As of this writing, SHA-1 has not yet been “broken.” That is, no one has demonstrated a technique for producing collisions in less than brute-force time.

**SHA-3**

As of this writing,
SHA-1 has not yet been
“broken.” That is, no one has demonstrated a technique for producing
collisions in less than brute-force time. However, because SHA-1 is very similar
in structure and in the basic mathematical operations used to MD5
and SHA-0, both
of which have
been broken, SHA-1
is considered insecure and has been phased out for SHA-2.

SHA-2, particularly the 512-bit version,
would appear to provide unassailable security. However, SHA-2 shares the same structure and
mathematical operations as its predecessors, and this is a cause
for concern. Because
it will take years to find
a suitable replacement for SHA-2, should it become vulnerable, NIST decided to
begin the process of developing a new hash standard.

Accordingly, NIST announced in 2007 a competition to produce the next generation NIST hash function, to be called
SHA-3. NIST would
like to have a new standard in place by the end of 2012, but emphasizes that this is not a fixed timeline and that the schedule
could slip well beyond that date. The basic requirements that must be satisfied by any candidate for SHA-3 are the following.

**1.
**It must
be possible to replace SHA-2
with SHA-3 in any application by a simple
drop-in substitution. Therefore, SHA-3
must support hash value lengths
of 224, 256, 384, and 512 bits.

**2.
**SHA-3 must preserve the online nature
of SHA-2. That is, the algorithm must process comparatively
small blocks (512 or 1024 bits) at
a time instead of requiring that the entire message
be buffered in memory before processing it.

Beyond these basic
requirements, NIST has
defined a set
of evaluation criteria. These criteria are designed to reflect the requirements for the main applications sup- ported by SHA-2, which
include digital signatures, hashed message authentication codes, key generation, and pseudorandom number
generation. The evaluation crite- ria for the new hash function, in decreasing order
of importance, are as follows.

•
**Secur****i****ty****: **The security
strength of SHA-3 should be close to the theoretical maximum for the different
required hash sizes and for both preimage resis- tance and collision
resistance. SHA-3 algorithms must be designed to resist any potentially successful attack on SHA-2 functions. In practice, this probably
means that SHA-3 must be fundamentally different than the SHA-1, SHA-2, and MD5 algorithms in either structure, mathematical functions, or both.

•
**Cost****: **SHA-3 should be both time and memory efficient over a range of hard- ware platforms.

•
**Algor****i****thm and ****i****mplementat****i****on character****i****st****i****cs****: **Consideration will be given
to such characteristics as flexibility (e.g., tunable parameters for security/ performance tradeoffs, opportunity for parallelization, and so on) and simplic- ity. The latter
characteristic makes it easier to analyze the security properties of the algorithm

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail

Cryptography and Network Security Principles and Practice : Cryptographic Data Integrity Algorithms : Cryptographic Hash Functions : SHA-3 |

**Related Topics **

Privacy Policy, Terms and Conditions, DMCA Policy and Compliant

Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.