SHA-3
Set of cryptographic hash functions / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about SHA-3?
Summarize this article for a 10 year old
SHA-3 (Secure Hash Algorithm 3) is the latest[4] member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015.[5][6][7] Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.
General | |
---|---|
Designers | Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles van Assche. |
First published | 2016; 8 years ago (2016) |
Series | (SHA-0), SHA-1, SHA-2, SHA-3 |
Certification | FIPS PUB 202 |
Detail | |
Digest sizes | arbitrary |
Structure | sponge construction |
Speed | 12.6 cpb on a typical x86-64-based machine for Keccak-f[1600] plus XORing 1024 bits,[1] which roughly corresponds to SHA2-256. |
Best public cryptanalysis | |
Preimage attack on Keccak-512 reduced to 8 rounds, requiring 2511.5 time and 2508 memory.[2] Zero-sum distinguishers exist for the full 24-round Keccak-f[1600], though they cannot be used to attack the hash function itself[3] |
SHA-3 is a subset of the broader cryptographic primitive family Keccak (/ˈkɛtʃæk/ or /ˈkɛtʃɑːk/),[8][9] designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, building upon RadioGatún. Keccak's authors have proposed additional uses for the function, not (yet) standardized by NIST, including a stream cipher, an authenticated encryption system, a "tree" hashing scheme for faster hashing on certain architectures,[10][11] and AEAD ciphers Keyak and Ketje.[12][13]
Keccak is based on a novel approach called sponge construction.[14] Sponge construction is based on a wide random function or random permutation, and allows inputting ("absorbing" in sponge terminology) any amount of data, and outputting ("squeezing") any amount of data, while acting as a pseudorandom function with regard to all previous inputs. This leads to great flexibility.
As of 2007, NIST did not plan to withdraw SHA-2 or remove it from the revised Secure Hash Standard.[needs update?] The purpose of SHA-3 is that it can be directly substituted for SHA-2 in current applications if necessary, and to significantly improve the robustness of NIST's overall hash algorithm toolkit.[15]
For small message sizes, the creators of the Keccak algorithms and the SHA-3 functions suggest using the faster function KangarooTwelve with adjusted parameters and a new tree hashing mode without extra overhead.