PetoronHash2 (PH2) C++20

Overview

PetoronHash2 (PH2) is a standalone ARX-based sponge construction that
combines:

• A 4096-bit internal permutation core
• A sponge/duplex architecture with explicit capacity separation
• An extendable-output function (XOF)
• Memory-hard (HARD) and burn (BURN) modes
• A structured tagged absorb scheme
• A parameterized architecture suitable for hashing, KDF, and
  stress-oriented derivation

PH2 is designed as a wide-state cryptographic primitive with explicit
domain separation and configurable output length.

Core Architecture

State Structure

• State size: 4096 bits (512 bytes)
• Capacity: 1024 bits (128 bytes)
• Rate: 3072 bits (384 bytes)

The construction follows a sponge/duplex model where the state is split
into:

• Rate portion (absorbing/squeezing)
• Capacity portion (not directly exposed)

This separation ensures that only part of the internal state is used for
I/O, while the remaining portion acts as hidden entropy capacity.

Permutation Core

PH2 implements its own wide ARX permutation:

• 64 × 64-bit words
• Add--Rotate--XOR (ARX) mixing
• Multiple rounds with round constants
• No external hash primitive dependency

The permutation operates over the full 4096-bit state and is invoked
during absorb and squeeze phases.

Tagged Absorb & Domain Separation

PH2 uses structured domain tagging to prevent cross-mode collisions. The
following absorb tags are used internally:

• INIT
• CTX
• MSG
• SALT
• KEY
• PARAM
• FINAL

This ensures strict separation between contexts such as hashing, key
derivation, and parameter injection.

Modes of Operation

FAST Mode

High-throughput hashing/XOF mode.

Recommended for: - File hashing - Large data streaming - General-purpose
hashing

HARD Mode

Memory-hard construction with configurable memory and passes.

Recommended for: - Password hashing - Key derivation (KDF) - Brute-force
resistance

Supports constant-time memory indexing via --ct.

BURN Mode

Extended time-hard + memory-hard mode.

Recommended for: - Deliberately slow derivation - Stress-resistant
derivation - High-cost computation scenarios

Features

• Wide 4096-bit internal state
• Explicit 1024-bit capacity
• XOF (arbitrary-length output)
• Memory-hard derivation layer
• Burn/time-hard mode
• Deterministic KAT validation
• Selftest binary
• Benchmark suite
• CMake-based build system

Build Instructions

cmake -S . -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build

Testing

ctest --test-dir build --output-on-failure
./build/cli/ph2selftest

Tests include:

• Known Answer Tests (KAT)
• Framing validation
• Memory-hard validation

Benchmark Examples

cd ~/PetoronHash2

./build/bench/ph2_bench fast
./build/bench/ph2_bench fast 64 30 512
./build/bench/ph2_bench fast 256 10 1024

./build/bench/ph2_bench hard $((128*1024*1024)) 4 512
./build/bench/ph2_bench hard $((128*1024*1024)) 4 512 --ct

./build/bench/ph2_bench burn $((128*1024*1024)) 4 $((1<<20)) 512
./build/bench/ph2_bench burn $((128*1024*1024)) 4 $((1<<20)) 512 --ct

Example Benchmark Results (MacBook Air M1)

PH2 BENCH fast: msg=256 MiB iters=10 out_bits=512
  avg:  281.623 ms  (909.0 MiB/s)
  best: 280.280 ms  (913.4 MiB/s)
  digest(16B): 7b0eed7619f19321cbc6abbea9aaaace

PH2 BENCH fast: msg=64 MiB iters=30 out_bits=512
  avg:  72.256 ms  (885.7 MiB/s)
  best: 70.097 ms  (913.0 MiB/s)
  digest(16B): d6d8d618f9136cb159041490aa817e52

PH2 BENCH hard: m_bytes=134217728 t_passes=4 out_bits=512 ct=0
  time: 1.871 s
  digest(16B): 28dc8f510ea7fcac20b79ea46300ae87

PH2 BENCH burn: m_bytes=134217728 t_passes=4 s_steps=1048576 out_bits=512 ct=0
  time: 4.798 s
  digest(16B): 4ad20f3c70697a5878d72da932ad24e4

Intended Use Guidance

• Use FAST for hashing large files and general-purpose XOF use.
• Use HARD or BURN for password hashing and key derivation.
• Use --ct when constant-time memory access is required.

Petoron | Ivan Alekseev | MIT license