Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Sponge function
In cryptography, a sponge function or sponge construction is any of a class of algorithms with finite internal state that take an input bit stream of any length and produce an output bit stream of any desired length. Sponge functions have both theoretical and practical uses. They can be used to model or implement many cryptographic primitives, including cryptographic hashes, message authentication codes, mask generation functions, stream ciphers, pseudo-random number generators, and authenticated encryption. A sponge function is built from three components: a state memory, S, containing b bits, a function a padding function P S is divided into two sections: one of size r (the bitrate) and the remaining part of size c (the capacity). These sections are denoted R and C respectively. f produces a pseudorandom permutation of the states from S. P appends enough bits to the input string so that the length of the padded input is a whole multiple of the bitrate, r. This means the input is segmented into blocks of r bits. The sponge function "absorbs" (in the sponge metaphor) all blocks of a padded input string as follows: S is initialized to zero for each r-bit block B of P(string) R is replaced with R XOR B (using bitwise XOR) S is replaced by f(S) The sponge function output is now ready to be produced ("squeezed out") as follows: repeat output the R portion of S S is replaced by f(S) unless output is full If less than r bits remain to be output, then R will be truncated (only part of R will be output). Another metaphor describes the state memory as an "entropy pool", with input "poured into" the pool, and the transformation function referred to as "stirring the entropy pool". Note that input bits are never XORed into the C portion of the state memory, nor are any bits of C ever output directly. The extent to which C is altered by the input depends entirely on the transformation function f. In hash applications, resistance to collision or s depends on C, and its size (the "capacity" c) is typically twice the desired resistance level.