![Theta
● Renders the internal state into a 5-by-5 array of 64-bit elements.
● Computes the parities of each column and combines them with an
exclusive-or (XOR) operator.
● Then it XORs the resulting parity to each state bit as follows:
S[i][j][k] ^= parity(S[0...4][j-1][k]) ^ parity(S[0...4][j+1][k-1])
where i = 0...4; j = 0...4; k = 0...63](https://image.slidesharecdn.com/keccak-140513120657-phpapp01/75/keccak-14-2048.jpg?cb=1666001684)
![Pi
• The pi module permutes the 64-bit elements.
• Permutation follows the fixed pattern assignment shown below:
S[j][2*i + 3*j] = S[i][j]](https://image.slidesharecdn.com/keccak-140513120657-phpapp01/75/keccak-16-2048.jpg?cb=1666001684)
![Chi
• The chi module adds a non-linear aspect to the permutation round.
• It combines the row elements using only three bitwise
operators: AND, NOT, and XOR.
• Then it writes the result back to the state array as follows:
S[i][j][k] ^= ~S[i][j + 1][k] & S[i][j + 2][k]](https://image.slidesharecdn.com/keccak-140513120657-phpapp01/75/keccak-17-2048.jpg?cb=1666001684)
 {
forall i in 0…nr
-1
A = Round[b](A, RC[i])
return A
}
Round[b](A,RC) {
θ step
C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0…4
D[x] = C[x-1] xor rot(C[x+1],1), forall x in 0…4
A[x,y] = A[x,y] xor D[x], forall (x,y) in (0…4,0…4)
ρ and π steps
B[y,2*x+3*y] = rot(A[x,y], r[x,y]), forall (x,y) in (0…4,0…4)
χ step
A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0…4,0…4)
ι step
A[0,0] = A[0,0] xor RC
return A
}](https://image.slidesharecdn.com/keccak-140513120657-phpapp01/75/keccak-19-2048.jpg?cb=1666001684)
![Keccak Summary
• Round function:
R = (ϊ) XOR (χ) XOR (Π) XOR (ρ) XOR (θ)
• Number of rounds: 12 + 2ℓ
– Keccak-f[25] has 12 rounds
– Keccak-f[1600] has 24 rounds
• Efficiency
– high level of parallelism
– flexibility: bit-interleaving
– software: competitive on wide range of CPU
– dedicated hardware: very competitive
– suited for protection against side-channel attack](https://image.slidesharecdn.com/keccak-140513120657-phpapp01/75/keccak-20-2048.jpg?cb=1666001684)
Keccak
•5 likes•8,522 views
Report
Share
Download to read offline
Basic Presentation for Keccak Understanding.
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (8)
Similar to Keccak
Similar to Keccak (20)
Recently uploaded
Recently uploaded (20)
Keccak
- 2. Overview ● Introduction to Hash function. ● Secure Hash Algorithm (SHA) ● SHA-3/Keccak ○ Design approach ○ Inside Keccak ○ Parts of Keccak-f ● Application & Strength ● Efficiency ● Our work ● References
- 3. Hashing and Hash Function • Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. • In addition to faster data retrieval, hashing is also used to encrypt and decrypt digital signatures. • The hashing algorithm is called the Hash Function which generates hash codes. • Hash codes are stored in a table called hash table.
- 4. Hash function • Algorithm that takes an arbitrary block of data and returns a fixed-size bit string. • Used from digital signature to git repository to peer to peer transmission. • Encoded data is called the "message," and the hash value is sometimes called the “message digest” or simply “digest”. MD5 MD = 128 (Ron Rivest, 1992) SHA-1 MD = 160 (NSA, NIST, 1995) SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)
- 5. Secure Hash Algorithms (SHA’s) • Family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) • SHA defines as U.S. Federal Information Processing Standard (FIPS) • SHA determine the integrity of a message. So, that any change in the message in the message result in different hash values with high probability. • Steps for SHA : – Preprocessing : Padding the data for blocking – Hash Computation : Process blocks using the hash function.
- 6. SHA basics
- 7. SHA History
- 8. SHA–3 / Keccak ● Selected on October 2012 as the winner of the NIST hash function competition ● Not only a hash function. ● Based on the sponge function. ● Not meant to replace SHA-2.
- 9. Keccak Team Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
- 10. Keccak, a sponge function ● Variable input and output length ● More Flexible than regular hash function ● Parameters ○ r bits– rate (defines the speed) ○ c bits – capacity (defines the security level)
- 11. Design Approach ● Instantiate a sponge function ● Select the capacity and rate parameters ○ capacity + rate = 1600 ● Rata and capacity decides the strength. ● Building an iterated permutation ● Like a block cipher ○ Sequence of identical rounds ○ Round consists of sequence of simple step mappings ● No key Schedule , instead round constants Capacity Rate Strength 256 1344 128 384 1216 192 512 1088 256
- 12. Inside Keccak ● The permutation Keccak-f ○ 7 permutations: b → {25, 50, 100, 200, 400, 800, 1600} ● Uses 24 permutation rounds ○ Each round invokes 5 modules ○ Theta(θ), rho(ρ), Pi(Π), Chi(χ), iota(ϊ)
- 13. Pieces of states Note : State is 5x5x64 bits block.
- 14. Theta ● Renders the internal state into a 5-by-5 array of 64-bit elements. ● Computes the parities of each column and combines them with an exclusive-or (XOR) operator. ● Then it XORs the resulting parity to each state bit as follows: S[i][j][k] ^= parity(S[0...4][j-1][k]) ^ parity(S[0...4][j+1][k-1]) where i = 0...4; j = 0...4; k = 0...63
- 15. Rho • The rho module rotates each 64-bit element by a triangular number 0, 1, 3, 6, 10, 15, …..
- 16. Pi • The pi module permutes the 64-bit elements. • Permutation follows the fixed pattern assignment shown below: S[j][2*i + 3*j] = S[i][j]
- 17. Chi • The chi module adds a non-linear aspect to the permutation round. • It combines the row elements using only three bitwise operators: AND, NOT, and XOR. • Then it writes the result back to the state array as follows: S[i][j][k] ^= ~S[i][j + 1][k] & S[i][j + 2][k]
- 18. Iota ● The iota module breaks up any symmetry caused by the other modules. ● This is done by XORing one of the array elements to a round constant ● The module has 24 round constants to choose from. These constants are defined internally by Keccak ● Without ϊ , the round mapping would be symmetric ● Without ϊ , all rounds would be the same ○ susceptibility to slide attacks ○ defective cycle structure
- 19. Code Reference Keccak-f[b](A) { forall i in 0…nr -1 A = Round[b](A, RC[i]) return A } Round[b](A,RC) { θ step C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0…4 D[x] = C[x-1] xor rot(C[x+1],1), forall x in 0…4 A[x,y] = A[x,y] xor D[x], forall (x,y) in (0…4,0…4) ρ and π steps B[y,2*x+3*y] = rot(A[x,y], r[x,y]), forall (x,y) in (0…4,0…4) χ step A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0…4,0…4) ι step A[0,0] = A[0,0] xor RC return A }
- 20. Keccak Summary • Round function: R = (ϊ) XOR (χ) XOR (Π) XOR (ρ) XOR (θ) • Number of rounds: 12 + 2ℓ – Keccak-f[25] has 12 rounds – Keccak-f[1600] has 24 rounds • Efficiency – high level of parallelism – flexibility: bit-interleaving – software: competitive on wide range of CPU – dedicated hardware: very competitive – suited for protection against side-channel attack
- 21. Applications • Regular hashing – Electronic signatures – Data integrity – Data identifier • Salted hashing (more complex security measure) – Randomized hashing – Password Storage and verification • Message Authentication Code (MAC) • Single Pass authenticated encryption – Authentication and Encryption in a single pass – Secure messaging ( SSL, TLS, SSH,…. ) – Version control systems. • Reseedable Pseudorandom sequence generator
- 22. Strength of Keccak • High level of parallelism • Flexibility: bit-interleaving • Software: competitive on wide range of CPU (also implem. for CUDA) • Dedicated hardware: very competitive • Suited for protection against side-channel attack • Faster than SHA-2 on all modern PC
- 23. Efficiency
- 24. Our Work • Keccak source code is available for public access. • Keccak hash function implementation on microblaze and analyze the hardware performance to perform hashing. • Analysing the the factors like timing/clock cycles for different bit-rate and capacity factors.
- 25. References ● J.-P. Aumasson and D. Khovratovich, First analysis of Keccak, Available online, 2009, http://131002.net/data/papers/AK09.pdf. ● Online Keccak reference site, http://keccak.noekeon.org/ ● G. Bertoni, J. Daemen, M. Peeters, G. Van Assche and R. Van Keer, Keccak implementation overview, round 3 submission to NIST SHA-3, 2011
- 26. Thank you