Tuesday, December 23, 2008

Round 1 Candidates for SHA-3

NIST announced the round 1 candidates for the SHA-3 competition, and crypto experts and math geeks everywhere had a SHA-gasm.

As background, National Institute of Standards & Technology decided to open a public competition for the development of SHA-3, the latest incarnation of the Secure Hash Algorithm.

NIST decided that a new version was needed due to the increase in attacks against SHA-1, and the fact that both SHA-1 and SHA-2 share a common framework. If SHA-1 goes down, SHA-2 won't be far behind.


The competition is supposed to run through 2012, and first round entrants needed to have their submissions in by October 31, 2008. Sixty-four submissions were received, and 51 of these were accepted. A couple of those accepted have already been broken, so it's looking like it won't take nearly as long to trim the field as originally expected.


SHA was developed as a set of cryptographic hash functions by the NSA, and a great many security protocols and applications employ SHA. Since SHA is essentially really hard math, it's not unbreakable, and over the last several years, concerns have been raised about potential mathematical weaknesses in the existing algorithms.

SHA-1 attacks in 2005 pointed out some security flaws, and everyone agreed that a stronger hash function would be needed. As of today, there haven't been any reported SHA-2 attacks or associated flaws.


The SHA-3 competition is similar to the efforts to develop Advanced Encryption Standard (AES), a block cipher adopted as an encrypted standard by the US government. Development of AES was needed after it became apparent that neither DES or 3DES were secure in this age of more powerful computing. AES is now used extensively in symmetric key encryption.


A hash function takes binary data (1s and 0s for you non-binary types) called the message, and condenses it down into the smaller message digest. To make that easier to understand, think about the Readers Digest magazine - taking longer versions and squishing them down for presentation - even though the whole story wasn't there, you got the gist of what the writer was saying.


A cryptographic hash function is a deterministic procedure (the algorithm, or really hard math) that takes a chunk of data and returns a fixed-length bit string, known as the hash value. If I go back and change any of the original chunk of data, either accidently or on purpose, then the hash value will also change. From a security perspective, I would know that the original data has been tampered with.

In this case, I would call the chunk of data the message, and the hash value the message digest. I can use the hash value as part of a digital signature (such as signing email or data transmissions to ensure integrity), for authentication purposes (proving you are who you say you are before granting access), or for any number of information security reasons.


Hopefully, the SHA-3 competition will provide a foundationally-secure algorithm that will buy us 5-10 years of grace before SHA-3 itself is broken. Letting crypto experts worldwide submit their own entries while trying their best to crack the submissions of others is a good start. It takes a special mind to be able to understand this stuff, and an incredible mind to create it.



No comments:

Post a Comment

Please tell me what you think.