12 May 2016

High-speed Keccak-FPH

When implemented on ASICs or on FPGAs, Keccak is significantly more efficient than other primitives with a similar security level, and allows efficient protections against side-channel attacks. Another area where Keccak's performance shines is on processors that exploit parallelism.

Recently, the NIST posted on the hash forum two draft special publications SP 800-XXX including proposals for customized SHAKE instances (Cshake), pseudo-random functions (KMAC), hash functions taking multiple strings as input (TupleHash) and a parallelized hash mode (Fast Parallel Hash, or FPH).

We implemented FPH in the Keccak Code Package and measured the following speeds for long messages:


Performance in cycles per byte (single core) on Intel® Core™ i5-4570 (Haswell) and i5-6500 (Skylake), both at 3.2GHz

Keccak-FPH beats the speed line drawn by the legacy algorithms MD5 and SHA-1, usually considered fast.

Our implementation exploits the AVX-2 256-bit SIMD instruction set.