SHA3 vs. Keccak-256: What's the Difference?

As with seemingly most things in the world, the US government has managed to create confusion again, this time with hashing algorithms. While the two hashing algorithms Keccak-256 and SHA3 aren’t exactly the same, people often treat them as if they were. What’s the difference, and how did this happen?

Table of contents

What the Hash?

Before we dive into the differences between SHA3 and Keccak-256, let’s first understand what a hashing algorithm is. A hashing algorithm is a mathematical function that takes an input (or message) and returns a fixed-size string of bytes. This string is unique to the input, meaning that even a small change in the input will result in a completely different output.

In other words, hashing algorithms are a one-way function that converts a bunch of data into… a standardized bunch of data. This is useful for many things, such as verifying the integrity of data, creating digital signatures, and storing passwords securely.

In Ethereum, there are many instances where hashing is used, such as creating addresses, signing transactions, and verifying blocks. The most common hashing algorithm used in Ethereum is Keccak-256, which is often confused with SHA3.

The History

In 2007, the National Institute of Standards and Technology (NIST) announced a competition to create a new cryptographic hash function to replace the aging SHA-2. After (presumably) many gallons of coffee consumed, the winner was announced in 2012: Keccak, created by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche.

NIST then modified the Keccak algorithm to create SHA3. The main difference between Keccak and SHA3 is that SHA3 has a different padding scheme and a different set of output lengths. In simpler terms, they changed a few options in the algorithm, but because of the unpredictability of hashes, the output still becomes wildly different.

The Confusion

The mix-up between SHA3 and Keccak-256 arises from the fact that Ethereum, the second-largest blockchain by market capitalization, uses Keccak-256 for almost all cases requiring hashing. This has led many to believe that Keccak-256 is the same as SHA3, which is not the case.

To make matters even worse, in both the code and documentation, there are numerous references to SHA3 when it should be Keccak-256. While there are ongoing efforts to correct this, it’s a slow process, and fixing all the mentions of SHA3 in Ethereum’s code and docs will take a while.

But Why?

Now, the question is, why did Ethereum choose Keccak-256 instead of SHA3? The answer is simple: Ethereum was created before SHA3 was finalized. As a result, the Ethereum developers decided to use Keccak-256, which was the closest thing to SHA3 at the time.

It’s worth noting that the Ethereum developers don’t intend to switch from Keccak-256 to SHA3. The main reason is that changing this algorithm would require redoing the entire Ethereum blockchain, which is a huge task. As a result, Keccak-256 will remain the hashing algorithm for Ethereum.

Am I Using the Right One?

To make sure you’re using the right hashing algorithm, one way is to check the output of hashing an empty string. Because hash functions are deterministic, the output of hashing an empty string should be the same every time. If you hash an empty string and get the same output as the one below, you’re using Keccak-256:

0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

Here is the output of hashing an empty string with SHA3:

0xa7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

If you get something else when hashing an empty string, you’re not using either of them, and should seriously panic. (Just kidding. But something is definitely wrong.)