The NIST hash function competition was an open competition held by the US
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
(NIST) to develop a new
hash function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...
called
SHA-3
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
to complement the older
SHA-1
In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...
and
SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
. The competition was formally announced in the ''
Federal Register
The ''Federal Register'' (FR or sometimes Fed. Reg.) is the official journal of the federal government of the United States that contains government agency rules, proposed rules, and public notices. It is published every weekday, except on feder ...
'' on November 2, 2007. "NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the
development process for the
Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
(AES)." The competition ended on October 2, 2012 when NIST announced that
Keccak
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
would be the new SHA-3 hash algorithm.
The winning hash function has been published as NIST FIPS 202 the "SHA-3 Standard", to complement FIPS 180-4, the ''
Secure Hash Standard
The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:
*SHA-0: A retronym applied to the ...
''.
The NIST competition has inspired other competitions such as the
Password Hashing Competition
The Password Hashing Competition was an open competition announced in 2013 to select one or more password hash functions that can be recognized as a recommended standard. It was modeled after the successful Advanced Encryption Standard process and ...
.
Process
Submissions were due October 31, 2008 and the list of candidates accepted for the first round was published on December 9, 2008.
NIST held a conference in late February 2009 where submitters presented their algorithms and NIST officials discussed criteria for narrowing down the field of candidates for Round 2. The list of 14 candidates accepted to Round 2 was published on July 24, 2009.
Another conference was held on August 23–24, 2010 (after
CRYPTO
Crypto commonly refers to:
* Cryptocurrency, a type of digital currency secured by cryptography and decentralization
* Cryptography, the practice and study of hiding information
Crypto or Krypto may also refer to:
Cryptography
* Cryptanalysis, ...
2010) at the
University of California, Santa Barbara
The University of California, Santa Barbara (UC Santa Barbara or UCSB) is a Public university, public Land-grant university, land-grant research university in Santa Barbara County, California, Santa Barbara, California with 23,196 undergraduate ...
, where the second-round candidates were discussed.
The announcement of the final round candidates occurred on December 10, 2010. On October 2, 2012, NIST announced its winner, choosing
Keccak
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
, created by Guido Bertoni, Joan Daemen, and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP.
Entrants
This is an incomplete list of known submissions.
NIST selected 51 entries for round 1.
14 of them advanced to round 2,
from which 5 finalists were selected.
Winner
The winner was announced to be
Keccak
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
on October 2, 2012.
Finalists
NIST selected five SHA-3 candidate algorithms to advance to the third (and final) round:
*
BLAKE
Blake is a surname which originated from Old English. Its derivation is uncertain; it could come from "blac", a nickname for someone who had dark hair or skin, or from "blaac", a nickname for someone with pale hair or skin. Another theory, presuma ...
(Aumasson et al.)
*
Grøstl
Grøstl is a cryptographic hash function submitted to the NIST hash function competition by Praveen Gauravaram, Lars Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen. Grøstl was chosen ...
(
Knudsen et al.)
*
JH (Hongjun Wu)
*
Keccak
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
(Keccak team,
Daemen et al.)
*
Skein
Skein may refer to:
* A flock of geese or ducks in flight
* A wound ball of yarn with a centre pull strand; see Hank
* A metal piece fitted over the end of a wagon axle, to which the wheel is mounted
* Skein (unit), a unit of length used by wea ...
(
Schneier Schneier is a surname. Notable people with the surname include:
* Arthur Schneier (born 1930), Austrian-American rabbi and human rights activist
* Bruce Schneier (born 1963), American cryptographer, computer security specialist, and writer
* Marc Sc ...
et al.)
NIST noted some factors that figured into its selection as it announced the finalists:
*Performance: "A couple of algorithms were wounded or eliminated by very large
ardware gatearea requirement – it seemed that the area they required precluded their use in too much of the potential application space."
*Security: "We preferred to be conservative about security, and in some cases did not select algorithms with exceptional performance, largely because something about them made us 'nervous,' even though we knew of no clear attack against the full algorithm."
*Analysis: "NIST eliminated several algorithms because of the extent of their second-round tweaks or because of a relative lack of reported cryptanalysis – either tended to create the suspicion that the design might not yet be fully tested and mature."
*Diversity: The finalists included hashes based on different modes of operation, including the HAIFA and
sponge function
In cryptography, a sponge function or sponge construction is any of a class of algorithms with finite state (computer science), internal state that take an input bit stream of any length and produce an output bit stream of any desired length. Spon ...
constructions, and with different internal structures, including ones based on AES, bitslicing, and alternating XOR with addition.
NIST has released a report explaining its evaluation algorithm-by-algorithm.
Did not pass to Final Round
The following hash function submissions were accepted for Round Two, but did not make it to the final round. As noted in the announcement of the finalists, "none of these candidates was clearly broken".
*Blue Midnight Wish
*
CubeHash
CubeHash is a cryptographic hash function submitted to the NIST hash function competition by Daniel J. Bernstein. CubeHash has a 128 byte state, uses wide pipe construction, and is ARX based. Message blocks are XORed into the initial bits of a ...
(
Bernstein
Bernstein is a common surname in the German language, meaning "amber" (literally "burn stone"). The name is used by both Germans and Jews, although it is most common among people of Ashkenazi Jewish heritage. The German pronunciation is , but in E ...
)
*ECHO (
France Telecom
Orange S.A. (), formerly France Télécom S.A. (stylized as france telecom) is a French multinational telecommunications corporation. It has 266 million customers worldwide and employs 89,000 people in France, and 59,000 elsewhere. In 2015, ...
)
*
Fugue
In music, a fugue () is a contrapuntal compositional technique in two or more voices, built on a subject (a musical theme) that is introduced at the beginning in imitation (repetition at different pitches) and which recurs frequently in the c ...
(
IBM)
*Hamsi
*Luffa
*Shabal
*SHAvite-3
*
SIMD
Single instruction, multiple data (SIMD) is a type of parallel processing in Flynn's taxonomy. SIMD can be internal (part of the hardware design) and it can be directly accessible through an instruction set architecture (ISA), but it should ...
Did not pass to Round Two
The following hash function submissions were accepted for Round One but did not pass to Round Two. They have neither been conceded by the submitters nor have had substantial cryptographic weaknesses. However, most of them have some weaknesses in the design components, or performance issues.
*ARIRANG (CIST – Korea University)
*CHI
*CRUNCH
*
FSB
*
Lane
In road transport, a lane is part of a roadway that is designated to be used by a single line of vehicles to control and guide drivers and reduce traffic conflicts. Most public roads (highways) have at least two lanes, one for traffic in each ...
*Lesamnta
*
MD6
The MD6 Message-Digest Algorithm is a cryptographic hash function. It uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for MD6-256 on an ...
(
Rivest et al.)
*
SANDstorm
A dust storm, also called a sandstorm, is a meteorological phenomenon common in arid and semi-arid regions. Dust storms arise when a gust front or other strong wind blows loose sand and dirt from a dry surface. Fine particles are transporte ...
(
Sandia National Laboratories
Sandia National Laboratories (SNL), also known as Sandia, is one of three research and development laboratories of the United States Department of Energy's National Nuclear Security Administration (NNSA). Headquartered in Kirtland Air Force Ba ...
)
*Sarmal
*
SWIFFT
In cryptography, SWIFFT is a collection of provably secure hash functions. It is based on the concept of the fast Fourier transform (FFT). SWIFFT is not the first hash function based on FFT, but it sets itself apart by providing a mathematical p ...
X
*TIB3
Entrants with substantial weaknesses
The following non-conceded Round One entrants have had substantial cryptographic weaknesses announced:
*AURORA (
Sony
, commonly stylized as SONY, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. As a major technology company, it operates as one of the world's largest manufacturers of consumer and professional ...
and
Nagoya University
, abbreviated to or NU, is a Japanese national research university located in Chikusa-ku, Nagoya. It was the seventh Imperial University in Japan, one of the first five Designated National University and selected as a Top Type university of T ...
)
*Blender
*Cheetah
*Dynamic SHA
*Dynamic SHA2
*
ECOH
*Edon-R
*
EnRUPT
EnRUPT is a block cipher and a family of cryptographic algorithms based on XXTEA.
EnRUPT hash function was submitted to SHA-3 competition
The NIST hash function competition was an open competition held by the US National Institute of Standards ...
*ESSENCE
*LUX
*MCSSHA-3
*
NaSHA
*Sgàil
*
Spectral Hash Spectral Hash is a cryptographic hash function submitted to the NIST hash function competition by Gokay Saldamlı, Cevahir Demirkıran, Megan Maguire, Carl Minden, Jacob Topper, Alex Troesch, Cody Walker, Çetin Kaya Koç. It uses a Merkle–Damgå ...
*Twister
*Vortex
Conceded entrants
The following Round One entrants have been officially retracted from the competition by their submitters; they are considered broken according to the NIST official Round One Candidates web site. As such, they are withdrawn from the competition.
*Abacus
*Boole
*DCH
*Khichidi-1
*MeshHash
*SHAMATA
*StreamHash
*Tangle
*WaMM
*Waterfall
Rejected entrants
Several submissions received by NIST were not accepted as First Round Candidates, following an internal review by NIST.
In general, NIST gave no details as to why each was rejected. NIST also has not given a comprehensive list of rejected algorithms; there are known to be 13,
but only the following are public.
*HASH 2X
*Maraca
*MIXIT
*NKS 2D
*Ponic
*ZK-Crypt
See also
*
Advanced Encryption Standard process
The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more ...
*
CAESAR Competition
The Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) is a competition organized by a group of international cryptologic researchers to encourage the design of authenticated encryption schemes. The competi ...
– Competition to design authenticated encryption schemes
*
Post-Quantum Cryptography Standardization
Post-Quantum Cryptography Standardization is a program and competition by NIST to update their standards to include post-quantum cryptography. It was announced at PQCrypto 2016. 23 signature schemes and 59 encryption/ KEM schemes were submitted by ...
References
External links
NIST website for competitionSHA-3 ZooClassification of the SHA-3 CandidatesVHDL source code developed by the Cryptographic Engineering Research Group (CERG) at George Mason UniversityFIPS 202 – The SHA-3 Standard
{{Cryptography navbox, hash
Cryptographic hash functions
Cryptography contests
National Institute of Standards and Technology