Full Domain Hash

Build Status codecov docs crates.io

A Full Domain Hash (FDH) is a useful cryptographic construction that extends the size of a hash digest to an arbitrary length. For example, SHA256 can be expanded to 1024 bits instead of the usual 256 bits.

We construct an FDH by computing a number of cycles where cycles=(target length)/(digest length) + 1. We then compute FDH(M) = HASH(M||0) || HASH(M||1) || ... || HASH(M||cycles−1), where HASH is any hash function, M is the message, || denotes concatenation, and numerical values are single-byte u8.

FDHs are usually used with an RSA signature scheme where the target length is the size of the key. See https://en.wikipedia.org/wiki/FullDomainHash

This crate makes extensive use of the digest crate's cryptograhic hash traits, so most useful methods are implemented as part of digest traits. These traits are re-exported for convenience. See https://github.com/RustCrypto/hashes for a list of compatible hashes.

Example

```rust use sha2::Sha256; use fdh::{FullDomainHash, VariableOutput, Input};

// Expand SHA256 from 256 bits to 1024 bits. let outputbits = 1024; let outputbytes = 1024 / 8; let mut hasher = FullDomainHash::::new(outputbytes)?; hasher.input(b"ATTACK AT DAWN"); let result = hasher.vecresult(); ```

no_std

This crate also supports no_std, so it can be used in embedded or other settings with no allocation.

```rust

![no_std]

use sha2::Sha256; use fdh::{FullDomainHash, Input, ExtendableOutput, XofReader};

// Expand SHA256 from 256 bits to 512 bits (and beyond!), reading it in 16 byte chunks. let mut hasher = FullDomainHash::::default(); hasher.input(b"ATTACK AT DAWN"); let mut reader = hasher.xofresult(); let mut readbuf = <[u8; 16]>::default();

// Read the first 16 bytes into readbuf reader.read(&mut readbuf);

// Read the second 16 bytes into readbuf reader.read(&mut readbuf);

// If we want, we can just keep going, reading as many bits as we want indefinitely. reader.read(&mut readbuf); reader.read(&mut readbuf); ```

Restricted Domain

This crate also supports getting a digest that is within a specific domain. It follows an algorithim like so:

fn digest_in_domain(message, iv): digest = fdh(message, iv) while not digest.in_domain(): iv++ digest = fdh(message, iv) return digest, iv

The method results_in_domain() is provided to accomplish this. The helper methods results_between(), results_lt(), results_gt() are provided for the common case where the digest must be in a certain range.

An example that produces a digest that is odd:

```rust use sha2::Sha512; use fdh::{FullDomainHash, Input, VariableOutput}; use numbigint::BigUint; use numinteger::Integer;

// Get a full domain hash that is odd let mut hasher = FullDomainHash::::new(64).unwrap(); hasher.input(b"ATTACKATDAWN");

fn digestisodd(digest: &BigUint) -> bool { digest.is_odd() } let iv = 0;

let (digest, iv) = hasher.resultsindomain(iv, digestisodd).unwrap(); ```

Moving Window Full Domain Hash

This crate also includes an experimental Moving Window Full Domain Hash (MWFDH), more information can be found here.