![Page 1: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/1.jpg)
SHA-3: should we care? Jean-Philippe Aumasson
![Page 2: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/2.jpg)
![Page 3: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/3.jpg)
![Page 4: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/4.jpg)
2005
![Page 5: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/5.jpg)
![Page 6: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/6.jpg)
SHA-1 SHA-2
![Page 7: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/7.jpg)
![Page 8: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/8.jpg)
Nov 2007
![Page 9: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/9.jpg)
Nov 2007
![Page 10: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/10.jpg)
Nov 2007
![Page 11: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/11.jpg)
Nov 2008
64 submissions received
51 “complete and proper”
14 in the “second round”,
5 in the “final”
![Page 12: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/12.jpg)
![Page 13: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/13.jpg)
![Page 14: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/14.jpg)
Most security and performance evaluation by submitters and third parties, not NIST
![Page 15: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/15.jpg)
Cryptanalysis
http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
![Page 16: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/16.jpg)
Cryptanalysis
http://eprint.iacr.org/2010/607.pdf
![Page 17: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/17.jpg)
Cryptanalysis
http://eprint.iacr.org/2011/286.pdf
![Page 18: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/18.jpg)
Hardware performance evaluation (ASIC, FPGA)
http://www.iis.ee.ethz.ch/~sha3/
http://ece.gmu.edu/~kgaj/publications/conferences/GMU_CHES_2010_slides.pdf
![Page 19: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/19.jpg)
Software performance evaluation: tools developed to find the fastest combination implementation/compiler/options for each CPU
![Page 20: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/20.jpg)
Software performance evaluation: tools developed to find the fastest combination implementation/compiler/options for each CPU
![Page 21: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/21.jpg)
Software performance evaluation: tools developed to find the fastest combination implementation/compiler/options for each CPU
More on the eBACS project page: http://bench.cr.yp.to/
![Page 22: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/22.jpg)
Software performance evaluation: tools developed to find the fastest combination implementation/compiler/options for each CPU
More on the XBX project page: http://xbx.das-labor.org
![Page 23: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/23.jpg)
2012
![Page 24: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/24.jpg)
BLAKE
Groestl
JH
Keccak
Skein
![Page 25: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/25.jpg)
BLAKE
Groestl
JH
Keccak
Skein
![Page 26: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/26.jpg)
“NIST chose Keccak over the four other excellent finalists for its elegant design, large security margin, good general performance,
excellent efficiency in hardware implementations, and for its flexibility.”
NIST PR
“Keccak complements the existing SHA-2 family of hash algorithms well.”
NIST email announcement
![Page 27: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/27.jpg)
“An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently
…
it immediately provides an essential insurance policy in case SHA-2 is ever broken”
NIST PR
![Page 28: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/28.jpg)
![Page 29: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/29.jpg)
Keccak’s core permutation
http://keccak.noekeon.org/Keccak-reference-3.0.pdf
![Page 30: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/30.jpg)
Actually simpler than it looks
http://keccak.noekeon.org/specs_summary.html
![Page 31: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/31.jpg)
Many techniques for fast implementations
http://keccak.noekeon.org/Keccak-implementation-3.2.pdf
![Page 32: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/32.jpg)
Intel Core i5-2400S (Sandy Bridge, 4 x 2495 MHz)
![Page 33: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/33.jpg)
AMD FX-8120 (Bulldozer, 4 x 3100 MHz)
![Page 34: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/34.jpg)
Qualcomm Snapdragon S3 APQ8060 (2 x 1782 MHz)
![Page 35: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/35.jpg)
AVR (8-bit): Atmel ATmega1284P
Credit: XBX project http://xbx.das-labor.org
![Page 36: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/36.jpg)
MIPS (32-bit): Texas Instruments AR7
Credit: XBX project http://xbx.das-labor.org
![Page 37: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/37.jpg)
http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/March2012/documents/ presentations/GURKAYNAK_presentation.pdf
![Page 38: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/38.jpg)
http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/March2012/documents/presentations/KAPS_presentation.pdf
![Page 39: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/39.jpg)
Keccak’s security: despite appealing prizes, very tough to attack…
![Page 40: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/40.jpg)
![Page 41: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/41.jpg)
![Page 42: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/42.jpg)
![Page 43: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/43.jpg)
H( K || M )
is a secure MAC with SHA-3
not with SHA-2 (length extension)
But key can be recovered if state leaks… (unlike with BLAKE or Skein)
![Page 44: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/44.jpg)
SHA-3: should we care?
![Page 45: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/45.jpg)
“The only ordering implied in sha2 vs sha3 is when they were designed; we explicitly are *not* telling people they should move from sha2 to sha3. The two standards will coexist.”
John Kelsey (NIST)
![Page 46: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/46.jpg)
Keccak’s sponge construction can be used for RNG, MAC, authenticated encryption (not standardized by NIST)
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/ presentations/DAEMEN_SpongeDuplexSantaBarbaraSlides.pdf
![Page 47: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/47.jpg)
What about BLAKE?
![Page 48: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/48.jpg)
“BLAKE could be the Xenia T. of crypto!”
It’s not always the winner that wins…
![Page 49: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/49.jpg)
BLAKE is the fastest finalist in software
In many applications hashing is not the speed bottleneck, but sometimes faster hashing means improved performance:
• Cloud storage integrity check
• File systems deduplication (e.g. ZFS)
• HIDS monitoring
• P2P integrity check
There’s a reason why MD5, Tiger, or CRCs are still used…
![Page 50: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/50.jpg)
BLAKE2
coming soon…
![Page 51: SHA-3: should we care? - · PDF fileNov 2008 64 submissions received 51 “complete and proper” 14 in the “second round”, 5 in the “final”](https://reader030.vdocuments.us/reader030/viewer/2022020302/5a73e4fc7f8b9a4b538b7e79/html5/thumbnails/51.jpg)
Thank you!