Month: August 2017

SHA-3 Hash Construction

Keccak (or SHA-3, a ‘qualified successor’ to SHA-2) is a hash function based on interesting and novel ideas and claims to be post-quantum sufficient or quantum resistant.

Some Keccak sponge-hash-function pointers:

A sponge function is a generalization of both a) hash functions, which have a fixed output length, and b) stream ciphers (=state cipher), which have a fixed input length.

Random sponge = Random permutation

The spongeconstruction:

First, the input string is padded with a reversible padding rule and cut into blocks of r bits. Then the b bits of the state are initialized to zero and the sponge construction proceeds in two phases:

  • In the absorbing phase, the r-bit input blocks are XORed into the first r bits of the state, interleaved with applications of the function f, a fixed length permutation/transformation function function. When all input blocks are processed, the sponge construction switches to the squeezing phase.
  • In the squeezing phase, the first r bits of the state are returned as output blocks, interleaved with applications of the function f. The number of output blocks is chosen at will by the user.

The last c bits of the state are never directly affected by the input blocks and are never output during the squeezing phase.”

What security does Keccak offer against quantum attacks, specifically Grover’s algorithm?

“SHA-3 was designed to be very efficient in hardware but is relatively slow in software. SHA-3 takes about double the time compared to SHA-2 to run in software and about a quarter of the time to run in hardware.” This makes it less suitable than SHA-2 for key stretching, at least against an attacker that is hardware equipped.

The advantage of SHA-3 is that a computationally-simpler SHA-3(key | data) can suffice as a MAC.”