Keccak – XRP, Crypto, Blockchain, Economic Cycles, Crypto News, FLR

ALL 0-9 $A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Keccak-256

Technical • Cryptography • Hash Algorithms

the sponge-based hash algorithm powering Ethereum

Keccak-256 is the cryptographic hash function used throughout Ethereum and EVM-compatible blockchains. It produces a 256-bit (64-character hexadecimal) output from any input, just like SHA-256 — but its internal architecture is fundamentally different. While SHA-256 uses the Merkle–Damgård construction that processes data in sequential blocks, Keccak uses a sponge construction that absorbs input data and squeezes out the hash in a way that eliminates entire categories of vulnerability. The most significant advantage is immunity to length-extension attacks. SHA-256 requires double hashing to mitigate this weakness. Keccak does not — a single pass is sufficient for full security, which is why Ethereum never needed to implement double hashing in its protocol design. Keccak was selected as the SHA-3 standard by NIST in 2012 after a five-year public competition, but Ethereum’s implementation uses the original Keccak submission rather than the finalized NIST SHA-3 specification. The two produce different outputs from the same input due to a padding difference NIST introduced during standardization. This distinction matters — tools labeled “SHA-3” will not produce the same results as Ethereum’s Keccak-256. In Ethereum, Keccak-256 is everywhere. It generates wallet addresses from public keys. It computes function selectors that the EVM uses to route smart contract calls. It hashes storage slot locations for contract state. It produces transaction and receipt hashes. It secures the Merkle Patricia Trie that stores Ethereum’s entire world state. Every interaction with Ethereum — sending a transaction, calling a contract, verifying a balance — passes through Keccak-256 at some layer of the stack.

Use Case: When a user calls a function on an Ethereum smart contract, the EVM takes the first four bytes of the Keccak-256 hash of the function signature to identify which function to execute. If you call transfer(address,uint256), the EVM hashes that string with Keccak-256 and matches the first four bytes — routing execution without ever reading the function name as text.

Key Concepts:

SHA-256 — Bitcoin’s Merkle–Damgård hash algorithm that Keccak was designed to succeed
Cryptographic Hash — The broader category of one-way functions that Keccak-256 belongs to
Collision Resistance — Security property providing 128 bits of collision resistance from Keccak’s 256-bit output
Double Hash — The two-pass technique SHA-256 requires but Keccak’s sponge construction eliminates
Sponge Construction — Keccak’s internal architecture that absorbs and squeezes data without Merkle–Damgård weaknesses
EVM Function Selector — First four bytes of the Keccak-256 hash used to route smart contract calls
Merkle Patricia Trie — Ethereum’s state storage structure secured by Keccak-256 at every node
NIST SHA-3 vs Keccak — The padding difference that makes Ethereum’s Keccak-256 output differ from standardized SHA-3
$ETH — The native asset of the network built entirely on Keccak-256 hashing
Smart Contracts — Programs whose function routing and storage depend on Keccak-256 hashing
ERC-20 — Token standard where every transfer and approval call is routed via Keccak-256 selectors
Security Model — Framework where Keccak’s sponge construction provides the foundational hash assumption

Summary: Keccak-256 is to Ethereum what SHA-256 is to Bitcoin — the cryptographic foundation that every transaction, address, contract call, and state proof depends on. Its sponge construction solved the architectural weaknesses of Merkle–Damgård hashing, delivering single-pass security that Bitcoin’s protocol requires double hashing to achieve. Understanding Keccak-256 is understanding why Ethereum’s security model works differently from Bitcoin’s at the most fundamental level.

Property	Keccak-256 (Ethereum)	SHA-256 (Bitcoin)
Construction	Sponge	Merkle–Damgård
Output Size	256 bits	256 bits
Length-Extension Immune	Yes — by design	No — requires double hashing
Collision Resistance	128 bits (secure)	128 bits (secure)
Double Hashing Needed	No	Yes (Bitcoin standard)
NIST Standard	Pre-standardization Keccak (different padding)	SHA-2 family (2001)

Where Ethereum Uses Keccak-256

the algorithm touches every layer of the EVM

Ethereum Component	Keccak-256 Application	Why It Matters
Wallet Addresses	Public key → Keccak-256 → last 20 bytes = address	Every ETH address is derived from Keccak
Function Selectors	First 4 bytes of Keccak-256(function signature)	Routes every smart contract call
Storage Slots	Keccak-256(key + slot number) for mappings	Locates contract state in storage
Transaction Hashes	Keccak-256 of RLP-encoded transaction data	Unique identifier for every transaction
State Trie	Merkle Patricia Trie nodes hashed with Keccak-256	Secures Ethereum’s entire world state
Event Logs	Keccak-256 of event signature → topic[0]	Indexes and identifies emitted events

Sponge vs Merkle–Damgård Construction

why Keccak eliminated an entire class of attacks

The Merkle–Damgård construction (used by SHA-256, MD5, SHA-1) processes data by chaining compression functions — the output of each block feeds into the next. This creates an internal state that, if known, allows an attacker to extend the hash without knowing the original input. The sponge construction processes data differently. It absorbs input into a large internal state, then squeezes output from that state. Critically, the internal state is larger than the output — Keccak’s state is 1600 bits while it only outputs 256. The remaining 1344 bits of internal state are never exposed, making length-extension attacks structurally impossible.

Feature	Merkle–Damgård (SHA-256)	Sponge (Keccak-256)
Internal State	256 bits (same as output)	1600 bits (6.25× output size)
State Exposure	Fully exposed in output	Only 256 of 1600 bits revealed
Length-Extension	Vulnerable — requires double hashing to mitigate	Immune — hidden capacity prevents attack
Design Philosophy	Chain compression outputs sequentially	Absorb input, squeeze output from hidden state

SHA-3 vs Ethereum’s Keccak-256

the padding difference that matters

When NIST standardized Keccak as SHA-3 in 2015, they added a two-bit suffix to the padding scheme — a domain separation flag that distinguishes SHA-3 from other sponge-based modes. Ethereum adopted Keccak before this change was finalized, which means Ethereum’s “Keccak-256” and NIST’s “SHA3-256” produce different outputs from the same input.

Detail	Ethereum Keccak-256	NIST SHA3-256
Padding Suffix	0x01	0x06
Core Algorithm	Identical Keccak-f[1600]	Identical Keccak-f[1600]
Output Compatibility	Different from SHA3-256	Different from Ethereum

Practical Impact: If you use a library’s SHA3-256 function to compute an Ethereum address or verify a transaction hash, you will get the wrong result. Always verify that your tooling implements Keccak-256 specifically, not NIST SHA-3.

Keccak-256 Checklist

algorithm literacy — four-quadrant self-assessment

Category	Checkpoint	Status
🟦 Fundamentals	Can explain the difference between sponge and Merkle–Damgård construction	⬜
	Understand why Keccak-256 does not need double hashing	⬜
	Know that Ethereum’s Keccak-256 differs from NIST SHA3-256	⬜
🟩 Ethereum Context	Can identify where Keccak-256 is used in Ethereum (addresses, selectors, storage, TXs, state trie, events)	⬜
	Understand how function selectors are derived from Keccak-256 hashes	⬜
	Know that the Merkle Patricia Trie securing all Ethereum state is Keccak-256 based	⬜
🟧 Cross-Chain Awareness	Can compare Keccak-256 (Ethereum) vs SHA-256 (Bitcoin) security models	⬜
	Understand that EVM-compatible chains (Polygon, Arbitrum, BSC) also use Keccak-256	⬜
	Know why some chains chose alternatives to both SHA-256 and Keccak (Blake2, Poseidon)	⬜
🟥 Security Depth	Understand that Keccak’s 1600-bit internal state hides 1344 bits from the output	⬜
	Know that sponge construction provides domain separation without protocol-level workarounds	⬜
	Can evaluate whether a tooling library implements Keccak-256 or NIST SHA-3 correctly	⬜

Whether your assets live on Ethereum or Bitcoin, the hash algorithms protecting them are only as strong as your key storage — secure with Ledger or Tangem.

Behavioral Finance Creative Yield Models Cycle Patterns Governance Layer Real-World Assets Sovereign Assets Token Income Web3 Infrastructure

« Index