Skip to main content

Pad10Sponge

p3_symmetric

Struct Pad10Sponge 

Source 
pub struct Pad10Sponge<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> { /* private fields */ }
Expand description

An overwrite-mode sponge with 10-padding.

Absorbs input into the rate, permutes after each full block, and squeezes OUT elements. Two-case padding ensures collision resistance for inputs of variable length.

§Padding Rule

Case 1 – partial block (input ends at position i < RATE):

    Sentinel at position i, zeros after, then permute.

    [a]    RATE=2:  [a, S, 0, ... | cap...]  -> P
    [a, 0] RATE=2:  [a, 0, S, ... | cap...]  -> P
                          ^
                          different position => no collision

Case 2 – full block (input length is a multiple of RATE):

    Add sentinel to first capacity element, then permute.

    [a, b] RATE=2:  [a, b | cap_0 + S, cap_1, ...]  -> P

Sentinel lands in rate (case 1) vs capacity (case 2), so no length-k input can collide with any length != k.

§Role of the Derangement

The padding function is a derangement d: a permutation with no fixed points (d(x) != x for all x). This guarantees:

  • Rate-domain: d(0) != 0, so the sentinel is always non-zero.
  • Capacity-domain: d(state[RATE]) != state[RATE], so the capacity always changes.
    Partial:  state[i]    = d(0)           -- sentinel
    Full:     state[RATE] = d(state[RATE]) -- domain separator

§Construction

The padding function is a derangement (permutation with no fixed points). The standard choice is Increment which computes d(x) = x + 1:

Pad10Sponge::new(permutation, Increment(BabyBear::ONE))  // field
Pad10Sponge::new(permutation, Increment(1u64))           // integer

The derangement must have no fixed points (d(x) != x for all x).

§Parameters

  • WIDTH – total state size (rate + capacity).
  • RATE – positions overwritten per block.
  • OUT – elements squeezed from the final state.

§Security

Indifferentiable from a random oracle up to |F|^{c/2} queries (c = WIDTH - RATE).

Implies collision resistance, preimage resistance, etc. [BDPA08] + [LBM25, Section 3.1].

Implementations§

Source§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> Pad10Sponge<T, P, D, WIDTH, RATE, OUT>

Source

pub const fn new(permutation: P, padding_derangement: D) -> Self

Trait Implementations§

Source§

impl<T, P: Clone, D: Clone, const WIDTH: usize, const RATE: usize, const OUT: usize> Clone for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T, P: Copy, D: Copy, const WIDTH: usize, const RATE: usize, const OUT: usize> Copy for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>

Source§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> CryptographicHasher<T, [T; OUT]> for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where T: Default + Copy, P: CryptographicPermutation<[T; WIDTH]>, D: Derangement<T>,

Source§

fn hash_iter<I>(&self, input: I) -> [T; OUT]
where I: IntoIterator<Item = T>,

Hash an iterator of input items. Read more
Source§

fn hash_iter_slices<'a, I>(&self, input: I) -> Out
where I: IntoIterator<Item = &'a [Item]>, Item: 'a,

Hash an iterator of slices, by flattening it into a single stream of items. Read more
Source§

fn hash_slice(&self, input: &[Item]) -> Out

Hash a single slice of items. Read more
Source§

fn hash_item(&self, input: Item) -> Out

Hash a single item. Read more
Source§

impl<T: Debug, P: Debug, D: Debug, const WIDTH: usize, const RATE: usize, const OUT: usize> Debug for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> Freeze for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: Freeze, D: Freeze,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> RefUnwindSafe for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: RefUnwindSafe, D: RefUnwindSafe, T: RefUnwindSafe,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> Send for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: Send, D: Send, T: Send,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> Sync for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: Sync, D: Sync, T: Sync,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> Unpin for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: Unpin, D: Unpin, T: Unpin,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> UnsafeUnpin for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: UnsafeUnpin, D: UnsafeUnpin,

§

impl<T, P, D, const WIDTH: usize, const RATE: usize, const OUT: usize> UnwindSafe for Pad10Sponge<T, P, D, WIDTH, RATE, OUT>
where P: UnwindSafe, D: UnwindSafe, T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> Dup for T
where T: Copy + Clone,

Source§

fn dup(&self) -> T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more