NIST logo

And Then There Were Five: Finalists Advance in NIST's SHA-3 Cryptography Competition

For Immediate Release: January 5, 2011

*

Contact: Chad Boutin
301-975-4261

On Dec. 9, 2010, the National Institute of Standards and Technology (NIST) announced the selection of five finalists in its ongoing competition to select a new cryptographic hash algorithm standard, one of the fundamental security tools of modern information technology.

Hash algorithms take a message or file of any reasonable length, and produce a short "message digest," a sort of digital fingerprint of the content. A good hash algorithm has two essential characteristics: any change in the original message, however small, must cause a change in the digest, and for any given message and message digest, it must be unfeasible for a forger to create a different message with the same digest.

Hash algorithms are used extensively for cryptographic applications that ensure the authenticity of digital documents, such as digital signatures and message authentication codes, as well as random number generation. Without a good hash algorithm, the standard digital signature algorithms would be much less efficient and practical.

The competition is NIST's response to advances in the cryptanalysis of hash algorithms in recent years. The winning algorithm, to be called SHA-3, will augment the hash algorithms currently specified in Federal Information Processing Standards (FIPS) 180-3, Secure Hash Standard.

Fifty-one algorithms from the initial 64 entries were accepted for the first round of the competition, and 14 of these were selected to advance to the second round. NIST hosted a SHA-3 Candidate Conference at the University of California, Santa Barbara in August 2010, where security and performance analyses of the second-round candidates were presented. Based on public feedback and internal review of these candidates, NIST selected these five finalists in December for advancement to the third and final round of the competition:

  • BLAKE, submitted by Jean-Philippe Aumasson (Nagravision SA, Cheseaux, Switzerland), Luca Henzen (ETHZ, Zürich, Switzerland), Willi Meier (FHNW, Windisch, Switzerland) and Raphael C.-W. Phan (Loughborough University, UK);
  • Grøstl, submitted by Søren Steffen Thomsen, Martin Schläffer, Christian Rechberger, Florian Mendel, Krystian Matusiewicz, Lars R. Knudsen and Praveen Gauravaram from Technical University of Denmark (DTU) and TU Graz;
  • JH, submitted by Hongjun Wu;
  • Keccak, submitted by Guido Bertoni, Joan Daemen and Gilles Van Assche (STMicroelectronics) and Michaël Peeters (NXP Semiconductors); and
  • Skein, submitted by Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas and Jesse Walker.


The competition's rules allow the five finalists to make minor modifications to their algorithms before undergoing another full year of public review. During this time, cryptographers around the world will do their best to find weaknesses in these algorithms.

The deadline for modifications to the five finalist algorithms is Jan. 16, 2011. NIST plans to host the final SHA-3 Candidate Conference in the spring of 2012 to discuss public feedback on these candidates and select the SHA-3 winner later in 2012.

More information about NIST's cryptographic hash project and the SHA-3 competition is available at http://www.nist.gov/hash-competition.