Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NIST Requests Public Comment on Proposed SHA-3 Cryptographic Standard

The National Institute of Standards and Technology (NIST) has requested public comments on its newly proposed "Secure Hash Algorithm-3" (SHA-3) Standard, which is designed to protect the integrity of electronic messages.

The draft Federal Information Processing Standard Publication 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, specifies six permutation-based "sponge" functions based on Keccak, the winning algorithm selected from NIST's SHA-3 Cryptographic Hash Algorithm Competition. The functions include four fixed-length cryptographic hash functions, and two closely related "extendable-output" functions (XOFs). The four fixed-length hash functions provide alternatives to the SHA-2 family of hash functions specified in FIPS 180, Secure Hash Standard, which FIPS 202 will supplement. The XOFs can be specialized to hash functions, subject to additional security considerations, or used in a variety of other applications.

Cryptographic hash algorithms are a cornerstone of modern information security. They transform a digital message into a short "message digest" for use in digital signatures. Even a small change in the original message text creates a change in the digest, making it easier to detect accidental or intentional changes to the original message. Hash algorithms are used by many security applications, including random bit generation.

Comments from the public on the draft of FIPS 202 are welcome for the next 90 days until August 26, 2014, after which NIST will incorporate them into the final version of the specification. The draft is available at http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf. Comments may be sent to NIST either electronically or by mail. Full details appear in the Federal Register at https://federalregister.gov/a/2014-12336.

NIST strongly encourages the public to continue analyzing the security of the Keccak family of permutation-based sponge functions in general, and the six algorithms specified in this draft of FIPS 202 in particular, and to submit those analyses as official comments in response to this request.

Released May 29, 2014, Updated January 8, 2018