david wong

Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Implementation of Kangaroo Twelve in Go posted June 2017

I've released an implementation of KangarooTwelve in Go

It is heavily based on the official Go's x/crypto/sha3 library. But because of minor implementation details the relevant files have been copied and modified there so you do not need Go's SHA-3 implementation to run this package. Hopefully one day Go's SHA-3 library will be more flexible to allow other keccak construction to rely on it.

I have tested this implementation with different test vectors and it works fine. Note that it has not received proper peer review. If you look at the code and find issues (or not) please let me know!

See here why you should use KangarooTwelve instead of SHA-3. But see here first why you should still not skip SHA-3.

This implementation does not yet make use of SIMD to parallelize the implementation. But we can already see improvements due to the smaller number of rounds:

100 bytes1000 bytes10,000 bytes
K12761 ns/op1875 ns/op15399 ns/op
SHA3854 ns/op3962 ns/op34293 ns/op
SHAKE128668 ns/op2853 ns/op29661 ns/op

This was done with a very simple bench script on my 2 year-old macbook pro.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.



Question: if you were to use plain English to explain how BLAKE2 and K12 (and maybe compare that with SHA2, Skein and others) are implemented, which one would be easier to explain? Maybe this could explain why K12 is so rarely used?


I think:

* sponges are easier to understand in general

* SHA-3 specifically is a mess of a standard, and so not straight forward to implement imo (see my other blog about this)

* K12 is a bit more complicated than SHA-3, but also very new, so it's hard to compare to BLAKE2. It's currently being standardized.


What if we have a rule that requires you to explain the whole of BLAKE2b vs SHA-512 or BLAKE2s vs SHA-256 (including all function and logic) using plain English, or explain it to a teenager that is easy to understand. Which one would require more words?


*SHA3-256 and SHA3-512 not SHA-256 and SHA-512


This is one of the way we try and explain things... https://www.youtube.com/watch?v=2p_8gx-XHJo (but of course top 1000 words are hard to deal with so this challenge would be 8th grade level)


I think the design of SHA-3 is easier to understand in 1000 words. Just explain what a permutation is, and then explain a sponge, and voila.

leave a comment...