Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing hash functions #1

Open
9 of 18 tasks
newpavlov opened this issue Nov 18, 2016 · 52 comments
Open
9 of 18 tasks

Missing hash functions #1

newpavlov opened this issue Nov 18, 2016 · 52 comments

Comments

@newpavlov
Copy link
Member

newpavlov commented Nov 18, 2016

List of "would be nice to have" hash functions:

It can be changed based on discussion.

@adrianbrink
Copy link

MD2 explanation
General information from wikipedia

The first link has an example of an implementation in C of MD2. Overall the implementation is around 100 lines of code and hence should be doable for anyone that knows a bit of rust.

@felipeamp
Copy link
Contributor

I am somewhat new to Rust but I believe I can do this. Can I take MD2?

@newpavlov newpavlov mentioned this issue Jan 11, 2017
@newpavlov
Copy link
Member Author

Moved Grostl discussion to #8.

@faineance
Copy link

I'd like to take a shot at Tiger.

@newpavlov newpavlov reopened this Jan 12, 2017
@cseale
Copy link

cseale commented Jan 12, 2017

I'll take a shot at MD6

@lilianmoraru
Copy link

I think bcrypt is a must-have.

@tarcieri
Copy link
Member

tarcieri commented Jun 2, 2017

bcrypt is a password hashing function. Perhaps those deserve their own toplevel project, as they are functionally different from hash functions (among other things they are PRFs, not hash functions)

@newpavlov
Copy link
Member Author

@lilianmoraru
There is already bcrypt crate, but it needs a bit of work before publishing. And as tarcieri mentioned, bcrypt is better to be placed in the different repo. I was thinking about RustCrypto/kdf and I was planning to work on it after I'll finish with block modes for block ciphers. (bcrypt depends on blowfish after all)

@tarcieri
Copy link
Member

tarcieri commented Jun 2, 2017

nit about "kdf": bcrypt isn't a KDF

@newpavlov
Copy link
Member Author

newpavlov commented Jun 2, 2017

I think it's "close enough". Also wiki. Either I am open to suggestions, but I think it's better to continue this discussion in the IRC.

Edit: after discussion I think we will go with "password-hashing" instead of "kdf"

@lilianmoraru
Copy link

@newpavlov There is also this implementation and this one(which seems better but I'd switch it from trait IntoBcryptSetup to the yet nightly TryInto/TryFrom).
The second also has the 72 bytes limit on the password... I'd rather go with SHA512 + bcrypt(512 bit as input from SHA512) - that's why I also thought that bcrypt would be good in combination with these crates, otherwise you'd have to recommend any random SHA crate, without a specific example of correct usage.

@newpavlov
Copy link
Member Author

Thank you for the links! I will definitely check them!

@pedrocr
Copy link

pedrocr commented Jul 3, 2017

+1 for KangarooTwelve, seems like a great option for hashing files very quickly for content addressable filesystem situations (e.g., git, backups, etc).

@tarcieri
Copy link
Member

tarcieri commented Jul 4, 2017

Of this list, KangarooTwelve is the only one I'm even remotely interested in.

@rubdos
Copy link

rubdos commented Mar 22, 2018

+1 for KangarooTwelve.

Is it a good idea to add the TupleHash family too?

@kazcw kazcw mentioned this issue Jan 29, 2019
Closed
@spebern
Copy link
Contributor

spebern commented Feb 25, 2019

Hi,

Are you interested in Shabal?
I have an implementation that would be fully compatible with
the library. (https://github.com/spebern/shabal-rs)

All the best

@newpavlov
Copy link
Member Author

@spebern
Yes, please submit a PR if you'll have time!

@felixrabe
Copy link
Contributor

Current link for KangarooTwelve: https://keccak.team/kangarootwelve.html. (Old link redirects there.)

@myers
Copy link
Contributor

myers commented Feb 5, 2021

Any interest in TTH?

@tarcieri
Copy link
Member

tarcieri commented Feb 5, 2021

Sure. It seems like you could put it in the tiger crate (possibly feature-gated)

@vschwaberow
Copy link

I would like to propose the hash algorithm Argon2 for inclusion in RustCrypto.

@gavadinov
Copy link
Contributor

@tarcieri done: #278

@ethindp
Copy link

ethindp commented Oct 11, 2021

Any chance we can get IFSB, RFSB, and S-FSB? Wikipedia indicates nothing about IFSB's performance, but states that S-FSB is 30 percent faster than FSB and that RFSB is 10x faster than FSB-256. I would implement these myself but I have no knowledge of cryptography -- or at least not the mathematics and such. :-(

@elichai
Copy link

elichai commented Nov 9, 2021

I've implemented cSHAKE, and I have a few open questions before I can open a PR:

  1. Do we want to expose N to the user? I think not, because it's technically reserved for NIST to define new functions.
  2. How do the tests work? Is it written anywhere how do I add new test vectors? (what's this "blob" serialization?)

EDIT: Should we open a Zulip stream for RustCrypto? or is there a Discord/Matrix channel somewhere that I can join to ask these kinds of questions?

@newpavlov
Copy link
Member Author

newpavlov commented Nov 11, 2021

@elichai

Do we want to expose N to the user?

I think we can start without it and potentially expose it later if someone will request it.

How do the tests work? Is it written anywhere how do I add new test vectors? (what's this "blob" serialization?)

The format is described in the blobby crate docs. You can convert hex-encoded files into the blobby format using utility in examples/convert.rs. Input file should contain pairs of input data and resulting hash separated by new lines:

input data 1
hash for data 1
input data 2
hash for data 2

You can create PR with several test vectors and I can convert the rest for you.

Should we open a Zulip stream for RustCrypto?

We already have Zulip (note README badges): https://rustcrypto.zulipchat.com/

@lumag
Copy link
Contributor

lumag commented Sep 11, 2022

RIPEMD-128: #406

@laudiacay
Copy link

laudiacay commented Jan 29, 2023

found an md6 but it's via FFI: this isn't what you want, is it?
https://github.com/nabijaczleweli/md6-rs

tapping in: @nabijaczleweli

@newpavlov
Copy link
Member Author

@laudiacay
Yes, our project is about pure Rust implementations, so an FFI crate would be out of scope.

@ashWhiteHat
Copy link

How about poseidon hash?
https://eprint.iacr.org/2019/458.pdf
Not mainstream?

@newpavlov
Copy link
Member Author

@ashWhiteHat Added.

@ashWhiteHat
Copy link

Thank you!

@Saphereye
Copy link

HAS-160 Specification
HAS-160 Specification pdf

The original specification has been taken down, so I have linked to the wayback machine page. I have also updated the link on the wikipedia page of HAS-160. The paper also contains pseudocode and explains the algorithm in-depth.

@ethanbarry
Copy link

ethanbarry commented Feb 26, 2024

I see POSEIDON in here, and I'm interested in working on it for GSoC, but while I was researching it, I found this recent video on their faster version of the hash function. It uses a special matrix to speed up multiplication, and they call it POSEIDON2.

Could this be added to the list?
EDIT: Here's the paper: https://eprint.iacr.org/2023/323

@tarcieri
Copy link
Member

I added Poseidon2 to the list as well as a link to the HAS-160 spec

@AndersSteenNilsen
Copy link

Would multimixer-128 be of any interest? Give me a thumbs up and I'll finnish my PR #591.
It's quite fast. From the paper:

Abstract. In this paper we introduce a new keyed hash function based on 32-bit
integer multiplication that we call Multimixer-128
. . .
There are vector instructions for fast 32-bit integer multiplication on many CPUs and
in such platforms, Multimixer-128 is very efficient. We compare our implementation
of Multimixer-128 with NH hash function family that offers similar levels of security
and with two fastest NIST LWC candidates. To the best of our knowledge, NH
hash function is the fastest keyed hash function on software and Multimixer-128
outperforms NH while providing same levels of security

@newpavlov
Copy link
Member Author

@AndersSteenNilsen
I responded in the PR.

@AnarchistHoneybun
Copy link

AnarchistHoneybun commented Jun 27, 2024

I have a working implementation of Kupyna_512 (working as in it passes all tests for this mode, as mentioned in the paper).
Would someone be willing to review this code and tell me how it stands against the standards that this repo requires, things like traits it should implement or features it should have, and the like?
Currently it is almost a 1-to-1 implementation of the paper, and I'm yet to add comments to some functions, but it would be great if someone could guide me a bit on this. tia!

edit: typo

@newpavlov
Copy link
Member Author

@AnarchistHoneybun
Can you create a PR? It will be easier to review the code this way. As for traits, you can follow the other crates in this repository, md5 and sha1 will be the simplest to start with. Your current implementation is quite inefficient, migrating to our crates should help with it a bit.

@AnarchistHoneybun
Copy link

@AnarchistHoneybun
Can you create a PR? It will be easier to review the code this way. As for traits, you can follow the other crates in this repository, md5 and sha1 will be the simplest to start with. Your current implementation is quite inefficient, migrating to our crates should help with it a bit.

Sure, I'll open a new pr in a bit.
What do you mean when you say "migrating to our crates should help with it a bit"

(ESL, so apologies if this sounds rude, I'm trying to phrase the question but I can't come up with a way to do it without sounding awkward or rude)

@newpavlov
Copy link
Member Author

newpavlov commented Jun 27, 2024

I meant "migrating to our traits". With them you essentially need to define hash initialization, block compression, and hash finalization. Buffering, data chunking, and everything else will be handled by CoreWrapper. After migrating to the traits your implementation should be completely heap allocation free. Also, do not mind the MAX_MESSAGE_LENGTH limit. We assume that these limits can not be achieved it practice (even with hardware acceleration you will need decades of computations), so we ignore them.

@AnarchistHoneybun
Copy link

I meant "migrating to our traits". With them you essentially need to define hash initialization, block compression, and hash finalization. Buffering, data chunking, and everything else will be handled by CoreWrapper. After migrating to the traits your implementation should be completely heap allocation free. Also, do not mind the MAX_MESSAGE_LENGTH limit. We assume that these limits can not be achieved it practice (even with hardware acceleration you will need decades of computations), so we ignore them.

just opened a new pr for it, and I will keep working on the required changes. as for discussion on it, should I open a new issue and link the pr to that, or just under the pr would serve well?

@newpavlov
Copy link
Member Author

You can open a new PR with implementation draft without a separate issue.

@oxarbitrage
Copy link

I believe the Sinemilla hash function could be a good addition to this library. This hash function is used primarily in the Zcash blockchain, but its security properties and efficiency have applications beyond that environment.

  • Efficiency in Halo2 circuits: One of Sinsemilla’s key strengths is its computational efficiency within Halo2 circuits, making it a suitable option for zero-knowledge proof systems.
  • Alternative implementations: Outside of these circuits, Sinsemilla can still be implemented in a simpler, though less efficient, form.

I've previously written a Sinsemilla Specification that outlines its core principles and implementation details.

The only external dependency required for this implementation would be the Pasta Curves crate, which offers the necessary elliptic curve operations.

I would be happy to try to do the implementation if this seems like a good fit for the project.

@Piyuuussshhh
Copy link

hey folks! is a POSEIDON implementation in the works currently?

@newpavlov
Copy link
Member Author

@Piyuuussshhh As far as I know, no.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests