STHash
STHash is a fast, keyed, cryptographic hash function designed to process large, possibly untrusted data.
The flipside is that using a secret key (or, in this implementation, a secret seed) is mandatory.
A typical use of STHash is to compute keys for locally cached objects.
The construction relies on:
- A composition of two ϵ-almost-∆-universal functions, NH and Poly1305. See the Adiantum paper for a justification of this composition.
- The KMAC keyed hash function, both to produce the final tag and as a XOF to derive the NH, Poly1305 and finalization keys.
The current code is portable, written in safe Rust, and has a lot of room for optimization.
However, it is already consistently faster than optimized BLAKE2bp implementations (using the blake2b-simd
crate) on all platforms.
You can expect future versions to be even faster.
Usage
use *;
use ;
// This must be a random, secret seed.
let seed = ;
thread_rng.fill_bytes;
// The key constructor accepts an optional application name
// Different personalization strings produce different keys
// from the same `seed`.
let key = from_seed;
// Another personalization string, such as the purpose of the
// `Hasher`, can be provided here as well.
let hasher = new;
// Returns a 256-bit hash.
let h1 = hasher.hash;
// `Hasher` structures can safely be reused to hash more data.
let h2 = hasher.hash;
References
- UMAC: Fast and Secure Message Authentication (J. Black, S.Halevi, H.Krawczyk, T.Krovetz, and P. Rogaway)
- The Poly1305-AES message authentication code (Daniel J. Bernstein)
- Adiantum: length-preserving encryption for entry-level processors (Paul Crowley and Eric Biggers)
- Short-output universal hash functions andtheir use in fast and secure data authentication (Yannick Seurin)