security

NIST issues SHA-3 cryptographic hash standard

The National Institute of Standards and Technology has released the final version of its Secure Hash Algorithm-3 standard, which it calls “a next-generation tool for securing the integrity of electronic information.”

The SHA-3 family of hash functions was developed through a public competition that drew 64 submissions for proposed hashing algorithms. The new standard, Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, is based on an instance of the KECCAK algorithm that NIST selected as the winner of the SHA-3 Cryptographic Hash Algorithm Competition in October 2012.

A hash algorithm is a cryptographic tool that can create a digest – a unique string of bits of a specific length – specific to a digital document. Even a small change in the original message creates a change in the digest, making it easier to detect accidental or intentional changes to the original message. In an environment when most documents are created and used digitally, hashing is an essential tool for verifying the authenticity of documents and digital signatures. Hash functions also can be used for message authentication and to verify that software has not been tampered with. Other applications of cryptographic hash functions include pseudorandom bit generation, message authentication codes and key derivation functions, according to NIST.

SHA-3 is not the only family of hash functions that NIST approves for hashing electronic messages; the SHA-2 family, approved for use in 2002, remains secure and viable. The two standards will complement each other and offer more options to designers of both hardware and software, according to NIST’s Shu-jen Chang. Some of the SHA-3 functions can, for example, be implemented without requiring much additional circuitry on a chip, potentially making them useful alternatives for securing very small devices, he said.

"SHA-3 is very different from SHA-2 in design," Chang said. "It doesn't replace SHA-2, which has not shown any problem, but offers a backup. It takes years to develop a new standard, and we wanted to be prepared in case problems do occur."

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected