The National Institute of Standards and Technology (NIST) has released the final version of its "Secure Hash Algorithm-3" standard, a next-generation tool for securing the integrity of electronic information.
Nine years in the making, SHA-3 is the first cryptographic hash algorithm NIST has developed using a public competition and vetting process that drew 64 submissions worldwide of proposed hashing algorithms. The new standard—Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions—is available for download from NIST's website.
Hash algorithms are broadly useful in the world of electronic communications. They transform a digital message into a short "message digest" for use in digital signatures and other applications. Even a small change in the original message creates a change in the digest, making it easier to detect accidental or intentional changes to the original message. Hash functions can be used in a variety of security applications such as message authentication. They also are useful during routine software upgrades to make sure that the new software has not been tampered with.
The SHA-3 standard does not differ markedly from the draft version that was released for public comment in May 2014. It specifies a family of functions based on Keccak, the winning algorithm selected from NIST's SHA-3 Cryptographic Hash Algorithm Competition.
SHA-3 is not the only family of hash functions that NIST approves for hashing electronic messages; the SHA-2 family, specified in FIPS 180-4 that NIST approved for use in 2002, remains secure and viable.
"SHA-3 is very different from SHA-2 in design," says NIST's Shu-jen Chang. "It doesn't replace SHA-2, which has not shown any problem, but offers a backup. It takes years to develop a new standard, and we wanted to be prepared in case problems do occur."
According to Chang, the two standards will complement each other and offer more options to designers of both hardware and software. Some of the SHA-3 functions can, for example, be implemented without requiring much additional circuitry on a chip, potentially making them useful alternatives for securing very small devices.