Keccak

Keccak
Presenters:
Pratheep Joe Siluvai
Rajeev Verma

Overview
● Introduction to Hash function.
● Secure Hash Algorithm (SHA)
● SHA-3/Keccak
○ Design approach
○ Inside Keccak
○ Parts of Keccak-f
● Application & Strength
● Efficiency
● Our work
● References

Hashing and Hash Function
• Hashing is the transformation of a string of characters into a usually
shorter fixed-length value or key that represents the original string.
• In addition to faster data retrieval, hashing is also used to encrypt and
decrypt digital signatures.
• The hashing algorithm is called the Hash Function which generates hash
codes.
• Hash codes are stored in a table called hash table.

Hash function
• Algorithm that takes an arbitrary block of data and returns a fixed-size bit
string.
• Used from digital signature to git repository to peer to peer transmission.
• Encoded data is called the "message," and the hash value is sometimes
called the “message digest” or simply “digest”.
MD5 MD = 128 (Ron Rivest, 1992)
SHA-1 MD = 160 (NSA, NIST, 1995)
SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)

Secure Hash Algorithms (SHA’s)
• Family of cryptographic hash functions published by the National Institute
of Standards and Technology (NIST)
• SHA defines as U.S. Federal Information Processing Standard (FIPS)
• SHA determine the integrity of a message. So, that any change in the
message in the message result in different hash values with high
probability.
• Steps for SHA :
– Preprocessing : Padding the data for blocking
– Hash Computation : Process blocks using the hash function.

SHA–3 / Keccak
● Selected on October 2012 as the winner of the NIST hash
function competition
● Not only a hash function.
● Based on the sponge function.
● Not meant to replace SHA-2.

Keccak Team
Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche

Keccak, a sponge function
● Variable input and output length
● More Flexible than regular hash function
● Parameters
○ r bits– rate (defines the speed)
○ c bits – capacity (defines the security level)

Design Approach
● Instantiate a sponge function
● Select the capacity and rate parameters
○ capacity + rate = 1600
● Rata and capacity decides the strength.
● Building an iterated permutation
● Like a block cipher
○ Sequence of identical rounds
○ Round consists of sequence of simple step mappings
● No key Schedule , instead round constants
Capacity Rate Strength
256 1344 128
384 1216 192
512 1088 256

Inside Keccak
● The permutation Keccak-f
○ 7 permutations: b → {25, 50, 100, 200, 400, 800,
1600}
● Uses 24 permutation rounds
○ Each round invokes 5 modules
○ Theta(θ), rho(ρ), Pi(Π), Chi(χ), iota(ϊ)

Pieces of states
Note : State is 5x5x64
bits block.

Theta
● Renders the internal state into a 5-by-5 array of 64-bit elements.
● Computes the parities of each column and combines them with an
exclusive-or (XOR) operator.
● Then it XORs the resulting parity to each state bit as follows:
S[i][j][k] ^= parity(S[0...4][j-1][k]) ^ parity(S[0...4][j+1][k-1])
where i = 0...4; j = 0...4; k = 0...63

Rho
• The rho module rotates each 64-bit element by a triangular number
0, 1, 3, 6, 10, 15, …..

Pi
• The pi module permutes the 64-bit elements.
• Permutation follows the fixed pattern assignment shown below:
S[j][2*i + 3*j] = S[i][j]

Chi
• The chi module adds a non-linear aspect to the permutation round.
• It combines the row elements using only three bitwise
operators: AND, NOT, and XOR.
• Then it writes the result back to the state array as follows:
S[i][j][k] ^= ~S[i][j + 1][k] & S[i][j + 2][k]

Iota
● The iota module breaks up any symmetry caused by the
other modules.
● This is done by XORing one of the array elements to a
round constant
● The module has 24 round constants to choose from.
These constants are defined internally by Keccak
● Without ϊ , the round mapping would be symmetric
● Without ϊ , all rounds would be the same
○ susceptibility to slide attacks
○ defective cycle structure

Code Reference
Keccak-f[b](A) {
forall i in 0…nr
-1
A = Round[b](A, RC[i])
return A
}
Round[b](A,RC) {
θ step
C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0…4
D[x] = C[x-1] xor rot(C[x+1],1), forall x in 0…4
A[x,y] = A[x,y] xor D[x], forall (x,y) in (0…4,0…4)
ρ and π steps
B[y,2*x+3*y] = rot(A[x,y], r[x,y]), forall (x,y) in (0…4,0…4)
χ step
A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0…4,0…4)
ι step
A[0,0] = A[0,0] xor RC
return A
}

Keccak Summary
• Round function:
R = (ϊ) XOR (χ) XOR (Π) XOR (ρ) XOR (θ)
• Number of rounds: 12 + 2ℓ
– Keccak-f[25] has 12 rounds
– Keccak-f[1600] has 24 rounds
• Eﬃciency
– high level of parallelism
– ﬂexibility: bit-interleaving
– software: competitive on wide range of CPU
– dedicated hardware: very competitive
– suited for protection against side-channel attack

Applications
• Regular hashing
– Electronic signatures
– Data integrity
– Data identifier
• Salted hashing (more complex security measure)
– Randomized hashing
– Password Storage and verification
• Message Authentication Code (MAC)
• Single Pass authenticated encryption
– Authentication and Encryption in a single pass
– Secure messaging ( SSL, TLS, SSH,…. )
– Version control systems.
• Reseedable Pseudorandom sequence generator

Strength of Keccak
• High level of parallelism
• Flexibility: bit-interleaving
• Software: competitive on wide range of
CPU (also implem. for CUDA)
• Dedicated hardware: very competitive
• Suited for protection against side-channel
attack
• Faster than SHA-2 on all modern PC

Our Work
• Keccak source code is available for public access.
• Keccak hash function implementation on microblaze and
analyze the hardware performance to perform hashing.
• Analysing the the factors like timing/clock cycles for
different bit-rate and capacity factors.

References
● J.-P. Aumasson and D. Khovratovich, First analysis of Keccak, Available online,
2009, http://131002.net/data/papers/AK09.pdf.
● Online Keccak reference site, http://keccak.noekeon.org/
● G. Bertoni, J. Daemen, M. Peeters, G. Van Assche and R. Van Keer, Keccak
implementation overview, round 3 submission to NIST SHA-3, 2011

Keccak

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Keccak

Similar to Keccak (20)

Recently uploaded

Recently uploaded (20)

Keccak