Upcoming SlideShare
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

# Saving this for later?

### Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Standard text messaging rates apply

# SHA-3, Keccak & Sponge function

1,985
views

Published on

Summary description of the sponge function, Keccak and the future Security Hash Algorithm (SHA) Standard.

Summary description of the sponge function, Keccak and the future Security Hash Algorithm (SHA) Standard.

Published in: Technology, Education

0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total Views
1,985
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
68
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Transcript

• 1. Gennaro Caccavale, Student@UniParthenopeJune 2013
• 2. Input message Digesth : {0, 1}* {0, 1}n
• 3. A cryptographic hash function is an algorithm that takes anarbitrary block of data and returns a fixed-size bit string, the(cryptographic) hash value, such that any change to thedata will change the hash value. The data to be encodedare often called the "message," and the hash value issometimes called the message digest or simply digest.MD5 MD = 128 (Ron Rivest, 1992)SHA-1 MD = 160 (NSA, NIST, 1995)SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)SHA-3 MD = arbitrary (Bertoni, Daemen, Peeters, Van Assche, NIST, 20
• 4. • Cryptographic hash function, SHA family• Selected on October 2012 as the winner of the NISThash function competition• Not meant to replace SHA-2• Based on the sponge construction
• 5. More general than a hash function: arbitrary-length outputCalls a b-bit permutation f, with b = r + cr bits of ratec bits of capacity
• 6. The duplex construction allows the alternation of input andoutput blocks at the same rate as the sponge construction,like a full-duplex communication
• 7. • High level of parallelism• Flexibility: bit-interleaving• Software: competitive on wide range of CPU (also implem. forCUDA)• Dedicated hardware: very competitive• Suited for protection against side-channel attack• Faster than SHA-2 on all modern PC (12.5cpb on C2D)
• 8. • http://keccak.noekeon.org/tune.htmlIf an attacker has access to one billion computers, eachperforming one billion evaluations of Keccak-f per second,it would take about 1.6×1061 years (1.1×1051 times theestimated age of the universe) to evaluate the permutation2288 timesKECCAK-f[r+c]KECCAK-f[1024+576]KECCAK-f[1600]
• 9. In the pseudo-code above, S denotes the state as an array oflanes. The padded message P is organised as an array of blocksPi, themselves organized as arrays of lanes. The || operatordenotes the usual byte string concatenation.
• 10. • Currently best attack on KECCAK: 4 rounds• Sufficient nr. of rounds for security claim on KECCAK: 13rounds• KECCAK has 24 rounds (complexity 215xx)
• 11. • http://en.wikipedia.org/wiki/SHA-3• http://sponge.noekeon.org/• http://keccak.noekeon.org/specs_summary.html• http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf• http://celan.informatik.uni-oldenburg.de/kryptos/info/keccak/overview/...