DEV Community

Cover image for Enhanced Diffusion Through Key-Selected Hashing
Muhammed Shafin P
Muhammed Shafin P

Posted on

Enhanced Diffusion Through Key-Selected Hashing

#hejhdiss #diffusion #cryptography

Parent Article:https://dev.to/hejhdiss/a-metaclass-architecture-for-encryption-keys-as-algorithm-generators-145o

An Extension to the Metaclass Encryption Architecture

By Muhammed Shafin P

Full Diffusion Through Dynamic Hash Selection

To achieve complete diffusion in the metaclass encryption architecture, the system can implement key-driven hash algorithm selection. This means the key itself determines which hashing algorithm is used for parameter derivation - adding another layer to the infinite algorithm space.

Hash Algorithm Selection

The key can choose from multiple cryptographic hash functions:

Primary Candidates:

  • BLAKE2s - Optimized for 8- to 32-bit platforms
  • BLAKE2b - Optimized for 64-bit platforms
  • SHA-256 - 256-bit output, widely trusted
  • SHA-384 - 384-bit output, higher security margin
  • SHA-512 - 512-bit output, maximum standard security
  • SHA-224 - 224-bit output, compact alternative

How It Works

Key Processing:

Step 1: Extract first few bits from key
Step 2: These bits determine which hash algorithm to use
Step 3: Selected hash algorithm processes the remaining key
Step 4: Hash output generates all encryption parameters
Enter fullscreen mode Exit fullscreen mode

Example Flow:

Key: "mySecretKey123xyz"
First 3 bits: 101 → Selects SHA-512
SHA-512("mySecretKey123xyz") → Generates modulus, exponent, maps
Enter fullscreen mode Exit fullscreen mode

Different keys selecting different hash algorithms create fundamentally different parameter spaces, even for similar input keys.

Advantages for Diffusion

Complete Avalanche Effect:

  • Changing one bit in the key can change the hash algorithm itself
  • Different hash algorithms produce completely different outputs
  • Small key changes create maximum parameter variation

Algorithm Diversity:

  • Two similar keys might use different hash functions
  • SHA-256 vs BLAKE2b produces entirely different parameter sets
  • Adds another multiplicative layer to the infinite algorithm space

Cryptographic Strength:

  • All candidate algorithms are cryptographically secure
  • Using established hash functions ensures strong diffusion properties
  • No custom hash implementations needed

Performance Flexibility:

  • BLAKE2s for resource-constrained environments
  • BLAKE2b for high-performance 64-bit systems
  • SHA variants for compatibility and standardization

Integration with Metaclass Architecture

This hash selection integrates seamlessly with the existing framework:

Before:

Key → SHA-256 → Parameters → Algorithm
Enter fullscreen mode Exit fullscreen mode

With Hash Selection:

Key → [Key selects hash] → Selected Hash → Parameters → Algorithm
Enter fullscreen mode Exit fullscreen mode

Now the key controls:

  1. Which hash algorithm processes it
  2. Which map generation method to use
  3. Which representation strategy to apply
  4. Which modulus patterns to follow
  5. Which transformation rules to implement

Each layer multiplies the possibilities: ∞₁ × ∞₂ × ∞₃ × ∞₄ × ∞₅...

Implementation Considerations

Hash Selection Methods:

Method 1 - Direct Bit Mapping:

First 3 bits of key:
000 → SHA-224
001 → SHA-256
010 → SHA-384
011 → SHA-512
100 → BLAKE2s
101 → BLAKE2b
110 → SHA-256 (fallback)
111 → SHA-512 (fallback)
Enter fullscreen mode Exit fullscreen mode

Method 2 - Derived Selection:

Sum of first N bytes mod 6:
0 → SHA-224
1 → SHA-256
2 → SHA-384
3 → SHA-512
4 → BLAKE2s
5 → BLAKE2b
Enter fullscreen mode Exit fullscreen mode

Method 3 - Key-Length Based:

Key length ranges determine hash:
128-256 bits → BLAKE2s
257-512 bits → SHA-256
513-1024 bits → SHA-384
1025+ bits → SHA-512 or BLAKE2b
Enter fullscreen mode Exit fullscreen mode

Security Implications

For Attackers:

  • Must guess the key
  • Must determine which hash algorithm was used
  • Must reverse the hash-generated parameters
  • Must identify the generated encryption algorithm
  • Must decrypt the actual ciphertext

Each step has infinite possibilities, and they multiply.

For Legitimate Users:

  • Key deterministically selects the same hash
  • Hash deterministically generates parameters
  • Decryption follows the same path
  • No additional secrets needed beyond the key

Performance Optimization

Different hash algorithms have different performance characteristics:

Speed Comparison (approximate, platform-dependent):

  • BLAKE2b: ~3.3 GB/s (fastest on 64-bit)
  • BLAKE2s: ~2.5 GB/s (fastest on 32-bit)
  • SHA-256: ~500 MB/s
  • SHA-512: ~650 MB/s (faster than SHA-256 on 64-bit)
  • SHA-384: ~650 MB/s (same as SHA-512)
  • SHA-224: ~500 MB/s (same as SHA-256)

Keys can naturally select faster algorithms when performance matters, or slower ones when maximum compatibility is needed.

Example: Full Parameter Derivation 

def derive_parameters(key):
    # Step 1: Key selects hash algorithm
    hash_selector = key[0] % 6
    hash_algorithms = [
        hashlib.sha224,
        hashlib.sha256,
        hashlib.sha384,
        hashlib.sha512,
        hashlib.blake2s,
        hashlib.blake2b
    ]
    selected_hash = hash_algorithms[hash_selector]

    # Step 2: Hash the key
    key_hash = selected_hash(key.encode()).digest()

    # Step 3: Derive all parameters from hash
    modulus = int.from_bytes(key_hash[:8], 'big') % (10**12)
    exponent = int.from_bytes(key_hash[8:10], 'big') % 7 + 3
    map_seed = int.from_bytes(key_hash[10:], 'big')

    return modulus, exponent, map_seed, selected_hash.__name__
Enter fullscreen mode Exit fullscreen mode

Why This Enhances Security

Traditional Approach:

  • Fixed hash algorithm (usually SHA-256)
  • Attacker knows the hash function
  • Only needs to guess the key

This Approach:

  • Variable hash algorithm selected by key
  • Attacker must guess both key and hash function
  • Six possible hash functions per key attempt
  • Multiplies brute-force difficulty by 6× minimum

Combined with Metaclass Architecture:

  • Infinite key possibilities
  • Six hash algorithm possibilities per key
  • Infinite map selection possibilities
  • Infinite pattern possibilities
  • Infinite representation possibilities

Total: ∞ × 6 × ∞ × ∞ × ∞ = ∞ (but a "larger" infinity)

Conclusion

Key-selected hash algorithms provide full diffusion while adding another multiplicative layer to the metaclass encryption architecture. This enhancement:

  • Uses only established, trusted cryptographic hash functions
  • Requires no additional secrets beyond the key
  • Adds minimal computational overhead
  • Integrates seamlessly with existing framework
  • Multiplies the algorithm space by another factor

This represents another evolution of the concept - each key now selects not just encryption parameters but also the fundamental hash function that generates those parameters.

Part of the Metaclass Encryption Architecture Series

Author: Muhammed Shafin P (@hejhdiss)

License: CC BY-SA 4.0

This is an open source concept. Community contributions, optimizations, and additional hash algorithm support are welcome.

Top comments (0)