Basic Presentation for Keccak Understanding.

1. Keccak
Presenters:
Pratheep Joe Siluvai
Rajeev Verma

2. Overview
● Introduction to Hash function.
● Secure Hash Algorithm (SHA)
● SHA-3/Keccak
○ Design approach
○ Inside Keccak
○ Parts of Keccak-f
● Application & Strength
● Efficiency
● Our work
● References

3. Hashing and Hash Function
• Hashing is the transformation of a string of characters into a usually
shorter fixed-length value or key that represents the original string.
• In addition to faster data retrieval, hashing is also used to encrypt and
decrypt digital signatures.
• The hashing algorithm is called the Hash Function which generates hash
codes.
• Hash codes are stored in a table called hash table.

4. Hash function
• Algorithm that takes an arbitrary block of data and returns a fixed-size bit
string.
• Used from digital signature to git repository to peer to peer transmission.
• Encoded data is called the "message," and the hash value is sometimes
called the “message digest” or simply “digest”.
MD5 MD = 128 (Ron Rivest, 1992)
SHA-1 MD = 160 (NSA, NIST, 1995)
SHA-2 MD = 224/256/384/512 (NSA, NIST, 2001)

5. Secure Hash Algorithms (SHA’s)
• Family of cryptographic hash functions published by the National Institute
of Standards and Technology (NIST)
• SHA defines as U.S. Federal Information Processing Standard (FIPS)
• SHA determine the integrity of a message. So, that any change in the
message in the message result in different hash values with high
probability.
• Steps for SHA :
– Preprocessing : Padding the data for blocking
– Hash Computation : Process blocks using the hash function.

6. SHA basics

7. SHA History

8. SHA–3 / Keccak
● Selected on October 2012 as the winner of the NIST hash
function competition
● Not only a hash function.
● Based on the sponge function.
● Not meant to replace SHA-2.

9. Keccak Team
Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche

10. Keccak, a sponge function
● Variable input and output length
● More Flexible than regular hash function
● Parameters
○ r bits– rate (defines the speed)
○ c bits – capacity (defines the security level)

11. Design Approach
● Instantiate a sponge function
● Select the capacity and rate parameters
○ capacity + rate = 1600
● Rata and capacity decides the strength.
● Building an iterated permutation
● Like a block cipher
○ Sequence of identical rounds
○ Round consists of sequence of simple step mappings
● No key Schedule , instead round constants
Capacity Rate Strength
256 1344 128
384 1216 192
512 1088 256

12. Inside Keccak
● The permutation Keccak-f
○ 7 permutations: b → {25, 50, 100, 200, 400, 800,
1600}
● Uses 24 permutation rounds
○ Each round invokes 5 modules
○ Theta(θ), rho(ρ), Pi(Π), Chi(χ), iota(ϊ)

13. Pieces of states
Note : State is 5x5x64
bits block.

14. Theta
● Renders the internal state into a 5-by-5 array of 64-bit elements.
● Computes the parities of each column and combines them with an
exclusive-or (XOR) operator.
● Then it XORs the resulting parity to each state bit as follows:
S[i][j][k] ^= parity(S[0...4][j-1][k]) ^ parity(S[0...4][j+1][k-1])
where i = 0...4; j = 0...4; k = 0...63

15. Rho
• The rho module rotates each 64-bit element by a triangular number
0, 1, 3, 6, 10, 15, …..

16. Pi
• The pi module permutes the 64-bit elements.
• Permutation follows the fixed pattern assignment shown below:
S[j][2*i + 3*j] = S[i][j]

17. Chi
• The chi module adds a non-linear aspect to the permutation round.
• It combines the row elements using only three bitwise
operators: AND, NOT, and XOR.
• Then it writes the result back to the state array as follows:
S[i][j][k] ^= ~S[i][j + 1][k] & S[i][j + 2][k]

18. Iota
● The iota module breaks up any symmetry caused by the
other modules.
● This is done by XORing one of the array elements to a
round constant
● The module has 24 round constants to choose from.
These constants are defined internally by Keccak
● Without ϊ , the round mapping would be symmetric
● Without ϊ , all rounds would be the same
○ susceptibility to slide attacks
○ defective cycle structure

19. Code Reference
Keccak-f[b](A) {
forall i in 0…nr
-1
A = Round[b](A, RC[i])
return A
}
Round[b](A,RC) {
θ step
C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0…4
D[x] = C[x-1] xor rot(C[x+1],1), forall x in 0…4
A[x,y] = A[x,y] xor D[x], forall (x,y) in (0…4,0…4)
ρ and π steps
B[y,2*x+3*y] = rot(A[x,y], r[x,y]), forall (x,y) in (0…4,0…4)
χ step
A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0…4,0…4)
ι step
A[0,0] = A[0,0] xor RC
return A
}

20. Keccak Summary
• Round function:
R = (ϊ) XOR (χ) XOR (Π) XOR (ρ) XOR (θ)
• Number of rounds: 12 + 2ℓ
– Keccak-f[25] has 12 rounds
– Keccak-f[1600] has 24 rounds
• Efficiency
– high level of parallelism
– flexibility: bit-interleaving
– software: competitive on wide range of CPU
– dedicated hardware: very competitive
– suited for protection against side-channel attack

21. Applications
• Regular hashing
– Electronic signatures
– Data integrity
– Data identifier
• Salted hashing (more complex security measure)
– Randomized hashing
– Password Storage and verification
• Message Authentication Code (MAC)
• Single Pass authenticated encryption
– Authentication and Encryption in a single pass
– Secure messaging ( SSL, TLS, SSH,…. )
– Version control systems.
• Reseedable Pseudorandom sequence generator

22. Strength of Keccak
• High level of parallelism
• Flexibility: bit-interleaving
• Software: competitive on wide range of
CPU (also implem. for CUDA)
• Dedicated hardware: very competitive
• Suited for protection against side-channel
attack
• Faster than SHA-2 on all modern PC

23. Efficiency

24. Our Work
• Keccak source code is available for public access.
• Keccak hash function implementation on microblaze and
analyze the hardware performance to perform hashing.
• Analysing the the factors like timing/clock cycles for
different bit-rate and capacity factors.

25. References
● J.-P. Aumasson and D. Khovratovich, First analysis of Keccak, Available online,
2009, http://131002.net/data/papers/AK09.pdf.
● Online Keccak reference site, http://keccak.noekeon.org/
● G. Bertoni, J. Daemen, M. Peeters, G. Van Assche and R. Van Keer, Keccak
implementation overview, round 3 submission to NIST SHA-3, 2011

26. Thank you