DEV Community

Zuxciel
Zuxciel

Posted on

QLASH: The New Hashing Revolution?

#qlash #quantumsimulation #programming #news

Introducing QLASH-GO: A Quantum-Lattice Hashing Experiment in Go (Help Us Fix It!)

Hey Dev.to community! 👋 I'm thrilled to introduce QLASH-GO (Quantum-Lattice Advanced Secure Hashing in Go), an experimental hashing algorithm that's about to hit https://github.com/Zuxciel/QLASH-GO. The repo is still warming up (no commits yet, but stay tuned!), but I've got a working prototype and some real-world output to share. Before we dive in, a critical disclaimer: QLASH-GO is a classical simulation of quantum-inspired lattice cryptography, not a true quantum algorithm. It's riddled with potential bugs, performance issues, and unaudited security claims. That’s where you come in—let's make it better together!

In this article, I'll walk you through QLASH-GO's design, showcase its performance (based on a recent test), expose its limitations, and invite you to contribute to fixing and enhancing this open-source project.

What is QLASH-GO?

QLASH-GO is a proof-of-concept hashing algorithm written in Go, blending lattice-based cryptography (for potential quantum resistance), chaotic transformations, and Fast Fourier Transforms (FFT) for efficient mixing. It aims to be a flexible, high-security hash function for applications like password hashing or blockchain integrity checks, with configurable output sizes (128–2048 bits), multi-threading, and a deterministic mode for reproducibility.

Key features:

  • Lattice-Based Crypto: Matrix-vector operations modulo a prime (e.g., 7681) for quantum-inspired security.
  • Chaotic Maps: Logistic maps (x = 3.99 * x * (1.0 - x)) for non-linear transformations.
  • FFT Acceleration: Speeds up mixing for large inputs (up to 1MB blocks).
  • Dynamic S-Boxes: Input-dependent substitution boxes per round.
  • Deterministic Mode: Ensures consistent hashes across runs.
  • Benchmarking: Detailed performance metrics (e.g., throughput, time breakdowns).

Critical Note: QLASH-GO is not a quantum algorithm. It simulates lattice-based cryptography on classical hardware, and its quantum resistance is theoretical. It’s a research project, not production-ready, and needs significant work to address bugs and security gaps.

Real-World Performance: A Case Study

I recently ran QLASH-GO on a 1.973 MB file (testing.txt) with the following command:

go run main.go -file testing.txt -size 256 -deterministic -bench
Enter fullscreen mode Exit fullscreen mode

Here’s the output:

Input: file: testing.txt
Results:
--------
Algorithm: QLASH v1.0.0
Output size: 256 bits (32 bytes)
Mode: Deterministic
Hash: c92cabb056fc8466eaf5191cd032ce5a669742e26f6cfd3fc4368cb3fec18e5d
Hash length: 64 characters
Threads used: 4

Performance: 0.09 MB/s
Total time: 22215.348 ms

===== QLASH Benchmark Summary =====
Total time: 22215.348 ms
Bytes processed: 2068919 bytes (1.973 MB)
Files processed: 1
Throughput: 0.09 MB/s
Mode: Deterministic (consistent across all thread counts)

--- Time breakdown ---
Preprocessing: 15864.900 µs (0.1%)
Lattice operations: 20866262.500 µs (93.9%)
Avalanche transform: 955624.000 µs (4.3%)
S-box operations: 13695.300 µs (0.1%)
Final squeeze: 186294.700 µs (0.8%)
Overhead: 177606.800 µs (0.8%)
Total accounted time: 99.2%
=================================
Enter fullscreen mode Exit fullscreen mode

This output highlights both the potential and the problems of QLASH-GO. The throughput of 0.09 MB/s is significantly slower than modern hash functions like SHA-256 (~100–500 MB/s on similar hardware). The 93.9% of time spent on lattice operations suggests a major bottleneck, which we’ll dissect below.

Strengths of QLASH-GO

  • Innovative Approach: Combines lattice crypto, chaotic maps, and FFT for a unique hashing mechanism.
  • Flexible Configuration: Supports output sizes (e.g., 256 bits in the test), deterministic mode, and 1–64 threads.
  • Detailed Benchmarking: Breaks down time spent on preprocessing (0.1%), lattice ops (93.9%), avalanche transforms (4.3%), S-boxes (0.1%), and squeezing (0.8%).
  • Deterministic Mode: Ensures consistent outputs, as seen in the test (c92cabb056fc...), critical for reproducibility.
  • Open-Source Potential: Written in Go with minimal dependencies (e.g., Gonum BLAS), making it portable.

Critical Shortcomings and Limitations

QLASH-GO is far from perfect. Here are its major flaws, informed by the output and codebase:

  1. Poor Performance:

    • The test shows a throughput of 0.09 MB/s for a 1.973 MB file, taking 22.2 seconds. This is orders of magnitude slower than SHA-3 or BLAKE3.
    • Lattice Operations (93.9%): The lattice.go functions (bytesToLatticeVectors, processVectorsParallelFixed) dominate runtime, likely due to inefficient matrix-vector multiplications or excessive BLAS overhead. The use of gonum.org/v1/gonum/blas may not be optimized for this use case.
    • Small Input Overhead: Even for preprocessing and S-box operations, the overhead is noticeable for smaller inputs, as seen in the low percentage (0.1%) but non-trivial absolute time (15.9 ms for preprocessing).

  2. Unaudited Security:

    • No Cryptanalysis: The claimed 128–256-bit security (estimateSecurityLevel in utils.go) is speculative. Collision, preimage, and second-preimage resistance haven’t been tested.
    • Lattice Weaknesses: The lattice operations (e.g., processVectorsParallelFixed) rely on a prime modulus (e.g., 7681), but the choice of parameters (dimension 8–16, rounds 10–20) may be vulnerable to lattice reduction attacks.
    • Side-Channel Risks: Non-constant-time operations in S-box lookups (sbox.go) and lattice math could leak timing information.

  3. Simulation, Not Quantum:

    • QLASH-GO is not a quantum algorithm. It uses classical lattice operations to mimic quantum-resistant properties, but its resistance to quantum attacks (e.g., Grover’s or Shor’s algorithms) is unproven.
    • The term "quantum" in the name is misleading; it’s a marketing hook, not a technical reality.

  4. Potential Bugs:

    • FFT Stability: The FFT mixing (fft.go) uses floating-point arithmetic, which may cause numerical instability for certain inputs, leading to inconsistent hashes.
    • Parallelism Issues: Despite deterministic mode, processVectorsParallelFixed in lattice.go could produce non-deterministic results in non-deterministic mode due to thread scheduling or race conditions.
    • Memory Management: The sync.Pool usage for vectors and matrices (lattice.go) may leak memory for large inputs or cause fragmentation.
    • Edge Cases: Empty inputs, maximum output sizes (2048 bits), or extreme lattice dimensions (16) are untested and may crash or produce incorrect results.

  5. Over-Reliance on Dependencies:

    • The Gonum BLAS dependency for lattice operations adds complexity and potential performance variability across platforms (e.g., Windows vs. Linux).
    • No fallback for systems without BLAS optimization.

  6. Documentation Gaps:

    • Functions like applySqueezeRoundTransform and evolveWorkingState (transforms.go) lack detailed comments, making it hard to understand their cryptographic purpose.
    • No comprehensive test suite exists to validate correctness or catch regressions.

  7. Scalability Issues:

    • The test used 4 threads, but the codebase caps at 64 threads (qlash.go). For large inputs, thread overhead could negate parallelism benefits.
    • Deterministic mode forces single-threading for inputs < 16KB, limiting performance on small files.

Important Notes for Potential Users

  • Research Only: QLASH-GO is not production-ready. Its slow performance (0.09 MB/s) and lack of security auditing make it unsuitable for real-world use (e.g., password hashing, blockchain).
  • Bug Reporting: If you encounter crashes, inconsistent hashes, or performance issues, please report them once the repo is live.
  • Deterministic Mode: The test used -deterministic, ensuring consistent outputs, but non-deterministic mode may vary across runs due to threading or floating-point differences.

This produced the 256-bit hash: c92cabb056fc8466eaf5191cd032ce5a669742e26f6cfd3fc4368cb3fec18e5d.

Call for Contributions

QLASH-GO is a rough diamond—full of potential but riddled with flaws. We need your expertise to polish it! Once the repo goes live at https://github.com/Zuxciel/QLASH-GO, here’s how you can help:

  1. Fix Performance Bottlenecks:

    • Optimize lattice operations (lattice.go), which consume 93.9% of runtime. Explore alternatives to Gonum BLAS or SIMD optimizations.
    • Reduce preprocessing overhead (15.9 ms for 1.973 MB) for small inputs.
    • Improve FFT efficiency (fft.go) to boost throughput beyond 0.09 MB/s.

  2. Strengthen Security:

    • Conduct cryptanalysis to validate collision and preimage resistance.
    • Harden S-box generation (sbox.go) against side-channel attacks with constant-time operations.
    • Evaluate lattice parameters (modulus, dimension) for quantum resistance.

  3. Squash Bugs:

    • Test edge cases (empty inputs, max output sizes, large files) to identify crashes or inconsistencies.
    • Debug FFT numerical stability and ensure deterministic outputs in all modes.
    • Fix potential memory leaks in sync.Pool usage (lattice.go).

  4. Enhance Testing:

    • Write unit tests for fftMix, chaoticTransform, squeeze, etc.
    • Add fuzzing to catch edge-case bugs.
    • Benchmark against SHA-256, SHA-3, or BLAKE3 to quantify performance gaps.

  5. Improve Documentation:

    • Add detailed comments to transforms.go and other complex functions.
    • Create a README with setup instructions, examples, and security warnings.
    • Document performance trade-offs (e.g., deterministic vs. non-deterministic modes).

  6. Propose Features:

    • Add keyed hashing (e.g., HMAC support).
    • Implement platform-specific optimizations (e.g., ARM64 NEON for lattice ops).
    • Explore hybrid modes combining FFT and non-FFT paths for better small-input performance.

How to Contribute:

  • Star and watch the GitHub repo for updates.
  • Fork it and submit pull requests with fixes or enhancements.
  • Open issues for bugs, performance ideas, or cryptanalysis suggestions.
  • Join the discussion on GitHub or Dev.to to share your insights.

What's Next?

The QLASH-GO codebase will soon land on GitHub with tests and examples. The recent test (0.09 MB/s for 1.973 MB) shows it’s not ready for prime time, but with community effort, we can make it faster, safer, and more reliable. Whether you’re a Go developer, crypto enthusiast, or just curious about quantum-inspired algorithms, QLASH-GO is a playground for innovation.

What do you think? Ready to dive in and fix those lattice bottlenecks? Got ideas for stronger chaotic maps or better parallelism? Drop a comment below, and let’s build the future of hashing together! 🚀

Follow me on Dev.to for updates on QLASH. Let’s make this experiment shine!

Top comments (0)