Keccak
Published on 2024-09-17

Keccak, pronounced "ketchak," is a versatile cryptographic tool developed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. While Keccak serves various purposes, it is most prominently known for its role as a hash function, offering heightened security levels compared to older hash algorithms like SHA-1 and SHA-2.


Speaking of SHA (Secure Hash Algorithm), this is a series of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) in the United States. Both SHA-1 and SHA-2 were designed by the National Security Agency (NSA) and share similar structures. Although Keccak supports output sizes (hash lengths) identical to SHA-2, its operational mechanism diverges significantly. Intriguingly, Keccak falls under the SHA family umbrella, often referred to as SHA-3.


As early as 2004, theoretical attacks on SHA-1 began to emerge and were publicly disclosed in 2005. By 2011, NIST declared SHA-2 as the new standard hash function. However, the transition from SHA-1 to SHA-2 was gradual, with most developers and computer scientists not adopting SHA-2 until early 2017. Soon afterward, in February 2017, Google announced the successful execution of a SHA-1 collision attack, rendering SHA-1 insecure and prompting its discontinuation.


The development of Keccak (SHA-3) started around 2007 when NIST initiated an open competition and review process seeking a new cryptographic hash function to overcome the potential weaknesses of SHA-1 and SHA-2. Although no significant attacks against SHA-2 had been demonstrated at that time, considering the potential for hash functions to be broken over time and the years required to develop new standard functions, coupled with the early attacks on SHA-1, NIST foresaw the need for a novel cryptographic hashing algorithm. Ultimately, in 2012, NIST announced Keccak as the winner, standardizing it as the latest member of the SHA family—SHA-3.


Keccak was favored by NIST partly due to its innovative structure, proven more secure and efficient than other algorithms. Technically, the SHA-3 algorithm is based on a sponge function or sponge construction, which contrasts with the Merkle-Damgård construction used by SHA-1 and SHA-2.


Presently, SHA-2 remains secure and widely employed, such as in Bitcoin and other cryptocurrencies where SHA-256 plays a pivotal role in mining. Looking ahead, with Keccak yet to be successfully attacked, we may witness its increased adoption. Nonetheless, as the field of cryptography evolves and new vulnerabilities surface, the coming years will likely see the emergence of more cryptographic hash algorithms.