Reference

sha3_224(data)

Computes the SHA3-224 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a 28-tuple of UInt8s.

Examples

julia> sha3_224(fill(0xa3, 200))
(0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72, 0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d, 0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1, 0xcb, 0x7e, 0x11, 0xe0)

sha3_224(data1, ..., dataN)

Computes the SHA3-224 hashes of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The hashes are returned as an N-tuple of 28-tuples of UInt8s.

sha3_256(data)

Computes the SHA3-256 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a 32-tuple of UInt8s.

Examples

julia> sha3_256(fill(0xa3, 200))
(0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07, 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf, 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73, 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87)

sha3_256(data1, ..., dataN)

Computes the SHA3-256 hashes of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The hashes are returned as an N-tuple of 32-tuples of UInt8s.

sha3_384(data)

Computes the SHA3-384 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a 48-tuple of UInt8s.

Examples

julia> sha3_384(fill(0xa3, 200))
(0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9, 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b, 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e, 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd, 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98, 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f)

sha3_384(data1, ..., dataN)

Computes the SHA3-384 hashes of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The hashes are returned as an N-tuple of 48-tuples of UInt8s.

sha3_512(data)

Computes the SHA3-512 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a 64-tuple of UInt8s.

Examples

julia> sha3_512(fill(0xa3, 200))
(0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1, 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b, 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0, 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8, 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3, 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b, 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41, 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00)

sha3_512(data1, ..., dataN)

Computes the SHA3-512 hashes of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The hashes are returned as an N-tuple of 64-tuples of UInt8s.

sha3_224_sponge()

Returns a sponge suitable for SHA3-224 computation.

sha3_224_sponge(::Val{N})

Returns a sponge suitable for SHA3-224 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

sha3_256_sponge()

Returns a sponge suitable for SHA3-256 computation.

sha3_256_sponge(::Val{N})

Returns a sponge suitable for SHA3-256 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

sha3_384_sponge()

Returns a sponge suitable for SHA3-384 computation.

sha3_384_sponge(::Val{N})

Returns a sponge suitable for SHA3-384 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

sha3_512_sponge()

Returns a sponge suitable for SHA3-512 computation.

sha3_512_sponge(::Val{N})

Returns a sponge suitable for SHA3-512 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

shake_128(data)

Returns a SHAKE-128 sponge with data absorbed, ready to squeeze from.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). Appropriate padding is applied by shake_128.

shake_128(data, len)

Computes the SHAKE-128 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

Examples

julia> shake_128(fill(0xa3, 200), Val(20))
(0x13, 0x1a, 0xb8, 0xd2, 0xb5, 0x94, 0x94, 0x6b, 0x9c, 0x81, 0x33, 0x3f, 0x9b, 0xb6, 0xe0, 0xce, 0x75, 0xc3, 0xb9, 0x31)

shake_128(data1, ..., dataN)

Absorbs data1, ..., dataN (for N >= 2) into a new N-fold-SIMD SHAKE-128 sponge and pads it.

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The data is absorbed into a fresh (SIMD) SHAKE-128 sponge and padding is applied.

The returned sponge is ready for being squeezed.

shake_128(data1, ..., dataN, len)

Computes the SHAKE-128 hash of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation.

An N-tuple of the individual hashes of the desired length is returned. The hashes are tuples of UInt8s if len is a Val, Vector{UInt8}s otherwise.

shake_256(data)

Returns a SHAKE-256 sponge with data absorbed, ready to squeeze from.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). Appropriate padding is applied by shake_256.

shake_256(data, len)

Computes the SHAKE-256 hash of data.

The provided data must be an AbstractVector or a Tuple of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

Examples

julia> shake_256(fill(0xa3, 200), Val(20))
(0xcd, 0x8a, 0x92, 0x0e, 0xd1, 0x41, 0xaa, 0x04, 0x07, 0xa2, 0x2d, 0x59, 0x28, 0x86, 0x52, 0xe9, 0xd9, 0xf1, 0xa7, 0xee)

shake_256(data1, ..., dataN)

Absorbs data1, ..., dataN (for N >= 2) into a new N-fold-SIMD SHAKE-256 sponge and pads it.

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation. The data is absorbed into a fresh (SIMD) SHAKE-256 sponge and padding is applied.

The returned sponge is ready for being squeezed.

shake_256(data1, ..., dataN, len)

Computes the SHAKE-256 hash of data1, ..., dataN (for N >= 2).

The provided data must be AbstractVectors or Tuples of UInt8s or Strings, and they all must have the same length in bytes (using codeunits for Strings) as SIMD is used to speed up the hash computation.

An N-tuple of the individual hashes of the desired length is returned. The hashes are tuples of UInt8s if len is a Val, Vector{UInt8}s otherwise.

shake_128_sponge()

Returns a sponge suitable for SHAKE-128 computation.

shake_128_sponge(::Val{N})

Returns a sponge suitable for SHAKE-128 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

shake_256_sponge()

Returns a sponge suitable for SHAKE-256 computation.

shake_256_sponge(::Val{N})

Returns a sponge suitable for SHAKE-256 computation using N-fold SIMD, i.e. a sponge with SIMD.Vec{N} contents.

cshake_128(data, N=(), S=())

Returns a cSHAKE-128 sponge for function-name N and customization S with data absorbed, ready to squeeze from.

The provided data, N, and S must be AbstractVectors or a Tuples of UInt8s, or a String (which is converted to bytes by codeunits). Appropriate padding is applied by cshake_128.

cshake_128(data, len, N=(), S=())

Computes the cSHAKE-128 hash of data for function-name N and customization S.

The provided data, N, and S must be AbstractVectors or a Tuples of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

cshake_256(data, N=(), S=())

Returns a cSHAKE-256 sponge for function-name N and customization S with data absorbed, ready to squeeze from.

The provided data, N, and S must be AbstractVectors or a Tuples of UInt8s, or a String (which is converted to bytes by codeunits). Appropriate padding is applied by cshake_256.

cshake_256(data, len, N=(), S=())

Computes the cSHAKE-256 hash of data for function-name N and customization S.

The provided data, N, and S must be AbstractVectors or a Tuples of UInt8s, or a String (which is converted to bytes by codeunits). The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

cshake_128_sponge(N=(), S=())

Returns a sponge suitable for cSHAKE-128 computation for function-name N and customization S. Both N and S can be Tuples or AbstractVectors of UInt8, or String (of which their codeunits are used) and default to (), i.e. the empty string.

cshake_256_sponge(N=(), S=())

Returns a sponge suitable for cSHAKE-256 computation for function-name N and customization S. Both N and S can be Tuples or AbstractVectors of UInt8, or String (of which their codeunits are used) and default to (), i.e. the empty string.

kmac_128(K, data, len, S=())

Computes the Kᴇᴄᴄᴀᴋ Message Authentication Code (KMAC128) of data using key K, output length len (in bytes) and (optional) customization string S.

If len is provided as a Val, the KMAC is returned as a Tuple, otherwise as a Vector.

kmac_256(K, data, len, S=())

Computes the Kᴇᴄᴄᴀᴋ Message Authentication Code (KMAC256) of data using key K, output length len (in bytes) and (optional) customization string S.

If len is provided as a Val, the KMAC is returned as a Tuple, otherwise as a Vector.

kmac_xof_128(K, data, S=())

Creates a sponge for the extensible output Kᴇᴄᴄᴀᴋ Message Authentication Code (KMACXOF128) of data using key K and (optional) customization string S.

The sponge is ready to squeeze output of the desired length from.

kmac_xof_128(K, data, len, S=())

Computes the extensible output Kᴇᴄᴄᴀᴋ Message Authentication Code (KMACXOF128) of data using key K, output length len (in bytes) and (optional) customization string S.

If len is provided as a Val, the KMAC is returned as a Tuple, otherwise as a Vector. Contrary to kmac_128, the output length is not included in the hash, so the result for a smaller len is the prefix of the result for a larger len.

kmac_xof_256(K, data, S=())

Creates a sponge for the extensible output Kᴇᴄᴄᴀᴋ Message Authentication Code (KMACXOF256) of data using key K and (optional) customization string S.

The sponge is ready to squeeze output of the desired length from.

kmac_xof_256(K, data, len, S=())

Computes the extensible output Kᴇᴄᴄᴀᴋ Message Authentication Code (KMACXOF256) of data using key K, output length len (in bytes) and (optional) customization string S.

If len is provided as a Val, the KMAC is returned as a Tuple, otherwise as a Vector. Contrary to kmac_256, the output length is not included in the hash, so the result for a smaller len is the prefix of the result for a larger len.

kmac_128_sponge(K, len=0, S=())

Creates a sponge for computing the Kᴇᴄᴄᴀᴋ Message Authentication Code (KMAC128) using key K and (optional) customization string S. The length len (in bytes) is absorbed into the sponge, so the output depends on it, though it does not prescribe the amount of data to squeeze. However, to compute a standard-conforming KAMC128, the lengths must match, or len must be set to zero to indicate an arbitrary output length KMACXOF128.

kmac_256_sponge(K, len=0, S=())

Creates a sponge for computing the Kᴇᴄᴄᴀᴋ Message Authentication Code (KMAC256) using key K and (optional) customization string S. The length len (in bytes) is absorbed into the sponge, so the output depends on it, though it does not prescribe the amount of data to squeeze. However, to compute a standard-conforming KAMC256, the lengths must match, or len must be set to zero to indicate an arbitrary output length KMACXOF256.

tuplehash_128(data, len, S=())

Computes the TupleHash128 of length len from data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

Example

julia> tuplehash_128(["abcd", "ef"], Val(16))
(0x9c, 0x68, 0x5d, 0x62, 0x70, 0xab, 0x35, 0x59, 0xcb, 0x34, 0x60, 0x07, 0x8b, 0xb2, 0x30, 0x2b)

julia> tuplehash_128(["abc", "def"], Val(16)) # different partitioning of same data -> different hash
(0xe9, 0xee, 0x78, 0x85, 0x9a, 0x46, 0x37, 0x69, 0xc3, 0xaa, 0x05, 0xcb, 0x3c, 0x41, 0x81, 0xa3)

julia> tuplehash_128(["abc", "def"], Val(12)) # different output length -> different hash
(0x20, 0x7e, 0x63, 0xbb, 0x5c, 0xae, 0xb1, 0x5e, 0x6e, 0xd9, 0x67, 0xf8)

tuplehash_256(data, len, S=())

Computes the TupleHash256 of length len from data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

Example

julia> tuplehash_256(["abcd", "ef"], Val(16))
(0xbd, 0x47, 0x29, 0xaa, 0x8b, 0x85, 0x0d, 0x9d, 0xf9, 0x1f, 0x7d, 0xf3, 0x05, 0x95, 0xad, 0x67)

julia> tuplehash_256(["abc", "def"], Val(16)) # different partitioning of same data -> different hash
(0x6c, 0x9d, 0xe6, 0x73, 0x81, 0x5a, 0xf6, 0x06, 0xf6, 0xee, 0x8f, 0x92, 0x15, 0x6d, 0x35, 0x9a)

julia> tuplehash_256(["abc", "def"], Val(12)) # different output length -> different hash
(0x0b, 0x9e, 0x3c, 0x8c, 0x3b, 0x40, 0x06, 0x93, 0xd6, 0x5f, 0xda, 0xd7)

tuplehash_xof_128(data, S=())

Creates a sponge for the arbitrary-length output TupleHash128 for data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The returned sponge is ready to squeeze output of the desired length from.

tuplehash_xof_128(data, len, S=())

Computes the arbitrary-length output TupleHash128 of length len from data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

The difference to tuplehash_128 is that the len is not itself hashed.

Example

julia> tuplehash_xof_128(["abc", "def"], Val(16))
(0xf0, 0xde, 0xf4, 0x88, 0x9a, 0xed, 0x8e, 0x8f, 0x77, 0xc0, 0xef, 0xf1, 0x60, 0xa3, 0x80, 0x54)

julia> tuplehash_xof_128(["abc", "def"], Val(12)) # prefix of the above
(0xf0, 0xde, 0xf4, 0x88, 0x9a, 0xed, 0x8e, 0x8f, 0x77, 0xc0, 0xef, 0xf1)

tuplehash_xof_256(data, S=())

Creates a sponge for the arbitrary-length output TupleHash256 for data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The returned sponge is ready to squeeze output of the desired length from.

tuplehash_xof_256(data, len, S=())

Computes the arbitrary-length output TupleHash256 of length len from data and the optional customization string S.

The data can be any iterable object that produces Tuples or AbstractVectors of UInt8s or Strings. (I.e. contrary to what the name suggests, data being a Tuple is just one option).

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

The difference to tuplehash_256 is that the len is not itself hashed.

Example

julia> tuplehash_xof_256(["abc", "def"], Val(16))
(0xc0, 0xaf, 0xa4, 0xf2, 0xfa, 0x02, 0x28, 0x60, 0xa9, 0x57, 0x6d, 0x99, 0x43, 0x78, 0xae, 0x86)

julia> tuplehash_xof_256(["abc", "def"], Val(12)) # prefix of the above
(0xc0, 0xaf, 0xa4, 0xf2, 0xfa, 0x02, 0x28, 0x60, 0xa9, 0x57, 0x6d, 0x99)

parallelhash_128(data, blocksize, len, S=(); threaded=true)

Computes the ParallelHash128 of length len with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

parallelhash_256(data, blocksize, len, S=(); threaded=true)

Computes the ParallelHash256 of length len with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

parallelhash_xof_128(data, blocksize, S=(); threaded=true)

Creates a sponge for the arbitrary-length output ParallelHashXOF128 with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The returned sponge is ready to squeeze output of the desired length from.

parallelhash_xof_128(data, blocksize, len, S=(); threaded=true)

Computes the arbitrary-length output ParallelHashXOF128 of length len with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

The difference to parallelhash_128 is that the len is not itself hashed.

parallelhash_xof_256(data, blocksize, S=(); threaded=true)

Creates a sponge for the arbitrary-length output ParallelHashXOF256 with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The returned sponge is ready to squeeze output of the desired length from.

parallelhash_xof_256(data, blocksize, len, S=(); threaded=true)

Computes the arbitrary-length output ParallelHashXOF256 of length len with block size blocksize from data and the optional customization string S.

The data can be a AbstractVector of UInt8s or aString. (Contrary to the other hashing functions, Tuples are not supported). It is processed in chunks of size blocksize, using SIMD and (unless disabled by passing threaded=false) multi-threading to parallelize the computation. Note that changing blocksize not only affects performance, but also the result, so it is not purely an optimization.

The hash is returned as a tuple of UInt8s if len is a Val, as a Vector{UInt8} otherwise.

The difference to parallelhash_256 is that the len is not itself hashed.

absorb(sponge::Sponge, data::AbsorbableData)

Absorbs the provided data into the sponge and returns the updated sponge.

The provided data does not have to have a length that is a multiple of the sponge rate. However, before the first squeeze, appropriate padding should be performed.

If the sponge holds SIMD.Vecs, the same data is used for every data path.

absorb(sponge::Sponge, data1, ..., dataN)

Absorbs the provided data into the SIMD sponge and returns the updated sponge.

The sponge has to hold SIMD.Vec{N}s, matching the number of provided data parameters, and their lengths must be equal, i.e. length(data1) == ... == length(dataN) has to hold.

The provided data does not have to have a length that is a multiple of the sponge rate. However, before the first squeeze, appropriate padding should be performed.

pad(sponge)

Applies padding to sponge and returns the updated sponge.

Must be called after the last call to absorb and before the first call to squeeze.

sponge′, data = squeeze(sponge, len)

Squeezes len bytes from the sponge and returns the updated sponge and the obtained data.

If len is a Val, the data is returned as a tuple, otherwise as a Vector{UInt8}.

If the sponge holds SIMD.Vec{N}s, the returned data is an N-tuple of the data squeezed form the respective data paths.

keccak_p(state, ::Val{nrounds})

The Kᴇᴄᴄᴀᴋ-p permutation function as defined in FIPS-202, with the number of rounds given by nrounds. The input state as well as the returned updated state are 25-tuples of unsigned integers of type T. Their LSB-first serialization corresponds to the bitstrings S and S′ in FIPS-202; its length b is determined by the type T. E.g. for T==UInt64, one obtains the commonly used b = 25 ⋅ 64 = 1600.

For example, for b=800 (hence T==UInt32), S=1000...000 corresponds to state == (0x00000001, (0x00000000 for _ in 2:25)...).

Alternatively, the state can contain SIMD.Vecs of unsigned integers to perform a parallel transformation of multiple state instances. E.g, for state::NTuple{25,SIMD.Vec{4,UInt64}}, it holds that

julia> SIMD.Vec.((keccak_p(map(s -> s[n], state)) for n in 1:4)...) == keccak_p(state)
true

KeccakP{nrounds}

Convenience wrapper for keccak_p with nrounds fixed.

This allows replacing constructions like state -> keccak_p(state, Val(nrounds)) with KeccakP{nrounds}():

julia> const f1 = KeccakP{23}()
KeccakP{23}()

julia> const f2 = state -> keccak_p(state, Val(23))
#2 (generic function with 1 method)

julia> f1(state) == f2(state) == keccak_p(state, Val(23)) # for suitable state
true

KeccakPad

A padding function performing the Kᴇᴄᴄᴀᴋ pad10*1 padding with optional suffix bits inserted first for domain separation. These suffix bits are specified by providing a byte that includes the first 1 bit of the padding.

E.g. for SHA3, the domain separation suffix is 01, so the padding appends 011000...0001. Noting the LSB-first convention, the first byte of the padding thus has to be 0b00000110 == 0x06, and the corresponding padding function would be instantiated with KeccakPad(0x06).

KeccakSponge{R,T,nrounds}

A Sponge specialization for Kᴇᴄᴄᴀᴋ:

• The permutation function is KeccakP{nrounds}.
• The sponge contents are a 25-tuple of T, which must be an unsigned integer or a SIMD.Vec thereof.
• The rate in bits is given by 8*sizeof(T)*R (or 8*sizeof(eltype(T))*R) if T<:SIMD.Vec).