In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible.
In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms. All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C.
Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-f[800] always outperforms other permutations based on Keccak-f when the capacity c stays below 276 bits. In addition, Keccak-f[800] has the added advantage of using less flash memory on 32-bit platforms.