Attacks hit, but don't break, new SHA-3 candidate
A report to be published later this month will describe the most successful attack yet against the new Secure Hash Algorithm, cryptographer Adi Shamir said.
The new collision attacks are good on up to five rounds of encryption that uses the Keccak scheme, Shamir (the S in RSA) said at the recent RSA Conference in San Francisco. Previous best efforts to crack the encryption algorithm worked against only two rounds of encryption. But the new algorithm still remains stronger than the best attacks yet discovered against it — it may not be perfect, but because the SHA-3 implementation calls for 24 rounds of encryption, it is nowhere near broken.
Keccak was selected by the National Institute of Standards and Technology in October, after a five-year competition, to be the new Federal Information Processing Standard for secure hashing and is expected to be officially designated SHA-3 by the Commerce Secretary this year. Keccak was chosen because of its speed and because of its resistance to cryptanalytic attacks.
“I think it’s a good choice,” Shamir said, and he wants to see it in use.
A hash algorithm is a cryptographic tool that can create a digest, or string of bits of a specific length, for a digital document. The digest is unique to the message and can be used to verify that the contents of a digital document have not been altered. If a message is changed by a third party, the before and after digests produced by the hash algorithm no longer will match. Hash algorithms also can be used to create digital signatures.
A collision attack is a way of finding two messages that will produce the same hash value, or a hash collision. Weaknesses against these types of attack discovered in 2007 in the current SHA-2 standard used by government were the reason for the search for a new standard. Despite concerns at that time, SHA-2 has proved to be more robust than expected and is not being abandoned as a standard.
The government is in the process of moving away from the original SHA-1 algorithm, but the newest standard will complement rather than replace SHA-2, NIST officials have said. Although agencies will be able to use SHA-3 in new implementations using secure hashes if they wish, they will not have to replace SHA-2 where it already is in use.