UPDATE: PROJECTS AND PRODUCTS OF NOTE
Let the cracking begin
Analysts hammer away at candidates vying to become the next Secure Hash Algorithm
- By William Jackson
- Jan 12, 2009
RESEARCHERS have begun looking for flaws in candidates for a new Secure Hash Algorithm in the first round of a competition to select the next government standard for the cryptographic tools.
In the weeks since their selection, three of 51 initial candidates have been taken out of the running, as their submitters have conceded that the algorithms are broken. That number is expected to grow, said Bill Burr, manager of the Security Technology Group at the National Institute of Standards and Technology, which is conducting the competition.
“There are probably more than three or four broken” that have not yet been withdrawn from consideration, Burr said.
The competition seeks to harness the collective brainpower of the cryptographic community to identify strengths and weaknesses of possible hash algorithms.
A hashing algorithm is a cryptographic formula for generating a unique, fixedlength numerical digest — or hash — of a message. A hash can be used to securely confirm that a document has not been altered because the contents of the message cannot be derived from the hash and the hash is, to a high degree of probability, unique for each message. Hashes can also be used to effectively sign an electronic document and link the signature to the contents.
The new standard, which will become SHA-3, will augment and eventually replace the algorithms now specified in Federal Information Processing Standard 180-2. The standard now uses SHA-1 and SHA-2. The latter is composed of SHA-224, SHA- 256, SHA-384 and SHA-512. Officials decided to open a competition for SHA-3 in 2007 after weaknesses were discovered in the existing algorithms. The final selection of a new standard is expected in 2012.
SHA-3 candidates must:
Be publicly disclosed and available without royalties.
Work on a wide range of hardware and software platforms.
Support 224-, 256- and 512-bit encryption.
“Of the 64 submissions we got, 51 satisfied our minimum criteria,” Burr said. “There is a tremendous range of entries from a huge range of individuals” — from high school students to professors and cryptographic professionals.
This is the third cryptographic competition conducted by NIST. The first, to select the Digital Encryption Standard in the 1970s, drew just two submissions, only one of which was seriously considered, Burr said. In the 1990s, the competition for the DES replacement — the Advanced Encryption Standard — drew about 15 submissions.
The level of interest in the SHA-3 competition reflects the satisfaction in the community with the AES process, Burr said. Cryptographic standards are different from most other technical standards, which are developed through accommodation and compromise. “Cryptography doesn’t work that way,” he said. “It has to be really tightly designed.”
The process suits cryptographers, Burr said. “Cryptographers are the most competitive people in the world. They love it.”
NIST will hold a series of public workshops to narrow the field, beginning next month with a conference Feb. 25-28 in Belgium in conjunction with the 16th International Workshop on Fast Software Encryption.
NIST officials hope to winnow the contestants down to 15 by late summer and from those select a final five in 2010. “We want to give people about a year to bang on 15 of them. Fifty-one is too many,” Burr said.
The candidates are posted online at NIST’s Computer Security Resource Center.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.