If you’ve been following the development of IOTA, and other cryptocurrencies, then you’ve probably heard the term “cryptographic sponge function“, or simply sponge function?
You didn’t? Then surely you’ve heard about hash functions, right? Hashing functions are one kind of sponge function!
What exactly do hashing functions do? And why are they called sponge functions?
In this article I’ll attempt to give you a very simple explanation of how sponge functions work and what they accomplish, without getting too much into mathematics and cryptospeak.
I only scratch the surface of the math notions needed to understand how sponge functions work.
If you’re an investor or crypto enthusiast with no time to get into too much detail about sponge functions, or maybe even a cryptography newbie just getting started coding cryptocurrencies, then this article is for you!
Else, if you are more experienced and already know the basics, then you may want to skip this article and proceed with the more formal explanation found on Wikipedia and more specific textbooks.
Sponge Functions in a Nutshell
As the name implies, a sponge function is a computer routine that soaks up input much like a sponge does.
No matter how much data you push into it, it’ll soak it up and every so often it’ll get squeezed into an output bin, allowing it to absorb more input with each cycle.
This kind of function would not be very useful unless it did something with the data it soaked in, of course.
That’s where the cryptographic fun begins!
After the data is read, it is padded to make it a multiple of a standard size.
For example, suppose you have read 35 bytes of data from the network.
A padding function will add a bunch of zeroes to the end of these 35 bytes until it is a multiple of some numeric base, for example a power of 2 like 64, 128 or 256 characters. (When you use a power of 2 you get a nice little box with the same number of rows and columns.)
This box is then passed through a cryptographic function that will spit out something which is impossible to reverse back into what was originally input. This is the beauty of one-way math functions: you can easily go forward if you have the right information, but it should be impossible to reverse it and obtain the original input data based on what has been squeezed out of the sponge!
Important Hash Function Properties
It is important that a sponge function:
- Does not reveal the source data that is input into it, based on the output.
- Does not produce the same output for two different pieces of data. That is, it does not produce collisions (this is very, very difficult).
- Offer just the right amount of difficulty and efficiency to properly regulate the rate of blocks mined or minted.
The first two prerequisites are essential for any cryptographic application, where the last one is specific to proof-of-work and proof-of-stake applications. Without the first two requirements, it is impossible to implement a cryptocurrency.
Case Study: IOTA Collisions
For example, a problem was detected on the original IOTA in mid-2017 where MIT researchers found a way to deliberately produce duplicate transactions from different data. This meant that they could craft transactions that seemed to have been signed by a valid secret key when it was not. It was therefore possible to spend other people’s MIOTA! Gladly, this was solved in a very classy way between the security researchers and IOTA.
The last requirement is necessary to guarantee a constant rate of currency inflation. With every block that is mined, a new amount of cryptocurrency will enter the market. This amount must be regulated to a fixed rate so that eventually increasing mining power does not flood the market with currency.
The way Bitcoin accomplishes this is through a concept called “network difficulty” where the challenge presented to miners becomes more and more difficult based on how much mining power is competing for the next block. If the sponge function’s computation and memory costs were not regulated, it would be impossible to throttle the production of blocks into a fixed rate per day.
Fixed Output Size Sponge Functions
The function used in Bitcoin is called SHA256 and, as the name suggests, produces an output consisting of 256 bits. This is a special kind of sponge function that has an important property where, no matter how much data is pushed into it, it always outputs 256 bits.
If these bits were encoded using regular English alphabet letters (8 bits each in the most basic encoding) the 256 bits represent roughly 32 letters or numbers. In the Bitcoin system, after the SHA256 function outputs 256 bits, they are later encoded in a special manner that produces less than 32 numbers and letters.
Hopefully you can now understand sponge functions and how crucial they are to cryptocurrency implementations!
Sponge functions and hashing functions in general are a very active field of cryptographic research.
The explosion of cryptocurrencies has also become a major motivation for further research in this area.
Since the popularization of Bitcoin, many new developments have been made, including competitions focused on finding the best performing and most secure sponge functions.
- Sponge function at Wikipedia
- SHA-256 on the Bitcoin Wiki
- Password Hashing Competition
- Key derivation function
Illustration Credit: Sponge Function by CC via Wikipedia