Show HN: Beamsplitter – Hash function that uses only S-boxes (opens in new tab)

(github.com)

18 pointsarchivist16y ago10 comments

10 comments

9 comments · 4 top-level

arkadiyt6y ago· 5 in thread

Let's ignore for a second the question of security (is it collision/pre-image resistant? Dieharder says nothing about this).

As a developer, is the fact that it only uses S-boxes supposed to be beneficial to me somehow? Does this mean it runs faster? Uses less memory? Is it an academic exercise? Why would I use this over a different hash function?

SCHiM6y ago

I'm reasonably sure it's in jest:

""" I went to random.org and generated 32 sets of 256 no-repeat numbers between 0 and 255 inclusive. """

We have someone with the practical cryptographic knowledge to design their own cryptographic code, but they grab their random numbers from a website... ;)

clarry6y ago

Also posting dieharder results as validation (and the only kind of validation!) smells like a joke.

rurban6y ago

It's not even resistant to added \0, so you can trivially create an arbitrary number of collisions.

It fails all smhasher tests and is pretty slow. There's a reason other hashes do more than just sbox mixing. It's a proof of concept of a bad hash function. But it works fine on javascript, I guess.

maxfan86y ago

It's probably an academic exercise (perhaps to demonstrate how not to make a secure hash function). It's is pretty poorly designed.

sneak6y ago

As someone who knows a bit about how hash functions work and what properties they are supposed to have when well-designed, but has no knowledge of how to invent them: would you elaborate either directly or with links? What about it is poorly designed? Why? What would make it better?

1 more reply

mmastrac6y ago

> I went to random.org and generated 32 sets of 256 no-repeat numbers between 0 and 255 inclusive.

One suggestion I'd have here would be using "nothing-up-my-sleeve" numbers like pi/e/log2 in hex. [1]

[1] https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number

xscott6y ago

Saving a Google search for those (like me) who don't know what S-boxes are: https://en.wikipedia.org/wiki/S-box

cafxx6y ago

I sincerely hope the author will urgently and clearly mark the repo as a toy/demo/do not use for anything important in the readme.

j / k navigate · click thread line to collapse