Last call for comments on Keccak encryption
The public has one more chance to weigh in on the selection of a Secure Hash Algorithm that will become the new standard for federal digital signatures and other hashing functions.
A hash algorithm is a cryptographic tool that can create a digest – a unique string of bits of a specific length – specific to a digital document. In an environment when most documents are created and used digitally, hashing is an essential tool for verifying the authenticity of documents.
Because the digest is unique and cryptographically tied to the message, it can be used to verify that the contents of a digital document have not been altered. If any changes are made in the document, the digests produced by the hash algorithm before and after will not match. The algorithms also can be used to create digital signatures.
The Keccak algorithm (pronounced “catch-ack”) was selected as the winner of a five-year public competition for a new hashing standard in 2012 by the National Institute of Standards and Technology. It will put a new cryptographic arrow in the federal quiver, supplementing the unexpectedly long-lived SHA-2 family of algorithms.
But before becoming enshrined as SHA-3 in the Federal Information Processing Standards (FIPS), there will be a final round of public comment on Keccak. Because the standard algorithm will be freely available to all users – government and private sector alike – NIST wants to make sure, among other things, that no patents will be infringed in the use of the algorithm.
NIST has announced a final three-month period for public comment on the proposed standard.
The development of SHA-3 was a response to advances over the last decade in the cryptanalysis, or breaking, of hash algorithms. New attacks introduced serious concerns about the security of the SHA-1 algorithm standard, and by 2007 cracks also had begun to appear in the algorithms that collectively make up the SHA-2 standard. So NIST began a competition to find a new, stronger algorithm.
SHA-1 has been retired, but the weaknesses in SHA-2 were not as serious as originally feared, and SHA-2 remains a viable cryptographic tool. Nevertheless, NIST continued with the competition in the expectation of identifying a new algorithm that would be not only more secure, but more efficient.
NIST received 64 entries and after two preliminary rounds, five finalists were selected in December 2010. After 18 months of review, Keccak was selected as the winning algorithm in October, 2012.
There were no published attacks that “in any real sense,” threated the practical security of any of the finalists, NIST wrote in its announcement, and all finalists had acceptable margins of security. But Keccak is a little stronger and a little faster than SHA-2 and it has the largest margin of security among the finalists. Its simplicity and flexibility means it should be able to run efficiently on a wide variety of platforms.
Also, SHA-3 will not replace SHA-2, but will become a standard for hashing alongside it the foreseeable future.
The Draft FIPS 202 specifies six functions based on Keccak. Four are fixed-length cryptographic hash functions and two are closely related "extendable-output" functions (XOFs). The four fixed-length hash functions provide alternatives to the SHA-2 family. The XOFs can be used in a variety of applications, including generating and verifying digital signatures, key derivation functions and random bit generation.
NIST is proposing the creation of FIPS 202, specifying SHA-3 as a hashing standard, and changes to the existing FIPS 180-4, which contains the SHA-2 specifications, to also allow use of SHA-3. Comments should be sent by Aug. 26 to [email protected] with “Comment on Draft FIPS 202” or “Comment on draft revision to the Applicability Clause of FIPS 180” in the subject lines.
Posted by William Jackson on Jun 13, 2014 at 6:58 AM