Paper 2016/770

KangarooTwelve: fast hashing based on Keccak-p

Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, Ronny Van Keer, and Benoît Viguier

Abstract

We present KangarooTwelve, a fast and secure arbitrary output-length hash function aiming at a higher speed than the FIPS 202's SHA-3 and SHAKE functions. While sharing many features with SHAKE128, like the cryptographic primitive, the sponge construction, the eXtendable Output Function (XOF) and the 128-bit security strength, KangarooTwelve offers two major improvements over its standard counterpart. First it has a built-in parallel mode that efficiently exploits multi-core or SIMD instruction parallelism for long messages, without impacting the performance for short messages. Second, relying on the cryptanalysis results on Keccak over the past ten years, we tuned its permutation to require twice less computation effort while still offering a comfortable safety margin. By combining these two changes KangarooTwelve consumes less than 0.55 cycles/byte for long messages on the latest Intel's SkylakeX architectures. The generic security of KangarooTwelve is guaranteed by the use of Sakura encoding for the tree hashing and of the sponge construction for the compression function.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
symmetric cryptographyhash functiontree hashingKeccaksoftware performance
Contact author(s)
keyak @ noekeon org
History
2018-05-31: revised
2016-08-12: received
See all versions
Short URL
https://ia.cr/2016/770
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/770,
      author = {Guido Bertoni and Joan Daemen and Michaël Peeters and Gilles Van Assche and Ronny Van Keer and Benoît Viguier},
      title = {KangarooTwelve: fast hashing based on Keccak-p},
      howpublished = {Cryptology ePrint Archive, Paper 2016/770},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/770}},
      url = {https://eprint.iacr.org/2016/770}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.