Skip to content
Java implementation of FIPS 202, SHA3-xxxx, SHAKE128, SHAKE256
Java
Branch: master
Clone or download
Amund Elstad
Amund Elstad Update version
Latest commit 7c34279 May 2, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Update version May 2, 2018
.gitignore Rename keccackj to keccakjy Nov 23, 2014
LICENSE Initial commit Oct 22, 2014
NOTICE Initial commit Oct 22, 2014
README.md Update readme Nov 24, 2014
pom.xml Update version May 2, 2018

README.md

keccakj

Pure Java implementation of Keccak with implementations of

  • SHA3-224,SHA3-256,SHA3-384,SHA3-512 message digests (FIPS 202 DRAFT).
  • SHAKE128/SHAKE256 (FIPS 202 DRAFT). Can be used in various ways, eg.
    1. As a message digest with variable output length.
    2. As a stream cipher.
    3. As a non-reseedable random generator.
  • LakeKeyak authenticated encryption.
  • Stream ciphers based on SHAKE128/SHAKE256.
  • Secure/Cryptographic ressedable random generators based on the Duplex construction.

Keccakj is licensed under the Apache License, Version 2.0.

#How to use

Using Keccakj with the Java security API:

Installing the security provider dynamically

import com.github.aelstad.keccakj.provider.KeccakjProvider;
...
Security.addProvider(new KeccakjProvider());

Installing the security provider statically

Modify JAVA_HOME/jre/lib/security/java.security and add

security.provider.N=com.github.aelstad.keccakj.provider.KeccakjProvider

MessageDigests:

import java.security.MessageDigest;
import com.github.aelstad.keccakj.provider.Constants;

...
MessageDigest md;
md = MessageDigest.getInstance(Constants.SHA3_224, Constants.PROVIDER);
md = MessageDigest.getInstance(Constants.SHA3_256, Constants.PROVIDER);
md = MessageDigest.getInstance(Constants.SHA3_384, Constants.PROVIDER);
md = MessageDigest.getInstance(Constants.SHA3_512, Constants.PROVIDER);

SecureRandoms:

import java.security.SecureRandom;
import com.github.aelstad.keccakj.provider.Constants;

...
SecureRandom sr;
sr = SecureRandom.getInstance(Constants.KECCAK_RND128, Constants.PROVIDER);  
sr = SecureRandom.getInstance(Constants.KECCAK_RND256, Constants.PROVIDER);

Ciphers:

** Note that Cipher use requires the provider to be in a signed and trusted jar. **

import java.security.Cipher;
import com.github.aelstad.keccakj.provider.Constants;

Cipher cipher;
cipher = Cipher.getInstance(Constants.SHAKE128_STREAM_CIPHER, Constants.Provider);
cipher = Cipher.getInstance(Constants.SHAKE256_STREAM_CIPHER, Constants.Provider);
cipher = Cipher.getInstance(Constants.LAKEKEYAK_AUTHENTICATING_STREAM_CIPHER, Constants.Provider);

Using Keccakj without installing a Java security provider:

MessageDigests

import java.security.MessageDigest;
import com.gituhub.aelstad.keccakj.fips202.*;

....
MessageDigest md = new SHA3_224();
md = new SHA3_256();
md = new SHA3_384();
md = new SHA3_512();
...
AbstractSponge sponge = new Shake128();
sponge = new Shake256();
..
// absorb data
sponge.getAbsorbStream().write(..)
// squeeze digest
byte[] digest = new byte[whatever-length-you-like]
sponge.getSqueezeStream().read(digest);
sponge.reset();

SecureRandoms

import java.security.SecureRandom;
import com.github.aelstad.keccakj.core.DuplexRandom;

// let capcity be n*64 - 3 for efficiency, with n between [4, 25> for security.
DuplexRandom dr = new DuplexRandom(capcity);

// with capacity 253 suitable for session keys
SecureRandom sr;
sr  = new com.github.aelstad.keccakj.spi.KeccakRnd128();
// with capacity 509 suitable for long term keys
sr = new com.github.aelstad.keccakj.spi.KeccakRnd256();

Ciphers

import com.github.aelstad.keccakj.spi.*;
...
CipherInterface ci;
ci = new Shake128StreamCipher();
ci = new Shake256StreamCipher();
ci = new LakeKeyakCipher();

#Typical performance

Single threaded on a i7-4770S

Algorithm Speed
SHA3-224 170MB/s
SHA3-256 165MB/s
SHA3-384 130MB/s
SHA3-512 93MB/s
LakeKeyak authenticated encryption/decryption 260MB/s

Acknowledgments

The test vectors files are copied from https://github.com/gvanas/KeccakCodePackage

The permutation implementation is based on the reference C implementation in https://github.com/gvanas/KeccakCodePackage

Links

More information can be found:

You can’t perform that action at this time.