Recently, Itai Dinur, Paweł Morawiecki, Josef Pieprzyk, Marian Srebrny and Michał Straus published new attacks on keyed instances of Keccak, i.e., when it is used as a stream cipher or to compute a message authentication code (MAC). The attacks are cube attacks that exploit the low algebraic degree of a primitive and have a data complexity of the order of 2ⁿ if this degree is n. Since the round function has algebraic degree 2, the attacks can be applied on 5 or 6 rounds of Keccak-f with a practical complexity.

These attacks are the first ones with practical complexity to reach 6 rounds. Looking at more theoretical complexities, these attacks can most probably reach a few more rounds.