SquarePants Sponge Hashing

A quick explaination of the sponge hashing algorithm, notably used in SHA-3

06/01/2025 (modified 15/01/2025) · 2 min read · sapling 🪴

In 2007, the NIST (National Institue of Standards and Technology) announced a Cryptographic Hash Algorithm Competition, with the winner being awarded the grant to be standardized as the new SHA-3. It ended in 2012 with being announced as the winner.

The function uses a sponge construction, but what the hell is even this thing? Let’s take a look!

We have a message as our input and the final hash . We then have two “registers”: and , which both make up our state . These two are initialized with s in them.

The message is first padded so that it can fit in exactly parts , each of size . The process of “absorption” is the following:

1. XOR (denoted ) the message-part with the register bit-by-bit
2. Scramble the whole register ( and ) altogether to produce a new state by applying The function needs to generate a pseudo-random permutation of the bits in

Example permutation via

3. Pass on the state to the next iteration

We can now “squeeze” our sponge to extract the hash from it, by applying again and taking a small chunk ( bits) over and over until we have enough for our desired output length.

This whole process can be described with the following diagram:

Sponge construction algorithm, inspired by Keccak's diagram

This whole process can also be modified to fit streaming needs, by combining both absorption and squeezing steps at each iteration.