SHA-3, Keccak & Sponge function

4,121 views

Published on

Summary description of the sponge function, Keccak and the future Security Hash Algorithm (SHA) Standard.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,121
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
176
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SHA-3, Keccak & Sponge function

  1. 1. Gennaro Caccavale, Student@UniParthenopeJune 2013
  2. 2. Input message Digesth : {0, 1}* {0, 1}n
  3. 3. A cryptographic hash function is an algorithm that takes anarbitrary block of data and returns a fixed-size bit string, the(cryptographic) hash value, such that any change to thedata will change the hash value. The data to be encodedare often called the "message," and the hash value issometimes called the message digest or simply digest.MD5 MD = 128 (Ron Rivest, 1992)SHA-1 MD = 160 (NSA, NIST, 1995)SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)SHA-3 MD = arbitrary (Bertoni, Daemen, Peeters, Van Assche, NIST, 20
  4. 4. • Cryptographic hash function, SHA family• Selected on October 2012 as the winner of the NISThash function competition• Not meant to replace SHA-2• Based on the sponge construction
  5. 5. More general than a hash function: arbitrary-length outputCalls a b-bit permutation f, with b = r + cr bits of ratec bits of capacity
  6. 6. The duplex construction allows the alternation of input andoutput blocks at the same rate as the sponge construction,like a full-duplex communication
  7. 7. • High level of parallelism• Flexibility: bit-interleaving• Software: competitive on wide range of CPU (also implem. forCUDA)• Dedicated hardware: very competitive• Suited for protection against side-channel attack• Faster than SHA-2 on all modern PC (12.5cpb on C2D)
  8. 8. • http://keccak.noekeon.org/tune.htmlIf an attacker has access to one billion computers, eachperforming one billion evaluations of Keccak-f per second,it would take about 1.6×1061 years (1.1×1051 times theestimated age of the universe) to evaluate the permutation2288 timesKECCAK-f[r+c]KECCAK-f[1024+576]KECCAK-f[1600]
  9. 9. In the pseudo-code above, S denotes the state as an array oflanes. The padded message P is organised as an array of blocksPi, themselves organized as arrays of lanes. The || operatordenotes the usual byte string concatenation.
  10. 10. • Currently best attack on KECCAK: 4 rounds• Sufficient nr. of rounds for security claim on KECCAK: 13rounds• KECCAK has 24 rounds (complexity 215xx)
  11. 11. • http://en.wikipedia.org/wiki/SHA-3• http://sponge.noekeon.org/• http://keccak.noekeon.org/specs_summary.html• http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf• http://celan.informatik.uni-oldenburg.de/kryptos/info/keccak/overview/...

×