STHash
STHash is a fast, keyed, cryptographic hash function designed to process large, possibly untrusted data.
The flipside is that using a secret key (or, in this implementation, a secret seed) is mandatory. This is not as a general-purpose hash function.
A typical use of STHash is to compute keys for locally cached objects.
The construction relies on:
- A composition of two ϵ-almost-∆-universal functions, NH and Poly1305. See the Adiantum paper for a justification of this composition.
- The KMAC keyed hash function, both to produce the final tag and as a XOF to derive the NH, Poly1305 and finalization keys.
The current code is portable, written in safe Rust, and has a lot of room for optimization.
However, it is already consistently faster than optimized BLAKE2bp implementations on all platforms.
You can expect future versions to be even faster.
Usage
use *;
use ;
// This must be a random, secret seed.
let seed = ;
thread_rng.fill_bytes;
// The key constructor accepts an optional application name
// Different personalization strings produce different keys
// from the same `seed`.
let key = from_seed;
// Another personalization string, such as the purpose of the
// `Hasher`, can be provided here as well.
let hasher = new;
// Returns a 256-bit hash.
let h1 = hasher.hash;
// `Hasher` structures can safely be reused to hash more data.
let h2 = hasher.hash;
Benchmarks
Measurements from the built-in benchmark, hashing 1 Mb data. Rust 1.33.
Get your own data with the cargo bench command.
Comparison with BLAKE2bp (from blake2b-simd):
| Machine | BLAKE2bp (μs) | STHash (μs) | Ratio |
|---|---|---|---|
| Core i9 2.9Ghz, MacOS | 391 | 95 | 4.1 |
| Core i7 2.8Ghz, MacOS | 607 | 134 | 4.5 |
| Xeon CPU E3-1245 V2 3.40GHz, OpenBSD VM | 2681 | 493 | 5.4 |
| ARMv7 (Scaleway C1), Linux | 29402 | 7871 | 3.7 |
| Raspberry Pi 3b, Linux | 19596 | 4944 | 4 |
Comparison with HMAC-SHA2 (from rust-crypto):
| Machine | HMAC-SHA512 (μs) | STHash (μs) | Ratio |
|---|---|---|---|
| Core i9 2.9Ghz, MacOS | 2280 | 95 | 24 |
| Core i7 2.8Ghz, MacOS | 3233 | 134 | 24.1 |
| Xeon CPU E3-1245 V2 3.40GHz, OpenBSD VM | 6423 | 493 | 13 |
| ARMv7 (Scaleway C1), Linux | 167670 | 7871 | 21.3 |
| Raspberry Pi 3b, Linux | 49309 | 4944 | 9.9 |
References
- UMAC: Fast and Secure Message Authentication (J. Black, S.Halevi, H.Krawczyk, T.Krovetz, and P. Rogaway)
- The Poly1305-AES message authentication code (Daniel J. Bernstein)
- Adiantum: length-preserving encryption for entry-level processors (Paul Crowley and Eric Biggers)
- Short-output universal hash functions andtheir use in fast and secure data authentication (Yannick Seurin)
Thanks
This crate is based on work by Paul Crowley and Eric Biggers.