Understanding SHA-3 and Keccak

A Completely Different Design

SHA-3 was standardized by NIST in 2015 after a five-year public competition that attracted 64 submissions from cryptographers worldwide. The winner, Keccak (designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche), was chosen specifically because its internal structure is fundamentally different from SHA-2. This architectural diversity ensures that if a breakthrough attack ever compromises SHA-2's Merkle-Damgård construction, SHA-3 would remain completely unaffected.

Unlike SHA-2, which processes data through a series of compression rounds applied to fixed-size blocks, SHA-3 uses a 'sponge construction'. Data is absorbed into a large internal state (1600 bits) by XOR operations, squeezed through permutation rounds, and then output bytes are extracted. The sponge approach is naturally immune to length-extension attacks that plague raw SHA-2 without truncation, eliminating an entire class of vulnerabilities by design.

SHA-3 also introduced SHAKE128 and SHAKE256, which are 'extendable-output functions' (XOFs). Unlike traditional hash functions that produce a fixed-size digest, SHAKE can produce output of arbitrary length. This makes SHAKE ideal for key derivation, mask generation, and domain separation in advanced cryptographic protocols. Despite SHA-3's elegance, SHA-2 remains more widely deployed because it has decades of auditintg, hardware acceleration, and no known weaknesses requiring migration.

Everyday Example

Think of SHA-2 as a traditional bank vault with thick steel walls. It is incredibly strong, but every bank vault in the world uses the same basic wall design. SHA-3 is like a vault made of an entirely alien material that no safecracker has ever encountered. Even if someone invents a drill that can cut through steel (breaking SHA-2's design), the alien material (SHA-3's sponge construction) would be completely unaffected because it requires a fundamentally different attack strategy.

The Deep Mathematics

Keccak operates on a 5×5×64 three-dimensional state array (1600 bits total) divided into a rate r and capacity c where r + c = 1600. For SHA3-256, r = 1088 and c = 512, providing 256-bit security. The core permutation Keccak-f[1600] applies 24 rounds of five transformations: θ (column parity mixing), ρ (bitwise rotation), π (lane permutation), χ (non-linear substitution), and ι (round constant addition). Security is bounded by the capacity: collision resistance = 2^(c/2) and pre-image resistance = min(2^(c/2), 2^output).