Glossary
Sponge Construction
The sponge construction absorbs input into a large internal state and squeezes output from it. It underlies SHA-3/Keccak and resists length-extension attacks.
The sponge construction is an alternative to Merkle–Damgård for building hash functions. It powers SHA-3 and Keccak.
A sponge keeps a large internal state split into two parts: the rate r (bits that interact with input/output) and the capacity c (bits never exposed, which set the security level). It operates in two phases:
- Absorbing: the padded message is XORed into the rate, one block at a time, applying a fixed permutation after each.
- Squeezing: output blocks are read from the rate, applying the permutation between blocks — so the output can be any length, giving extendable-output functions (XOFs) like SHAKE.
Because the capacity is never output, sponges are immune to the length-extension attack that affects Merkle–Damgård hashes. That structural difference is a key reason SHA-3 was standardized as a complement to SHA-2.
Read more in how cryptographic hashing works or generate SHA-3 hashes.