What Is SHA-3?
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family, published by NIST in 2015. Unlike SHA-2, which is based on the Merkle-Damgård construction, SHA-3 uses a fundamentally different design called the sponge construction. This difference makes SHA-3 resistant to certain classes of attacks that threaten SHA-2.
The algorithm originally named Keccak (pronounced "ketchak") won the NIST hash function competition in 2012 after a five-year public evaluation process. NIST standardised four hash lengths: SHA3-224, SHA3-256, SHA3-384, and SHA3-512, plus two extendable-output functions (XOFs): SHAKE128 and SHAKE256.
How SHA-3 Works
SHA-3 uses the sponge construction, which consists of two phases: absorbing and squeezing. In the absorbing phase, input data is fed into the internal state in blocks. In the squeezing phase, hash output is extracted.
The internal state of SHA-3 is a 3D array of 5×5 lanes, each containing 64 bits, for a total state size of 1600 bits. The permutation function, called Keccak-f, is applied iteratively during both phases to mix the state.
This design gives SHA-3 several advantages:
- It is not vulnerable to length extension attacks that affect SHA-2
- The sponge construction provides a security proof
- It performs well in hardware implementations
- The XOF variants produce arbitrarily long output
SHA-3 vs SHA-2
| Feature | SHA-2 | SHA-3 |
|---|---|---|
| Construction | Merkle-Damgård | Sponge (Keccak) |
| Published | 2001 | 2015 |
| Output sizes | 224, 256, 384, 512 | 224, 256, 384, 512 + XOF |
| Length extension | Vulnerable | Resistant |
| Software speed | Faster | Slower |
| Hardware speed | Moderate | Excellent |
| Side-channel resistance | Good | Better |
When to Use SHA-3
SHA-3 is not intended to replace SHA-2 immediately. SHA-2 remains secure, and no practical attacks reduce its security below acceptable levels. SHA-3 exists as a backup in case SHA-2 is eventually broken.
Use SHA-3 when:
- You need resistance to length extension attacks
- Your application runs on hardware with SHA-3 acceleration
- You want to diversify cryptographic dependencies away from SHA-2
- You need a hash function with a fundamentally different design (defence in depth)
- You need variable-length output from SHAKE128 or SHAKE256
Code Examples
// PHP
echo hash('sha3-256', 'hello');
echo hash('sha3-512', 'hello');
import hashlib
print(hashlib.sha3_256(b'hello').hexdigest())
print(hashlib.sha3_512(b'hello').hexdigest())
# SHAKE (extendable output)
print(hashlib.shake_128(b'hello').hexdigest(16)) # 16 bytes output
print(hashlib.shake_256(b'hello').hexdigest(32)) # 32 bytes output
// Node.js
const crypto = require('crypto');
console.log(crypto.createHash('sha3-256').update('hello').digest('hex'));
console.log(crypto.createHash('sha3-512').update('hello').digest('hex'));
SHAKE128 and SHAKE256
SHAKE (Secure Hash Algorithm KEccak) is an extendable-output function (XOF). Unlike fixed-length hash functions, XOFs produce output of any desired length. SHAKE128 provides 128-bit security with arbitrary output length, while SHAKE256 provides 256-bit security.
XOFs are useful for:
- Generating cryptographic keys of arbitrary length from a seed
- Creating masking values in encryption schemes
- Building stream ciphers and random number generators
Online Tool
The SHA-3 Hash Generator on Help2Code computes SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hashes instantly. Compare the output with SHA-2 hashes using the Multiple Hash Generator.
Conclusion
SHA-3 is a modern, well-designed hash function with a conservative security margin. While SHA-2 remains the standard for most applications, SHA-3 is an excellent choice when you need a backup hash function for defence in depth, or when you need the unique capabilities of SHAKE extendable-output functions.
