Forget AES and ChaCha20, Here’s Encryption, Hashing and Integrity With a Sponge
Forget AES and ChaCha20, Here’s Encryption, Hashing and Integrity With a Sponge
Well. Just when you thought that symmetric key encryption was all about AES and ChaCha20, message signing (MAC) was all about HMAC, and that hashing was all about MD5, SHA-1, and SHA-256, Keccak comes along and shows the world a new direction. While designed for the NIST SHA-3 standard — and to produce a strong hashing method — Keccak has the potential to provide MACs (Message Authentication Code), hashes and symmetric key encryption, and in around 1,000 lines of code (compared to 600K lines of code for OpenSSL).
An outline of its operation is here:
So while it may seem obvious that Keccak can produce fixed length hashes (SHA3–224, SHA3–256, and so on) and variable length outputs (SHAKE-128 and SHAKE-256), it is not so obvious in its application to symmetric key encryption. For this we now take the key (K) and a nonce (N) to the absorption phase, and X-OR with r, and feed into f. This then creates the equivalent of a key stream for us then to X-OR with the message (M0, M1, and so on):
It all works a bit like a stream cipher, and where we create and infinitely long key stream and X-OR the input with it. To decrypt, it’s must the same process, but to replace the message with the cipher, and vice-versa. On the other side, we feed in the key (K) and the nonce (N), and then EX-OR the cipher stream bits with the ouputs Z0, Z1, and so on, and this will produce the message stream (M0, M1, and so on).
There are 24 rounds in Keccak, but this has been reduced to 12 in KANGEROOTWELVE. The STROBE framework has picked up on this potential and implements symmetric key, hashing and MAC with a single method: Keccak. As AES takes 10 rounds for 128 bit encryption, KANGEROOTWELVE thus approaches the performance of AES.
The following is some sample Go code using the libdisco library (and which implements its encryption with Keccak) [here]:
A sample run is [here]:
Message: Hello
Password: qwerty
=== Digest ===
Digest (message): 1c38d06d9edd0e3271dd11cf39721630d48e9411c959b60e250c9a003629832e
=== Encryption ===
Cipher: fe04f8a8574c60506b30b84034d1742538e54d735140d8a9d3994c5d7ebd0c93e966cdb71f4777726f9e4d8618
Decrypted: Hello
=== Integrity Check ===
48656c6c6f2618278cf5d9c679620caf534b65eeef
Retrieved: Hello
Conclusions
With Keccak, it’s simple, it’s lightweight, it’s adaptable, it’s energy efficient, it’s 1,000 lines of code to implement hashing, symmetric key and integrity checking, … what more do you want?
Here is libDisco:
What is one of the easiest roles in Cybersecurity? Ans: Making IoT security look bad.medium.com
References
[1] Daemen, J., Bertoni, G., Peeters, M., & Van Assche, G. (2013). Permutation-based symmetric cryptography and Keccak. Technical report, Ecrypt II, Crypto for 2020 Invited Talk.