When implemented on ASICs or on FPGAs, Keccak is significantly more efficient than other primitives with a similar security level, and allows efficient protections against side-channel attacks. Another area where Keccak's performance shines is on processors that exploit parallelism.
Recently, the NIST posted on the hash forum two draft special publications SP 800-XXX including proposals for customized SHAKE instances (Cshake), pseudo-random functions (KMAC), hash functions taking multiple strings as input (TupleHash) and a parallelized hash mode (Fast Parallel Hash, or FPH).
We implemented FPH in the Keccak Code Package and measured the following speeds for long messages:
Keccak-FPH beats the speed line drawn by the legacy algorithms MD5 and SHA-1, usually considered fast.
Our implementation exploits the AVX-2 256-bit SIMD instruction set.