[New-bugs-announce] [issue47098] sha3: Replace Keccak Code Package with tiny_sha3

Christian Heimes report at bugs.python.org
Wed Mar 23 05:06:22 EDT 2022

New submission from Christian Heimes <lists at cheimes.de>:

The Keccak Code Package (kcp) provides the reference implementation for SHA3 and SHAKE hashing algorithms. CPython has vendored a copy of KCP since I added SHA3 in 3.6.

CPython 3.10 and newer require OpenSSL >= 1.1.1, which provide an optimized implementation of SHA3 and SHAKE on all platforms. The vast majority of users now use SHA3 from OpenSSL instead our _sha3 module with KCP. Both the KCP and _sha3 module are large. The KCP has 230kB of code. The _sha3 shared library is 390kB on Linux X86_64, stripped 90kB.

I would like to reduce the size of our bundled code. Since SHA3 and SHAKE are listed in hashlib.algorithms_guaranteed and OpenSSL is optional, we cannot just drop the _sha3 module. Instead I propose to replace the implementation with tiny_sha3 https://github.com/mjosaarinen/tiny_sha3 . The tiny implementation is 13 kB of code. The resulting _sha3 shared library is 69 kB (stripped 25 kB).

A Python build without OpenSSL bindings will have a working but slower SHA3 implementation.

assignee: christian.heimes
components: Extension Modules
messages: 415861
nosy: christian.heimes, gregory.p.smith
priority: normal
severity: normal
status: open
title: sha3: Replace Keccak Code Package with tiny_sha3
type: enhancement
versions: Python 3.11

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list