Bernard N.

Layon

According to Wikipedia, SHA-3, or Secure Hash Algorithm 3, is the latest Secure

Hash Algorithm family member. Mention some flaws of this algorithm. Do not
forget your references.

SHA3 or Secure Hashing Algorithm 3 is the latest release of the National Institute of
Science and Technology (NIST) in the SHA family of standards. SHA3 was developed
when NIST conducted a public competition to develop a new cryptographic hashing
algorithm. A winner is a group of four, namely Bertoni, Daeman, Peeters, and Gilles
Van, who call themselves the Keccak Team. SHA3 was developed not to replaced
SHA2 but as an alternative hashing algorithm. Team Keccak choose to increase the
number of rounds and to use a more complex message padding.

SHA3 is following a sponge construction where data is “absorbed”, and the results are
“squeezed” out, which means that the algorithm takes an input stream of any length and
will produce an output stream of any desired length. The work of Keccak Team was said
to be elegant, has large security margin, good general performance, excellent efficiency
in hardware implementations, and flexible.

Although SHA3 was an improved version of SHA2, there were posts stating that this
algorithm has some flaws. Knowing that the SHA3 was an output of competition, it was
said to be, that the algorithm was already exposed to the public. There were also
statements that SHA3 has no advantage over SHA2 and therefore does not need to be
used. SHA3 was also said to be slow because of the large number in the algorithm that
would affect the performance of the hardware or software used. Many companies that
provide hardware or software products do not support the algorithm, making it not
usable, unless programmers will be hired to code their framework.

References:

[1] FIPS PUB 202, 2021. SHA-3 Standard: Permutation-Based Hash and Extendable-
Output Functions. [online] Available at:
<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf> [Accessed 22 September
2021].

[2] Dworkin, M. (2015), SHA-3 Standard: Permutation-Based Hash and Extendable-

Output Functions, Federal Inf. Process. Stds. (NIST FIPS), National Institute of
Standards and Technology, Gaithersburg, MD, [online],
https://doi.org/10.6028/NIST.FIPS.202 (Accessed September 22, 2021)

[3] Keccak.team. 2017. Keccak Team. [online] Available at:

<https://keccak.team/2017/is_sha3_slow.html> [Accessed 22 September 2021].
[4] Csrc.nist.gov. 2021. [online] Available at:
<https://csrc.nist.gov/CSRC/media/Projects/Hash-Functions/documents/sha-
3_selection_announcement.pdf> [Accessed 22 September 2021].

[5] Grimes, R., 2018. Why aren't we using SHA3?. [online] CSO Online. Available at:
<https://www.csoonline.com/article/3256088/why-arent-we-using-sha3.html> [Accessed
22 September 2021].