof"

)

func main() {

 length := 32
 v := "The quick brown fox jumps over the lazy dog"
 meth := "BLAKE2XS"
 X := xof.BLAKE2XS.New()

 argCount := len(os.Args[1:])



 if argCount > 0 {
  meth = os.Args[1]
 }
 if argCount > 1 {
  v = os.Args[2]
 }
 if argCount > 2 {
  length,_ = strconv.Atoi(os.Args[3])
 }


 if meth == "SHAKE128" {
  X = xof.SHAKE128.New()
 }
 if meth == "SHAKE256" {
  X = xof.SHAKE256.New()
 }
 if meth == "SHAKE128" {
  X = xof.SHAKE128.New()
 }
 if meth == "SHAKE256" {
  X = xof.SHAKE256.New()
 }
 if meth == "BLAKE2XB" {
  X = xof.BLAKE2XB.New()
 }
 if meth == "BLAKE2XS" {
  X = xof.BLAKE2XS.New()
 }


 if meth == "K12D10" {
  X =  xof.K12D10.New()
 }
 _, _ = X.Write([]byte(v))

 fmt.Printf("Input: %s\n", v)
 fmt.Printf("Method: %s\n", meth)
 fmt.Printf("Size: %d bytes\n", length)
 xof_out := make([]byte, length)

 _, _ = X.Read(xof_out)

 fmt.Printf("\nXOF: %x\n", xof_out[:length])



}

and a sample run is [here]:

Input: The quick brown fox jumps over the lazy dog
Method: K12D10
Size: 32 bytes

XOF: b4f249b4f77c58df170aa4d1723db1127d82f1d98d25ddda561ada459cd11a48

SHA-3

SHA-3 was known as Keccak and is a hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. MD5 and SHA-0 have been shown to be susceptible to attacks, along with theoretical attacks on SHA-1. NIST thus defined there was a need for a new hashing method which did not use the existing methods for hashing and competition for competing algorithms.

In October 2012, Keccak won the NIST hash function competition and is proposed as the SHA-3 standard. It should be noted that it is not a replacement SHA-2, which is currently a secure method. Overall Keccak uses the sponge construction where the message blocks are XORed into the initial bits of the state, and then inevitably permuted.

The sponge function takes a simple function f and involves a number of stages, and where we create a fixed output (dependent on the bit length of the hash function). Simple operations of XOR, AND, and bit shifts are used, and which leads to a fast generation of the hash function:

The f permutation function takes a variable-length input and produces an arbitrary output length. A is the bit rate, and each f function operates on b bits, and where a capacity is defined as c = b — r.

The SHAKE method is useful as it can be used to create a hash method of a variable length. The 128-bit version will produce a hash value is 32 hex characters.

Speed tests

While Blake2 manages to beat MD5 for speed, KangarooTwelve beats off the other common hashing functions — in tests for the cycles per byte — by a considerable factor:

Conclusions

If SHA-3 is too slow, you can turn to Kangaroo 12, and if BLAKE 2 is not fast enough, there BLAKE 3. Basically each has reduced their security level to 128-bit levels, and reducing the number of rounds. This significantly improves performance.