We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Portfolio of optimized cryptographic functions based on Keccak

18
 Cite
 Share
 Download
 Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Assche, Gilles Van Bertoni, Guido Daemen, Joan Peeters, Michael Keer, Ronny Van

Formal Metadata

Title
Portfolio of optimized cryptographic functions based on Keccak
Title of Series
Number of Parts
611
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language
Production Year2017

Content Metadata

Subject Area
Genre
Abstract
Since its adoption as the SHA-3 standard, Keccak has grown out of the merehashing functionality. We present a consistent set of cryptographic functions,for fast hashing, pseudo-random bit generation, authentication orauthenticated encryption, that enjoy very competitive safety margin vs speedratios. We highlight the bases for the security of these functions and diveinto their software implementations. Beyond the FIPS 202 standard functions derived from Keccak (i.e., SHA-3 hashfunctions and SHAKE{128,256} extendable output functions), we present severalinteresting proposals, consistently based on the same permutation or its roundfunction. Among others: * For authenticated encryption, Ketje and Keyak are schemes that were selected for the third round of the [CAESAR competition](http://competitions.cr.yp.to/caesar-submissions.html). In particular, Keyak proposes interesting features when protecting a stream of data flowing on a network. It exploits the parallelism in modern processors to achieve a high throughput. * [KangarooTwelve](http://eprint.iacr.org/2016/770.pdf) is a recently published arbitrary-output-length hash function. We designed it so that the implementation can automatically adapt to the available degree of parallelism. On Intel's Haswell and Skylake architectures, it achieves a speed below 1.5 cycles/byte for long inputs. Two key aspects will be covered. First, the essential goal of these functions is to remain secure despiteadvances in cryptanalysis. We will explain explain how we base the security ontwo strong pillars: the track record of third-party cryptanalysis and thegeneric security of the underlying construction. Second, we will explore the [Keccak CodePackage](https://github.com/gvanas/KeccakCodePackage) and its two-levelstructure. The high-level cryptographic services are implemented in plain C,without any specific optimizations. The low-level services implement thepermutations and the state input/output functions, for which we provideoptimized code for different platforms. Another interesting topic to discussis how the parallelism is exploited on modern processors with SIMD units.