In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible.

In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms. All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C.

Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-$f\left[800\right]$ always outperforms other permutations based on Keccak-$f$ when the capacity $c$ stays below 276 bits. In addition, Keccak-$f\left[800\right]$ has the added advantage of using less flash memory on 32-bit platforms.

2015 年，美国国家标准与技术研究院 (NIST) 宣布 Keccak 作为 SHA  3 中使用的新原语，不是取代而是补充了 SHA  2。 Keccak 原语基于海绵结构，具有可以控制的灵活参数由用户来满足应用程序的需要。但是，SHA  3 标准限制并预定义了要使用的 Keccak 参数，从而使其使用不那么灵活。

在本文中，我们尝试了解这些参数对内存大小和吞吐量的影响，特别是对于速度和效率很重要的物联网 (IoT) 中使用的受限设备。除了在真实设备上评估代码外，还提供了一个数学模型，有助于预测 Keccak 原语的性能。我们还比较了不同平台上SHA  2 和 SHA  3的标准函数。SHA  2、SHA  3 和 Keccak 的所有实现都完全用 Rust 编写，因为 Rust 保证安全的内存操作，同时具有与 C 相同的性能。

我们的测量表明，对于软件实现，SHA  2 在所有测试平台上始终比 SHA 3快。当只看 Keccak 结构时，Keccak-$F\left[800\right]$ 总是优于基于 Keccak 的其他排列 -$F$ 当容量 $C$保持在 276 位以下。此外，Keccak-$F\left[800\right]$ 具有在 32 位平台上使用更少闪存的额外优势。