Since 2016, NIST have been probing the submitted methods for a light-weight hashing method, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. A particular focus was the security of the methods, along with their performance on low-cost FPGAs/embedded processes and their robustness against side-channel attacks. This test assesses performance requirements. In 2023, NIST announced that Ascon was the winner and will progress to a NIST standard.
Light-weight hashing using Bouncy Castle and C# |
Method
Esch256 (Efficient, Sponge-based, and Cheap Hashing) is crypto method which has reached Round 2 of the NIST competition for light-weight cryptography, and is from the Sparkle permutation family. This page implements the hashing method for a 256-bit hash, and has a block size of 16 bytes, a security level of 128 bits and a data limit up to 2132. It was designed by Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, and Qingju Wang.
ASCON implements the hashing method for a 256-bit hash, and uses a 320-bit permutation. It was created by Christoph Dobraunig Maria Eichlseder Florian Mendel and Martin Schläffer, and was the winner for the NIST light-weight cryptography method.
Xoodyak comes from the Keccak research team, and which was successful in the SHA-3 competition. Overall, Keccak was evaluated as the most efficient and secure hashing method. Joan Daemon also co-authored the Rijndael cipher that eventually became AES. With Xoodoo permutation we can apply it with the Xoodyak function. With this, we store a 384-bit state for the encryption and which relates to the sequence of the input data. With this, we can create a fixed-length hash, a pseudo-random bit value, or an output of a variable length. This can thus produce either a hash function, a random bit stream, or an encryption method.
One method which focuses on creating an extremely small footprint is the PHOTON-Beetle method. Overall it is a lightweight block cipher and was written by Zhenzhen Bao, Avik Chakraborti, Nilanjan Datta, Jian Guo, Mridul Nandi, Thomas Peyrin, and Kan Yasuda. It uses the sponge-based mode Beetle with the P256 for the permutation and supports both authenticated encryption (AE) and hashing. PHOTON-Beetle AEAD and PHOTON-Beetle hashing are finalists for NIST’s competition on lightweight cryptography. The Beetle family of cryptography methods integrates a lightweight, sponge-based authenticated encryption. When this is linked with the PHOTON permutation (PHOTON_256), it achieves an extremely small footprint. In tests, a 64-bit security version of PHOTON-Beetle consumes less than 600 LUTs (LookUp Tables) on an FPGA, compared with 1,000 LUTs for COFB-AES (COmbined FeedBack-AES). With PHOTON-Beetle can be optimized for either a low ROM environment (where the code needs to be compact) or is optimized speed. For PHOTON-Beetle AEAD, on 8-bit microcontrollers with low ROM sizes, the ROM code size is less than 2,200 bytes, and adding a hashing method on top of this, only adds another 300 bytes of ROM. The requirement for memory, too, is small and where it only requires 100 bytes of RAM. The average speed is around 8,200 cycles per byte for encryption. For the PHOTO-Beetle AEAD mode which focuses on speed, the ROM code size is less than 4,100 bytes, with hashing adding 300 bytes. The average speed is around 4,900 cycles per byte for encryption.
Code
We can create a Dotnet console project for .NET 8.0 with:
dotnet new console --framework net8.0
First we install the Bouncy Castle library:
dotnet add package BouncyCastle.Cryptography
Next some code:
namespace AES { using System.Security.Cryptography; using Org.BouncyCastle.Crypto.Digests; class Program { static void Main(string[] args) { string str=""; if (args.Length >0) str=args[0]; try { Console.WriteLine ("Message:\t{0}\n\n",str); Console.WriteLine ("\n=== Light-weight hashes ==="); var h20 = new SparkleDigest(new SparkleDigest.SparkleParameters()); h20.BlockUpdate(System.Text.Encoding.UTF8.GetBytes(str), 0, str.Length); var hash20=new byte[h20.GetDigestSize()]; h20.DoFinal(hash20, 0); Console.WriteLine ("Sparkle:\t{0}",Convert.ToHexString(hash20)); var h18 = new AsconDigest(new AsconDigest.AsconParameters()); h18.BlockUpdate(System.Text.Encoding.UTF8.GetBytes(str), 0, str.Length); var hash18=new byte[h18.GetDigestSize()]; h18.DoFinal(hash18, 0); Console.WriteLine ("Ascon:\t\t{0}",Convert.ToHexString(hash18)); var h21 = new XoodyakDigest(); h21.BlockUpdate(System.Text.Encoding.UTF8.GetBytes(str), 0, str.Length); var hash21=new byte[h21.GetDigestSize()]; h21.DoFinal(hash21, 0); Console.WriteLine ("Xoodyak:\t{0}",Convert.ToHexString(hash21)); var h22 = new PhotonBeetleDigest(); h22.BlockUpdate(System.Text.Encoding.UTF8.GetBytes(str), 0, str.Length); var hash22=new byte[h22.GetDigestSize()]; h22.DoFinal(hash22, 0); Console.WriteLine ("PhotonBeetle:\t{0}",Convert.ToHexString(hash22)); var h23 = new IsapDigest(); h23.BlockUpdate(System.Text.Encoding.UTF8.GetBytes(str), 0, str.Length); var hash23=new byte[h23.GetDigestSize()]; h22.DoFinal(hash23, 0); Console.WriteLine ("ISAP:\t\t{0}",Convert.ToHexString(hash23)); } catch (Exception e) { Console.WriteLine("Error: {0}",e.Message); } } } }
A sample run is:
Message: The quick brown fox jumps over the lazy dog === Light-weight hashes === Sparkle: D43F87A0FE60FC5925064880C6116C136B6D94FA24A93DFFCB35D178C3AF932C Ascon: 3375FB43372C49CBD48AC5BB6774E7CF5702F537B2CF854628EDAE1BD280059E Xoodyak: 087376B970C53ED0339A4FE54F4462F0F34E4E50ED09B4314ED24B32BA9822CB PhotonBeetle: 5CED20C8D747C62114BF691739821516135AA8413997CF34B4B8E40A25489762 ISAP: 24C50C761A324E46957C77FA52BB7D135A05C808BEAFED1BA6FEE32EC8A082D0