Agreed. No contradiction. keccak.team does not say ARX is broken, only harder to analyze (and slow in HW, and getting obsoleted).
It is however a fact that several cryptographers are moving away from ARX. Some do that for hardware efficiency (e.g., as promoted by NORX designers), some do that to better estimate impacts of differential…
Yes and no. After all, these are just modes using Keccak (think, say, AES-CBC, AES-GCM all use AES), so the choice depends more on the purpose than anything else. But indeed, the naming is confusing. Instead of…
Blake2, modern? With the same addition/xor mixture and narrow pipe Merkel-Damgard as MD4, MD5 or SHA-1/2, it's kinda old fashioned.
Mismatches can show an interesting property. It is likely that SHA-256 is slower than Keccak on 64-bit platforms, and that SHA-512 is slower than Keccak on 32-bit platform.
This page has an interesting speed graph: http://kangarootwelve.org/
And all the SHA-3-derived functions in SP 800-185. For instance, ParallelHash is super fast and a NIST standard.
Even after 16 yrs, SHA-2 has actually not received so much cryptanalysis effort, the majorty of which comes from the same group, and the effort is further diluted into two different 32/64-bit designs [1]. Add to that…
Agreed. No contradiction. keccak.team does not say ARX is broken, only harder to analyze (and slow in HW, and getting obsoleted).
It is however a fact that several cryptographers are moving away from ARX. Some do that for hardware efficiency (e.g., as promoted by NORX designers), some do that to better estimate impacts of differential…
Yes and no. After all, these are just modes using Keccak (think, say, AES-CBC, AES-GCM all use AES), so the choice depends more on the purpose than anything else. But indeed, the naming is confusing. Instead of…
Blake2, modern? With the same addition/xor mixture and narrow pipe Merkel-Damgard as MD4, MD5 or SHA-1/2, it's kinda old fashioned.
Mismatches can show an interesting property. It is likely that SHA-256 is slower than Keccak on 64-bit platforms, and that SHA-512 is slower than Keccak on 32-bit platform.
This page has an interesting speed graph: http://kangarootwelve.org/
And all the SHA-3-derived functions in SP 800-185. For instance, ParallelHash is super fast and a NIST standard.
Even after 16 yrs, SHA-2 has actually not received so much cryptanalysis effort, the majorty of which comes from the same group, and the effort is further diluted into two different 32/64-bit designs [1]. Add to that…