Federal Information Processing Standards Publication 202
Specifications for the
SHA-3 STANDARD: PERMUTATION-BASED
HASH AND EXTENDABLE-OUTPUT FUNCTIONS
1 INTRODUCTION ................................................................................................................................................ 1
2 GLOSSARY .......................................................................................................................................................... 2
2.1 TERMS AND ACRONYMS .................................................................................................................... 2
2.2 ALGORITHM PARAMETERS AND OTHER VARIABLES .......................................................................... 4
2.3 BASIC OPERATIONS AND FUNCTIONS ................................................................................................. 5
2.4 SPECIFIED FUNCTIONS ....................................................................................................................... 6
3 KECCAK-P PERMUTATIONS .......................................................................................................................... 7
3.1 STATE ................................................................................................................................................ 7
3.1.1 Parts of the State Array ........................................................................................................ 8
3.1.2 Converting Strings to State Arrays ....................................................................................... 9
3.1.3 Converting State Arrays to Strings ..................................................................................... 10
3.1.4 Labeling Convention for the State Array ............................................................................ 11
3.2 STEP MAPPINGS ............................................................................................................................... 11
3.2.1 Specification of θ ................................................................................................................ 11
3.2.2 Specification of ρ ................................................................................................................ 12
3.2.3 Specification of π ................................................................................................................ 14
3.2.4 Specification of χ ................................................................................................................ 15
3.2.5 Specification of ι ................................................................................................................. 15
3.3 KECCAK-p[b, n
r
] .............................................................................................................................. 16
3.4 COMPARISON WITH KECCAK-f ......................................................................................................... 17
4 SPONGE CONSTRUCTION ............................................................................................................................ 17
5 KECCAK ............................................................................................................................................................. 19
5.1 SPECIFICATION OF pad10*1 ............................................................................................................. 19
5.2 SPECIFICATION OF KECCAK[c] ......................................................................................................... 20
6 SHA-3 FUNCTION SPECIFICATIONS .......................................................................................................... 20
6.1 SHA-3 HASH FUNCTIONS ................................................................................................................ 20
6.2 SHA-3 EXTENDABLE-OUTPUT FUNCTIONS ..................................................................................... 20
6.3 ALTERNATE DEFINITIONS OF SHA-3 EXTENDABLE-OUTPUT FUNCTIONS ....................................... 21
7 CONFORMANCE .............................................................................................................................................. 21
A SECURITY ......................................................................................................................................................... 23
A.1 SUMMARY........................................................................................................................................ 23
A.2 ADDITIONAL CONSIDERATION FOR EXTENDABLE-OUTPUT FUNCTIONS .......................................... 24
B EXAMPLES........................................................................................................................................................ 25
B.1 CONVERSION FUNCTIONS ................................................................................................................ 26
B.2 HEXADECIMAL FORM OF PADDING BITS .......................................................................................... 27
C OBJECT IDENTIFIERS ................................................................................................................................... 28
D REFERENCES ................................................................................................................................................... 28