prop224 should say we use SHA3-256 for rend circuit digests
In prop224, the rend section says:
A successfully completed handshake, as embedded in the INTRODUCE/RENDEZVOUS cells, gives the client and hidden service host a shared set of keys Kf, Kb, Df, Db, which they use for sending end-to-end traffic encryption and authentication as in the regular Tor relay encryption protocol, applying encryption with these keys before other encryption, and decrypting with these keys before other decryption. The client encrypts with Kf and decrypts with Kb; the service host does the opposite.
But that's not what the code does: circuit_init_cpath_crypto() uses SHA3-256 rather than SHA1 when
is_hs_v3 is true.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information