SHA-3
As of this writing,
SHA-1 has not yet been
“broken.” That is, no one has demonstrated a technique for producing
collisions in less than brute-force time. However, because SHA-1 is very similar
in structure and in the basic mathematical operations used to MD5
and SHA-0, both
of which have
been broken, SHA-1
is considered insecure and has been phased out for SHA-2.
SHA-2, particularly the 512-bit version,
would appear to provide unassailable security. However, SHA-2 shares the same structure and
mathematical operations as its predecessors, and this is a cause
for concern. Because
it will take years to find
a suitable replacement for SHA-2, should it become vulnerable, NIST decided to
begin the process of developing a new hash standard.
Accordingly, NIST announced in 2007 a competition to produce the next generation NIST hash function, to be called
SHA-3. NIST would
like to have a new standard in place by the end of 2012, but emphasizes that this is not a fixed timeline and that the schedule
could slip well beyond that date. The basic requirements that must be satisfied by any candidate for SHA-3 are the following.
1.
It must
be possible to replace SHA-2
with SHA-3 in any application by a simple
drop-in substitution. Therefore, SHA-3
must support hash value lengths
of 224, 256, 384, and 512 bits.
2.
SHA-3 must preserve the online nature
of SHA-2. That is, the algorithm must process comparatively
small blocks (512 or 1024 bits) at
a time instead of requiring that the entire message
be buffered in memory before processing it.
Beyond these basic
requirements, NIST has
defined a set
of evaluation criteria. These criteria are designed to reflect the requirements for the main applications sup- ported by SHA-2, which
include digital signatures, hashed message authentication codes, key generation, and pseudorandom number
generation. The evaluation crite- ria for the new hash function, in decreasing order
of importance, are as follows.
•
Security: The security
strength of SHA-3 should be close to the theoretical maximum for the different
required hash sizes and for both preimage resis- tance and collision
resistance. SHA-3 algorithms must be designed to resist any potentially successful attack on SHA-2 functions. In practice, this probably
means that SHA-3 must be fundamentally different than the SHA-1, SHA-2, and MD5 algorithms in either structure, mathematical functions, or both.
•
Cost: SHA-3 should be both time and memory efficient over a range of hard- ware platforms.
•
Algorithm and implementation characteristics: Consideration will be given
to such characteristics as flexibility (e.g., tunable parameters for security/ performance tradeoffs, opportunity for parallelization, and so on) and simplic- ity. The latter
characteristic makes it easier to analyze the security properties of the algorithm
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.