Email this Article Email   

CHIPS Articles: NIST Releases SHA-3 Cryptographic Hash Standard

NIST Releases SHA-3 Cryptographic Hash Standard
By NIST Tech Beat - August 10, 2015
The National Institute of Standards and Technology (NIST) has released the final version of its "Secure Hash Algorithm-3” standard, a next-generation tool for securing the integrity of electronic information.

Nine years in the making, SHA-3 is the first cryptographic hash algorithm NIST has developed using a public competition and vetting process that drew 64 submissions worldwide of proposed hashing algorithms. The new standard—Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions—is available for download from NIST's website.

Hash algorithms are broadly useful in the world of electronic communications. They transform a digital message into a short "message digest" for use in digital signatures and other applications. Even a small change in the original message creates a change in the digest, making it easier to detect accidental or intentional changes to the original message. Hash functions can be used in a variety of security applications such as message authentication. They also are useful during routine software upgrades to make sure that the new software has not been tampered with.

The SHA-3 standard does not differ markedly from the draft version that was released for public comment in May 2014. It specifies a family of functions based on Keccak, the winning algorithm selected from NIST's SHA-3 Cryptographic Hash Algorithm Competition.

SHA-3 is not the only family of hash functions that NIST approves for hashing electronic messages; the SHA-2 family, specified in FIPS 180-4 that NIST approved for use in 2002, remains secure and viable.

"SHA-3 is very different from SHA-2 in design," says NIST's Shu-jen Chang. "It doesn't replace SHA-2, which has not shown any problem, but offers a backup. It takes years to develop a new standard, and we wanted to be prepared in case problems do occur."

According to Chang, the two standards will complement each other and offer more options to designers of both hardware and software. Some of the SHA-3 functions can, for example, be implemented without requiring much additional circuitry on a chip, potentially making them useful alternatives for securing very small devices.

-- Federal Register announcement of approval of SHA-3
-- FIPS202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
-- FIPS108-4: Secure Hash Standard (revised to reflect the approval of SHA-3)
-- NIST Tech Beat story on release of draft standard for SHA-3, June 2014

The National Institute of Standards and Technology (NIST) is an agency of the U.S. Department of Commerce.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer