Keccak (pronounced “ketchak”) is a versatile cryptographic function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. Although Keccak may be used for other purposes, it is best known as a hash function that provides increased levels of security when compared to older hash algorithms, like SHA-1 and SHA-2.
SHA stands for Secure Hash Algorithm and refers to a set of cryptographic hash functions published by the US National Institute of Standards and Technology (NIST). Both SHA-1 and SHA-2 were designed by the US National Security Agency (NSA), and as such, present a similar structure. Although Keccak supports the same output size (hash lengths) as SHA-2, its working mechanism is quite different. Still, Keccak is part of the SHA family and is often referred to as SHA-3.
Theoretical attacks on SHA-1 were performed in 2004 and made publicly available in 2005. A couple of years later, in 2011, SHA-2 was declared by NIST as the new standard hash function to be used. However, the migration from SHA-1 to SHA-2 was quite slow, and it was only by early 2017 that a large percentage of developers and computer scientists finally migrated to SHA-2. Shortly after, Google announced a successful SHA-1 collision attack in February 2017 and since then, SHA-1 is no longer considered secure, and its use is discouraged.
The Keccak function (SHA-3) started to be developed around 2007 after NIST announced a public competition and vetting process, seeking for a new cryptographic hash function that could overcome the potential flaws of the preceding SHA-1 and SHA-2.
Although no significant attack on SHA-2 had been demonstrated yet, it is expected that hash functions get cracked over time and it takes years for a new standard function to be developed. Taking that into account, along with the successful attacks performed against SHA-1 in 2004 and 2005, NIST perceived the need for a new cryptographic hash algorithm to be created. In 2012, NIST declared Keccak as the winning algorithm of the competition, and it was standardized as the newest member of the SHA family (hence, SHA-3).
One of the reasons why Keccak was chosen by NIST is due to its innovative structure, which proved to be more secure and efficient than the other algorithms. Technically speaking, the SHA-3 algorithm relies on the so-called sponge functions (or sponge construction) - in contrast to the Merkle Damgård construction used by SHA-1 and SHA-2.
For now, SHA-2 is still considered secure and is widely used. For instance, SHA-256 is used by Bitcoin and other cryptocurrencies and plays a crucial role in the process of mining. We might see increasing adoption of SHA-3 going forward as it seems far from being successfully attacked. Nonetheless, we shall see more cryptographic hash algorithms being developed along the next years as the field of cryptography advances and new flaws are discovered.