Guides / SHA-3

SHA-3 Algorithm Family

The Next Generation of Secure Hashing with Sponge Construction

NIST Standard

SHA-3 (Keccak) was selected by NIST in 2012 as the new hash standard. It uses a completely different construction than SHA-2, providing diversity in hash algorithms and insurance against future attacks on SHA-2.

What is SHA-3?

SHA-3 is the latest member of the Secure Hash Algorithm family, officially released by NIST in 2015. Unlike SHA-1 and SHA-2 which use the Merkle-Damgard construction, SHA-3 is based on Keccak, which uses a revolutionary sponge construction. This makes it fundamentally different and provides a safety net if SHA-2 is ever compromised.

The Sponge Construction

SHA-3's sponge construction is what makes it unique. Think of it like a sponge:

  1. Absorb Phase: Input data is XORed into the state in blocks
  2. Squeeze Phase: Output is squeezed from the state in blocks
  3. Permutation: Keccak-f permutation function mixes the state (24 rounds)
  4. Capacity: Part of the state remains untouched, providing security

SHA-3 Variants

SHA-3 comes in four variants with different output sizes:

  • SHA3-224: 224-bit output, 448-bit capacity
  • SHA3-256: 256-bit output, 512-bit capacity (most popular)
  • SHA3-384: 384-bit output, 768-bit capacity
  • SHA3-512: 512-bit output, 1024-bit capacity

Key Advantages

  • Different Design: Completely different from SHA-2, providing algorithmic diversity
  • Simple Security Proofs: Sponge construction has well-understood security properties
  • Extensible Output: Can produce variable-length outputs (SHAKE modes)
  • Efficient Hardware: Excellent performance on hardware implementations
  • Parallelizable: Parts of the algorithm can run in parallel

SHA-3 vs SHA-256

Both are secure, but have different strengths:

  • Speed: SHA-256 is faster in software; SHA-3 is competitive in hardware
  • Design: SHA-256 uses Merkle-Damgard; SHA-3 uses sponge construction
  • Security Margin: SHA-3 has larger security margin due to newer design
  • Adoption: SHA-256 is more widely deployed; SHA-3 is gaining traction

When to Use SHA-3

Consider SHA-3 when:

  • You want algorithmic diversity (don't put all eggs in one basket)
  • Building new systems where SHA-256 isn't already established
  • Working with hardware where SHA-3 excels
  • You need extendable output (use SHAKE128/256)
  • Future-proofing against potential SHA-2 vulnerabilities

SHAKE: Extendable Output Functions

SHA-3 includes SHAKE128 and SHAKE256, which can produce output of any length:

  • Perfect for key derivation functions
  • Stream cipher applications
  • Any application needing arbitrary-length output

Try SHA-3 Variants

Use our calculator to compute SHA-3 hashes. The preset links below will automatically select the specific SHA-3 variant.

SHA3-224 SHA3-256 SHA3-384 SHA3-512

Key Takeaways

  • SHA-3 uses sponge construction, fundamentally different from SHA-2
  • Provides algorithmic diversity as insurance against SHA-2 attacks
  • Four variants available: SHA3-224, SHA3-256, SHA3-384, SHA3-512
  • SHAKE modes provide extendable output for any length
💡 Have any idea?