SHA3-256 returns different result from version 52 and 53

[arthew]

Passed same value to SHA3Digest(256), the result is different from version 53 and 52
It caused signature verify failed for those signed with old version.

[arthew]

Sorry that the description not clear enough.
The case is try to make sha3-256 digest for a data with length 64 bytes.
It works fine on version 51 or 52, but failed on version 53 and 54.
Is there anything I used not correctly ?

The test case was attached:

package test.utils;

import org.spongycastle.crypto.digests.SHA3Digest;
import org.spongycastle.util.encoders.Hex;
import org.testng.Assert;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

public class TestSHA3Simple {
    private static SHA3Digest digest = new SHA3Digest(256);

    @Test(dataProvider="testData")
    public void testSHA3(String data, String expected) {
    byte[] m = Hex.decode(data);
    digest.update(m, 0, m.length);
    byte[] hash = new byte[digest.getDigestSize()];
    digest.doFinal(hash, 0);
    Assert.assertEquals(Hex.toHexString(hash), expected);
    }

    @DataProvider(name = "testData")
    Object[][] getData() {
    return new String[][] {
            {
                    "481ba23b2ac823fd4341ad82c66315fe645334e55109897ece826569404c1f9d34ff309920f97839d94b216345552e08b20b2625a7f4f125e4cc3c7b4159e41f",
                    "d914f1fb80c1031bd0ab0d21b787e2e1690aa642a2021e24341cb6cc6d8bf384" },
            {
                    "c91357cfdc00a43316112c1b460b77e11a942743b20f9c392d8932ad4f24c6dbdffc02cfb72b4e130c81f36668e041b0540935a7c1ac08645214e51a7330a8a6",
                    "102205385c984e44e8121327c2d7b3804eac5007d730eb60a803de1e23b1821e" } };
    }
}

[Hamdiovish]

Same issue here, any update or migration guide!

[rtyley]

Spongy Castle is a repackage of Bouncy Castle targeted at Android with no substantial difference to the code.

The reported issue sounds bad, but it's not a problem that can be solved in Spongycastle unless it's genuinely a consequence of the repackage. Could you first verify that the problem does not occur when executed against Bouncy Castle. If the same problem occurs with BC, you'll need to raise an issue with the BC project to get it fixed - once that fix is released, I can make a fresh release of Spongycastle based on that updated version.

[Hamdiovish]

That is clear,
Thank you for the prompt reply,
I will do the necessary tests and keep this problem up to date.

[Hamdiovish]

So, here is the full story,
There are two versions of SHA3:
SHA3: The 1st implementation made by the Keccak team’s by 2012
SHA3: The 2nd version which is an updated made by NIST by 2014 and turned to be the official standard till nowadays.
Here is the link to the announcement of the National Institute of Standards and Technology:
https://www.federalregister.gov/documents/2014/05/28/2014-12336/announcing-draft-federal-information-processing-standard-fips-202-sha-3-standard-permutation-based

Bouncy castle followed the standard and updated it implementation to the FIST202 in the version 53, the previous implementation was kept but callable via the "KECCAK-256" algorithm, here his how to call it from the BouncyCastle/SpongyCastle 53 and above:

    @Test
    public void testSHA3_fix() {
        String data = "demo";
        byte[] hash = hash("KECCAK-256", data.getBytes());
        Assert.assertEquals(Hex.toHexString(hash), "3a784687a2b2ff9a2c72e22b001d33d9f2e2155a7858ff663b0990d35f14745d");
    }

    private static byte[] hash(final String algorithm, final byte[] inputs) {
        MessageDigest digest = null;
        try {
            Security.addProvider(new BouncyCastleProvider());
            MessageDigest messageDigest = MessageDigest.getInstance(algorithm, "BC");
            byte[] hashedString = messageDigest.digest(inputs);
            return hashedString;

        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

So developer must pay attention to this point, especially cryptocurrencies and wallet developers, otherwise it will generate different addresses for the same keys.

With love from the NEM community.