Questions tagged [keccak]

Keccak is a cryptographic hash algorithm which uses a sponge construction. An input message is "absorbed" into the sponge state, and then the hash result is "squeezed" out of the sponge state. The state is subjected to permutations after each block of data has been read into and out of the sponge. By repeatedly squeezing the sponge, Keccak allows output of an arbitrary length.

Details of the algorithm can be found at the Keccak sponge function family homepage.

Keccak was submitted as a candidate for the NIST (National Institute of Standards and Technology) SHA-3 Competition, and was selected as the winner in October of 2012.

Keccak powers the SHA-3 family of hash functions, but SHA-3 is just a subset of the possible Keccak applications. It is important not to confuse the two terms Keccak and SHA-3. While SHA-3 specifies exact settings for each of its functions, the Keccak sponge family permits a large variety of configurations. The parameters which define a Keccak sponge construction are:

bitrate: the maximum number of bits which can be absorbed or squeezed before the state will be permuted.

capacity: the number of bits within the sponge state which are not directly modified by an absorption and not directly read by a squeeze, but which do play a part in the permutation of the state.

domain suffix: an optional sequence of bits which will be appended to the end of the original message, before padding is applied. The domain suffix allows differentiation between different Keccak applications (such as SHA3, SHAKE, RawSHAKE, etc).

output length: the length in bits of the hash result which will be generated.

The sum of the bitrate and the capacity give the "width" of the permutation state, and this width must be one of: 25, 50, 100, 200, 400, 800, 1600. The bitrate, capacity, and output length must each be greater than zero. Beyond that, Keccak is very flexible.