Stateful Hash Objects
Stateful Hash Objects are used in many places one would otherwise specify hash functions. However, they have a few more capabilities and requirements than a plain hash function. The ones used here are based on Trevor Perrin's Stateful Hash Functions, but with the addition of extraction and injection, and stricter requirements for demarc/ratchet.
Operations
-
Initialize(domain): Creates SHO, such that passing in a different domain results in a different SHO. -
Clone(): Duplicates the current state of SHO into a new SHO. -
Feed(input): This inserts data into the SHO. -
Extract(): Extract a summary of the current input. This output must not be derivable from the output ofCrunchat the same state, nor vice-versa. -
Inject(state): Injects a summary of some input, and resume with a fresh minimal object. -
Crunch(): Produce a summary of the current input. This output must not be derivable from the output ofExtractat the same state, nor vice-versa. -
Demarc(): Creates an out-of-band demarcation point in the input stream, such that no possible input can collide with it. This must be equivalent toExtractfollowed byInject.
Serialization
Stateful Hash Object output hashes are serialized with a 0 tag followed by the serialization of the contained hash.
Stateful Hash Object extractions are serialized with a 32 tag followed by the serialization of the contained extraction.
Implementations
Blake3
The stateful hash object for generation 1 is Blake3, a very fast hash function, PRF, MAC, KDF, and XOF that is secure against length extension.
-
Initializationgives the domain to the 'derived_key' function. -
Clonesimply duplicates the hasher. -
Feedgives the input to the 'update' function -
Extractuses the finalize_xof function, seeks 64 bytes in, and returns 32 bytes of output. -
Injectcreates a new hasher with thekeyedfunction. -
Crunchuses the finalize_xof function, and returns the first 32 bytes of output.
Blake3 hashes and extractions are serialized with the 0 tag, followed by a 32 byte binary.