Pratheep Joe Siluvai
● Introduction to Hash function.
● Secure Hash Algorithm (SHA)
○ Design approach
○ Inside Keccak
○ Parts of Keccak-f
● Application & Strength
● Our work
Hashing and Hash Function
• Hashing is the transformation of a string of characters into a usually
shorter fixed-length value or key that represents the original string.
• In addition to faster data retrieval, hashing is also used to encrypt and
decrypt digital signatures.
• The hashing algorithm is called the Hash Function which generates hash
• Hash codes are stored in a table called hash table.
• Algorithm that takes an arbitrary block of data and returns a fixed-size bit
• Used from digital signature to git repository to peer to peer transmission.
• Encoded data is called the "message," and the hash value is sometimes
called the “message digest” or simply “digest”.
MD5 MD = 128 (Ron Rivest, 1992)
SHA-1 MD = 160 (NSA, NIST, 1995)
SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)
Secure Hash Algorithms (SHA’s)
• Family of cryptographic hash functions published by the National Institute
of Standards and Technology (NIST)
• SHA defines as U.S. Federal Information Processing Standard (FIPS)
• SHA determine the integrity of a message. So, that any change in the
message in the message result in different hash values with high
• Steps for SHA :
– Preprocessing : Padding the data for blocking
– Hash Computation : Process blocks using the hash function.
SHA–3 / Keccak
● Selected on October 2012 as the winner of the NIST hash
● Not only a hash function.
● Based on the sponge function.
● Not meant to replace SHA-2.
Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
Keccak, a sponge function
● Variable input and output length
● More Flexible than regular hash function
○ r bits– rate (defines the speed)
○ c bits – capacity (defines the security level)
● Instantiate a sponge function
● Select the capacity and rate parameters
○ capacity + rate = 1600
● Rata and capacity decides the strength.
● Building an iterated permutation
● Like a block cipher
○ Sequence of identical rounds
○ Round consists of sequence of simple step mappings
● No key Schedule , instead round constants
Capacity Rate Strength
256 1344 128
384 1216 192
512 1088 256
Pieces of states
Note : State is 5x5x64
● Renders the internal state into a 5-by-5 array of 64-bit elements.
● Computes the parities of each column and combines them with an
exclusive-or (XOR) operator.
● Then it XORs the resulting parity to each state bit as follows:
S[i][j][k] ^= parity(S[0...4][j-1][k]) ^ parity(S[0...4][j+1][k-1])
where i = 0...4; j = 0...4; k = 0...63
• The rho module rotates each 64-bit element by a triangular number
0, 1, 3, 6, 10, 15, …..
• The pi module permutes the 64-bit elements.
• Permutation follows the fixed pattern assignment shown below:
S[j][2*i + 3*j] = S[i][j]
• The chi module adds a non-linear aspect to the permutation round.
• It combines the row elements using only three bitwise
operators: AND, NOT, and XOR.
• Then it writes the result back to the state array as follows:
S[i][j][k] ^= ~S[i][j + 1][k] & S[i][j + 2][k]
● The iota module breaks up any symmetry caused by the
● This is done by XORing one of the array elements to a
● The module has 24 round constants to choose from.
These constants are defined internally by Keccak
● Without ϊ , the round mapping would be symmetric
● Without ϊ , all rounds would be the same
○ susceptibility to slide attacks
○ defective cycle structure
forall i in 0…nr
A = Round[b](A, RC[i])
C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0…4
D[x] = C[x-1] xor rot(C[x+1],1), forall x in 0…4
A[x,y] = A[x,y] xor D[x], forall (x,y) in (0…4,0…4)
ρ and π steps
B[y,2*x+3*y] = rot(A[x,y], r[x,y]), forall (x,y) in (0…4,0…4)
A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0…4,0…4)
A[0,0] = A[0,0] xor RC
• Round function:
R = (ϊ) XOR (χ) XOR (Π) XOR (ρ) XOR (θ)
• Number of rounds: 12 + 2ℓ
– Keccak-f has 12 rounds
– Keccak-f has 24 rounds
– high level of parallelism
– ﬂexibility: bit-interleaving
– software: competitive on wide range of CPU
– dedicated hardware: very competitive
– suited for protection against side-channel attack
• Regular hashing
– Electronic signatures
– Data integrity
– Data identifier
• Salted hashing (more complex security measure)
– Randomized hashing
– Password Storage and verification
• Message Authentication Code (MAC)
• Single Pass authenticated encryption
– Authentication and Encryption in a single pass
– Secure messaging ( SSL, TLS, SSH,…. )
– Version control systems.
• Reseedable Pseudorandom sequence generator
Strength of Keccak
• High level of parallelism
• Flexibility: bit-interleaving
• Software: competitive on wide range of
CPU (also implem. for CUDA)
• Dedicated hardware: very competitive
• Suited for protection against side-channel
• Faster than SHA-2 on all modern PC
• Keccak source code is available for public access.
• Keccak hash function implementation on microblaze and
analyze the hardware performance to perform hashing.
• Analysing the the factors like timing/clock cycles for
different bit-rate and capacity factors.
● J.-P. Aumasson and D. Khovratovich, First analysis of Keccak, Available online,
● Online Keccak reference site, http://keccak.noekeon.org/
● G. Bertoni, J. Daemen, M. Peeters, G. Van Assche and R. Van Keer, Keccak
implementation overview, round 3 submission to NIST SHA-3, 2011