Breaking Down : SHA-3 Algorithm (2024)

I have been writing about hashing algorithm the whole past month and this is a close to the series “Breaking Down”. There are lot of prominent hashing algorithm that are present in our current day scenario. Especially the ones that came up and competed against each other for the SHA-3 title. So, to give you all a better perspective about the latest and greatest hashing algorithm SHA-3, let me go back a bit in time and explain to you why it came into existence.

Breaking Down: SHA-3 Algorithm (3)

Around the beginning of 21ˢᵗ century the SHA-2 algorithm came into existence and SHA-1 algorithm was already being challenged theoretically. It was evident that it would not hold for a long period of time before collisions would be easy to find. So, in midst of all this NIST started a competition to find a better successor to SHA-2, even though it was secure and it still is.

The competition to find the best and most efficient hash algorithm began and out of 64 submissions, [ * 51 according to Wikipedia ]. Keccak was the one which passed all the rounds and was selected at last to be the SHA-3 algorithm in the year 2015. It was designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. You should read about its history and how it came into existence, it is interesting.

So, those of you who don’t read my articles on a regular basis, this article is a continuation of my series, where I describe about hashing algorithms and how they function is extreme detail. You can read my other articles, I have mentioned them below.

Breaking Down : The series

1. Breaking Down : MD5 Algorithm

2. Breaking Down: SHA-1 Algorithm

3. Breaking Down : SHA-512 Algorithm

4. Breaking Down : SHA-256 Algorithm

So, now that we know why there was the need for SHA-3 and all about its history. Lets see how it works.

To begin with I need to state that Keccak is not at all similar to the previous algorithms so we need to have a look at it with an open mind or else it might prove a bit hard to understand. Scroll up and have a look at the image in the beginning of the article that will help us have an understanding of the flow of the entire algorithm and how it works.

1. Padding

This is the process that is similar with the previous hashing algorithms. Before we can start hashing our message we need to make sure that they are of the standard length and for that we carry out the padding process.

Before we proceed with it, we need to know what is the standard size we need to meet and for that we will look at how Keccak calculate the state size.

b = 25 x 2ˡ ; b = state sizevalue of l = {0, 1, 2, 3, 4, 5, 6}
value of b = {25, 50, 100, 200, 400, 800, 1600}

For SHA-3 the value of ‘l’ was decided to be 6. Higher the state size better the security it provides. Now, based on the value of ‘l’ we also decide how many rounds of computation needs to be carried out for each part of the padded message.

rounds = 12 + 2 x l
= 12 + 12 ; as l = 6
= 24 ; 24 rounds in total

Now, we know that for SHA-3 we will have the state size of 1600 bits and the number of rounds of computations will be 24.

Coming back to padding we need to append bits to message depending on the hash length we are going to calculate. The values should be a multiple of the numbers that I will mention below. For now just remember these values as I explain about them later on.

 Type Output Length Rate (r) Capacity (c)
SHA3-224 224 1152 448
SHA3-256 256 1088 512
SHA3-384 384 832 768
SHA3-512 512 576 1024

The padding needs to be done in a such a way that after the padding process the length of the padded message is an exact multiple of ‘r’ for corresponding hash function.

First and the last bit of the padding will be ‘1’ and all bits in between will be ‘0’. After padding they are divided into ‘n’ parts such as n times r is equal to the length of the padded message. Mathematically it can be represented as such.

p = n x rp = length of message after padding
n = number of parts in which we divide 'p'
r = length of the rate

Note : The sum of the values of ‘r’ and ‘c’ will always be equal to 1600 i.e. the sate size

2. The state size

Breaking Down: SHA-3 Algorithm (4)

We now know that the length of the padded message is an exact multiple of ‘r’ for corresponding hash length but to further understand it have a look at the image on your left. The ‘r’ and ‘c’ in the image represent the rate and capacity of the respective hashing algorithm.

As the padded message is an exact multiple of ‘r’ and we need to carry out a modulo operation. So, the length of ‘r’ and P₀ are same.

State size is the sum of ‘r’ and ‘c’ and they have distinct values for different hash length.

3. The Absorb Function

The SHA-3 algorithm can be broadly divided into two different parts, the absorbing part and the squeezing part. The absorb function is the first part of the two major steps of the SHA-3 function.

The reason we call it the absorb function is because in the first part of the Keccak algorithm we intake all the values of the padded message that we have already broken down into ‘n’ number of parts and consume them one by one to give the output at the end.

The way in which we perform this, is we feed the ‘r’ length padded messages in the absorb function. We begin with the modulo operation between P₀ and the ‘r’, the initiation value of ‘r’ is all ‘0’ bits. Once the modulo operation is done then we pass on the value to the function where the actual absorb function begins.

Inside the function we perform the same set of five operations over and over for twenty-four times. Once all the rounds are over then we segregate the ‘r’ and ‘c’ bits and then again perform the modulo operation and the function begins all over again.

Let’s have a look at the pseudo-code of the five functions :-

θ (theta) : Pseudo-Code

for x in 0…4
C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4],
for x in 0…4
D[x] = C[x-1] xor rot(C[x+1],1),
for (x,y) in (0…4,0…4)
A[x,y] = A[x,y] xor D[x]

ρ (rho) & π (pi) : Pseudo-Code

for (x,y) in (0…4,0…4)
B[y,2*x+3*y] = rot(A[x,y], r[x,y]),

χ (chi) : Pseudo-Code

for (x,y) in (0…4,0…4)
A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y])

ι (iota) : Pseudo-Code

A[0,0] = A[0,0] xor RC

It would be hard for me to explain these functions in words, so I presented the pseudo-code from the website of the Keccak team. Read their papers to have a better understanding of the entire concept.

These five functions are carried out over and over for 24 times. After 24 rounds of computation are over we get 1600 bits, which we then segregate depending on the length of ‘r’ and ‘c’ bits and the process continues.

4. The Squeeze Function

The squeeze function begins immediately after we reach the end of the absorb function. We call it the squeeze function as this is the step in which we extract our hash message. The way in which we extract it is extremely simple and easy to understand.

Breaking Down: SHA-3 Algorithm (5)

When calculating the hash we already know the output length of the hash value which might be 224, 256, 384 or 512. After completing the absorb function we get a final 1600 bits length output. We segregate the output on the basis on length of ‘r’ and ‘c’ bits depending on the hash value we are trying to calculate, which leads us to our output.

Now, that we have the values for ‘r’ and ‘c’ we then extract the first few bits from ‘r’ depending on the hashing algorithm, so for SHA3–256 algorithm we will extract the first 256 bits from the 1088 bits of ‘r’ and for SHA3–512 we will extract the first 512 bits from the 576 bits of ‘r’. The value that is extracted from the first bits of ‘r’ is the hash of the entire message.

The SHA-3 / Keccak algorithm is one of the most secure and efficient hashing algorithms and some claim that it won’t be cracked in the next 20 - 30 years. Developments in the quantum computing world might decrease that time frame but it is still one of the best hashing algorithm we have got right now.

So, let’s have a second look at the entire functioning of the SHA-3 algorithm and allow me to explain the entire thing in a single long paragraph.

Our first step as always is to calculate the length of the message and then do the padding process, depending on the hash length we choose to go with.The padding bits that we append to the message starts and end with ‘1’ and all the bits in between are ‘0’. Once the padding is completed then we break it up into ‘n’ number of blocks each of ‘r’ length, the value ‘r’ will again depend on the hash length. The padded bits starts with P₀ then P₁ till Pₙ-₁. We begin with P₀ for which we first carry out the modulo operation with ‘r’ which initially is all ‘0’. Once, the modulo operation is complete we then begin the 24 rounds each round consists of these five functions θ, ρ, π, χ and ι. and after all these rounds we have the next 1600 bits which we then segregate into ‘r’ and ‘c’ bits depending on the hash length.This computation of 24 rounds takes place ‘n’ number of times in the absorb function and then we reach the squeeze function. From the very beginning we know the length of the output while carrying out the hash and so we extract those exact number of bits from ‘r’ and that is our complete hash value.

So that’s the short version of the entire operation that takes place in the SHA-3 algorithm.

If you enjoyed it please do clap & let’s collaborate. Get, Set, Hack!

Website : | Donate :
Telegram :
Twitter :
LinkedIn :
E-mail :

Breaking Down : SHA-3 Algorithm (2024)


Breaking Down : SHA-3 Algorithm? ›

SHA-3 uses the pattern 101 in its padding

In cryptography, padding is any of a number of distinct practices which all include adding data to the beginning, middle, or end of a message prior to encryption. › wiki › Padding_(cryptography)
function: a 1 bit, followed by zero or more 0 bits (maximum r − 1) and a final 1 bit. The maximum of r − 1 zero bits occurs when the last message block is r − 1 bits long. Then another block is added after the initial 1 bit, containing r − 1 zero bits before the final 1 bit.

How to decrypt SHA-3? ›

You cannot, it's impossible. SHA-3 is not an encryption algorithm, it's a hash algorithm. Once data has been encoded the original data can only be determined by brute force (which is not viable anymore).

What is the SHA-3 algorithm? ›

SHA-3 Project

A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message digest” and achieve certain security properties.

Can you reverse this SHA-3 512 hash? ›

That is the definition of "hash". This has nothing to do with SHA-512. The definition of a hash function is that it cannot be reversed.

What is the digest size of SHA-3? ›

The SHA-3 family consists of six hash functions with digests (hash values) that are 128, 224, 256, 384 or 512 bits: SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256.

Is it possible to decrypt SHA? ›

SHA-256 is a cryptographic (one-way) hash function, so there is no direct way to decode it. The entire purpose of a cryptographic hash function is that you can't undo it.

Can you unhash something? ›

Technically, hashing can be reversed, but the computational power needed to decrypt it makes decryption infeasible.

Why is SHA-3 not used? ›

SHA-3 has been criticized for being slow on instruction set architectures (CPUs) which do not have instructions meant specially for computing Keccak functions faster – SHA2-512 is more than twice as fast as SHA3-512, and SHA-1 is more than three times as fast on an Intel Skylake processor clocked at 3.2 GHz.

What are the disadvantages of SHA-3? ›

Cons of SHA-3

Susceptible to collision attacks. Its instances use a single permutation for all security strengths, cutting down implementation costs. Much slower than SHA-2 (software only issue).

What is the strongest SHA algorithm? ›

To the time of writing, SHA-256 is still the most secure hashing algorithm out there. It has never been reverse engineered and is used by many software organizations and institutions, including the U.S. government, to protect sensitive information.

Can hash be broken? ›

A hash function is called broken when there exists a known explicit attack that is faster than the general brute force attack for a security property (i.e. for collisions or preimages). This requires a definition of brute force attack — and of the known explicit attacks that are faster with respect to SHA-1.

Can SHA-512 be broken? ›

There are no known attacks against SHA-512, not against collision resistance and certainly not against first or second preimage resistance.

Can SHA-256 be broken? ›

Is it possible to crack the hashes produced by the SHA-256 algorithm without using a brute force attack? No. If you could, then SHA-256 would be considered "broken".

Is SHA-3 quantum proof? ›

The hardware architecture for CRYSTALS-Kyber post-quantum cryptographic SHA-3 primitives aims to provide quantum-safe encryption, suggesting that SHA-3 is secure against quantum attacks.

What is the construction of SHA-3 algorithm? ›

SHA-3 (256-bit) algorithm

SHA-3 uses sponge construction scheme which includes mainly two steps viz. Absorption and Squeezing[5], based on a fixed-length permutation (or transformation) and on a padding rule, which builds a function, mapping variable-length input to fixed-length output.

Is SHA-3 collision resistant? ›

1 Answer. Generally, SHA-3 is build to offer 2n/2 collision resistance (and 2n preimage resistance).

How to decrypt using 3des? ›

Decryption in Triple DES is essentially the reverse of encryption: Decryption Process: Decrypt with K3The ciphertext C2 is decrypted using the third key K3 to obtain an intermediate result. Encrypt with K2:The intermediate result is then encrypted using the second key K2, producing another intermediate result.

How do I decrypt an encrypted token? ›

  1. Navigate to the Decrypt Tool section of the Token Auth page.
  2. In the Token To Decrypt option, paste the desired token value.
  3. In the Key to Decrypt option, select the encryption key used to generate that token value.
  4. Click Decrypt. The requirements for that token will appear next to the Original Parameters label.

How to decrypt HMAC? ›

You can't decode it as it's a one way encryption. To validate you need to recreate the the HMAC_SHA256 on your side from the data that has been passed and a shared secret key. You then compare your calculated value to one provided and if they match you know the data hasn't been tampered with.


Top Articles
Latest Posts
Article information

Author: Prof. Nancy Dach

Last Updated:

Views: 5659

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Prof. Nancy Dach

Birthday: 1993-08-23

Address: 569 Waelchi Ports, South Blainebury, LA 11589

Phone: +9958996486049

Job: Sales Manager

Hobby: Web surfing, Scuba diving, Mountaineering, Writing, Sailing, Dance, Blacksmithing

Introduction: My name is Prof. Nancy Dach, I am a lively, joyous, courageous, lovely, tender, charming, open person who loves writing and wants to share my knowledge and understanding with you.