Keccak is a versatile cryptographic function. Best known as a hash function, it nevertheless can also be used for authentication, (authenticated) encryption and pseudo-random number generation. Its structure is the extremely simple sponge construction and internally it uses the innovative Keccak-f cryptographic permutation.
After its selection as the winner of the SHA-3 competition, Keccak has been standardized in 3GPP TS 35.231 for mobile telephony (TUAK), and in NIST standards FIPS 202 and SP 800-185. Consequently, it has received extensive public scrutiny and third-party cryptanalysis.
We derived from Keccak the schemes Ketje, Keyak and KangarooTwelve, also listed in these pages. The scheme Kravatte uses a different construction but the same Keccak-f permutation. Keccak also inspired many third-party designs.
|Synopsis||The Keccak sponge functions|
|Designed by||Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche|
|Implements||An extendable-output function (XOF), i.e., the generalization of a cryptographic hash function with arbitrary output length|
|Construction||The sponge construction|
|Primitive||One of the Keccak-f[b] permutations, where b is 25, 50, 100, 200, 400, 800 or 1600 bits. In the scope of the FIPS 202 and SP 800-185 standards, the largest permutation Keccak-f is used. Nevertheless, smaller (or more “lightweight”) permutations can be used in constrained environments.|
|Parameterized by||The capacity c and by the bitrate r|
|Instances||The instances are denoted Keccak[r, c]. The capacity c determines the proven security strength against generic attacks, i.e., for a security level of n bits, the capacity must be c=2n. When summed, r+c must be the width of the permutation among 25, 50, 100, 200, 400, 800 and 1600 bits. The standard instances are listed in the table below.|
|Status||Winner of the SHA-3 competition, standardized in 3GPP TS 35.231, FIPS 202 and SP 800-185|
For more information, please refer to:
|Instance||used in FIPS 202 and SP 800-185 by|
|Keccak[r=1344, c=256]||SHAKE128 [FIPS 202], cSHAKE128, KMAC128, KMACXOF128, TupleHash128, TupleHashXOF128, ParallelHash128, ParallelHashXOF128 [SP 800-185]|
|Keccak[r=1152, c=448]||SHA3-224 [FIPS 202]|
|Keccak[r=1088, c=512]||SHAKE256, SHA3-256 [FIPS 202], cSHAKE256, KMAC256, KMACXOF256, TupleHash256, TupleHashXOF256, ParallelHash256, ParallelHashXOF256 [SP 800-185]|
|Keccak[r=832, c=768]||SHA3-384 [FIPS 202]|
|Keccak[r=576, c=1024]||SHA3-512 [FIPS 202]|