Expand description
SHAKE256 (FIPS 202) — hand-rolled, no_std, zero dependencies, tuned
for the Solana SBF target.
This is the single source of the Keccak-f[1600] core shared by
solana-hawk512 and solana-falcon512 (the permutation,
absorb/finalize and SHAKE256 padding were byte-identical in both;
consolidating here keeps two consensus-critical verifiers provably
running the same primitive). The two output styles each verifier needs
are both exposed: the bulk rate-draining path
(Shake256::rate_lanes + Shake256::permute, used by Falcon’s
hash_to_point rejection sampling) and a fixed-length
Shake256::squeeze (used by HAWK’s hpub/M/h).
The keccak_f1600 core uses Bertoni lane-complementing (the 6-lane
Keccak-Team set {1,2,8,12,17,20}, pre-/post-complemented once per
permute so ~456 NOTs are eliminated across 24 rounds) fused with an
in-place chi-row + 10 cell-saves layout (no B[25] scratch).
Structs§
- Shake256
- Incremental SHAKE256 (FIPS 202).
new→absorb* →finalize→ then either drain the rate (rate_lanes/permute) orsqueezea fixed number of bytes.
Constants§
- RATE
- SHAKE256 rate in bytes (1600-bit state − 2·256-bit capacity = 1088 bits).