NIST logo

NIST Issues Call for a New 'Hash' Algorithm

For Immediate Release: November 8, 2007

*

Contact: Ben Stein
301-975-3097

The National Institute of Standards and Technology (NIST) has opened a competition to develop a new cryptographic "hash" algorithm, a tool that converts a file, message or block of data to a short "fingerprint" for use in digital signatures, message authentication and other computer security applications. The competition is NIST’s response to recent advances in the analysis of hash algorithms. The new hash algorithm will be called Secure Hash Algorithm-3 (SHA-3) and will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. NIST’s goal is that SHA-3 provide increased security and offer greater efficiency for the applications using cryptographic hash algorithms. FIPS standards are required for use in federal civilian computer systems and are often adopted voluntarily by private industry.

FIPS 180-2 specifies five cryptographic hash algorithms, including SHA-1 and the SHA-2 family of hash algorithms. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design, NIST has decided to standardize an additional hash algorithm to augment the ones currently specified in FIPS 180-2.

NIST issued a Call for a New Cryptographic Hash Algorithm (SHA-3) Family in a Federal Register Notice on Nov. 2, 2007. The announcement specifies the submission requirements, the minimum acceptability requirements, and the evaluation criteria for candidate hash algorithms. Entries for the competition must be received by Oct. 31, 2008. Details about the competition are available at www.nist.gov/hash-competition.