Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SHA3 (Keccak) #16485

Open
ghost opened this issue Feb 27, 2017 · 12 comments

Comments

@ghost
Copy link

@ghost ghost commented Feb 27, 2017

Since SHA1 has been known as an "unsafe" algorithm, but now a safer algorithm called "SHA3" is created. So this algorithm should also be included here. Any plans or options for Microsoft now? As far as we see, SHA3 is a little faster than SHA2 and what's more——It's SAFER.

@bartonjs

This comment has been minimized.

Copy link
Member

@bartonjs bartonjs commented Feb 27, 2017

It's been on the watch list since it was announced. Since we don't implement cryptographic algorithms within .NET we're waiting on support from the underlying platforms (Windows CNG, Apple Security.framework, and OpenSSL).

As far as speed, I'm given to understand that SHA-3 can never be as fast as SHA-2, due to an inability to hardware optimize it.

@ghost

This comment has been minimized.

Copy link
Author

@ghost ghost commented Feb 28, 2017

Hello @bartonjs

Thanks for your quick reply, and I get the complete code from here: http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.2.zip.

For more about speed and other things, please read here:http://www.drdobbs.com/security/keccak-the-new-sha-3-encryption-standard/240154037?pgno=1

@bartonjs

This comment has been minimized.

Copy link
Member

@bartonjs bartonjs commented Feb 28, 2017

Yeah, Keccak is (per your linked article) 12.5 cycles/byte. SHA-2-512 with 64-bit instructions on an Intel processor is 8.5 cycles/byte.

That said, we're just at the mercy of

  1. Our underlying providers supporting it.
  2. Figuring out what to name the classes. Since SHA-3 also supports a 256, 384, and 512-bit mode, we can't go with "SHA256", etc. And "SHA3256" is a bit weird.... "SHA3_256" violates our naming rules, "SHA3-256" is an invalid identifier.
@ghost

This comment has been minimized.

Copy link
Author

@ghost ghost commented Feb 28, 2017

Well……I think you can rename it as "Keccak256,384 or 512", because Keccak is just the algorithm of SHA3 as the standard one.

A persudo code may look like this following:

var keccak = Keccak256.Create().……;

Also something like for these providers:

Keccak256CrytoServiceProvider
Keccak384CrytoServiceProvider
Keccak512CrytoServiceProvider

@gvanas

This comment has been minimized.

Copy link

@gvanas gvanas commented Feb 28, 2017

Sorry to jump in the thread, but I would suggest to consider the SHAKE extendable-output functions (XOF) from FIPS 202, or the cSHAKE from SP 800-185. They are more flexible than the plain SHA-3 hash functions and have about the same speed as SHA-2.

For higher speed, there is ParallelHash [SP 800-185] or KangarooTwelve. https://twitter.com/KeccakTeam/status/834789451708628995

Kind regards,
Gilles (a Keccak co-designer)

@JonHanna

This comment has been minimized.

Copy link
Collaborator

@JonHanna JonHanna commented Feb 28, 2017

SHA3_256 seems a reasonable enough reason to bend the rules.

@bartonjs bartonjs modified the milestone: Future Feb 28, 2017
@morganbr

This comment has been minimized.

Copy link
Contributor

@morganbr morganbr commented Feb 28, 2017

Based on @gvanas 's points, I'd be interested to see an API design that keeps those other functions in mind. Maybe that would even affect the naming question.

@ghost

This comment has been minimized.

Copy link
Author

@ghost ghost commented Mar 7, 2017

@JonHanna:Agree. The name is something like the inner class that isn't publicly published to the public to be used, it's really a bit strange for us. Maybe this can be used as a wrapper or something else like this dynamically generated. And for us, the published one can be something like what I've mentioned above in my post.

@danmosemsft danmosemsft changed the title [Suggestion] Add new algorithm "SHA3" (Keccak) Add support for SHA3 (Keccak) May 26, 2017
@vanillajonathan

This comment has been minimized.

Copy link
Contributor

@vanillajonathan vanillajonathan commented Nov 15, 2017

The naming SHA3 violates the Microsoft naming guidelines which dictate that three-letter algorithms should not be uppercase.
https://docs.microsoft.com/en-us/dotnet/standard/design-guidelines/capitalization-conventions

The proper name according to the capitalization convention would be Sha3.

@jdluzen

This comment has been minimized.

Copy link

@jdluzen jdluzen commented Dec 10, 2017

My port of Keccak (including modified SHA3 padding) integrates with HashAlgorithm as the others in that namespace. I would be happy to contribute it.

@gvanas

This comment has been minimized.

Copy link

@gvanas gvanas commented Dec 13, 2017

@jdluzen Nice! Ideally, your code should also support the SHAKE and cSHAKE functions. Not much extra work, the underlying function is the same.

@morganbr

This comment has been minimized.

Copy link
Contributor

@morganbr morganbr commented Dec 14, 2017

@jdluzen, we appreciate the offer, but we have a strict policy of only using cryptographic algorithms provided by underlying platforms (CNG on Windows, OpenSSL on Linux, Apple Crypto on Mac). That ensures we don't have to worry about provable correctness or avoiding side channels. Right now, I think OpenSSL has SHA3, but not the other two platforms.

@bartonjs bartonjs referenced this issue Nov 15, 2018
@stephentoub stephentoub modified the milestones: Future, 5.0 Jul 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.