Cryptographic Hash Algorithm Competition

NIST opened a public competition on Nov. 2, 2007 to develop a new cryptographic hash algorithm, which converts a variable length message into a short "message digest" that can be used for digital signatures, message authentication and many other security applications in the information infrastructure. The competition is NIST's response to advances in the cryptanalysis of hash algorithms. The new hash algorithm will be referred to as "SHA-3" and will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standard. The competition is expected to end in 2012.

A cryptographic hash algorithm is designed to provide a random mapping from a string of binary data to a fixed-size "message digest" and achieve certain security properties. FIPS 180-3 specifies five cryptographic hash algorithms for federal use — SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

In recent years, several cryptographic hash algorithms have been successfully attacked, and serious attacks have been published against the NIST-approved SHA-1. In response, NIST held two public workshops to assess the status of its approved hash algorithms and to solicit public input on its cryptographic hash algorithm policy and standard. As a result of these workshops, NIST decided to develop one or more additional hash algorithms through a public competition, similar to the development process of the Advanced Encryption Standard (AES).

NIST announced the "SHA-3" competition in a Federal Register Notice on Nov. 2, 2007. Sixty-four entries were received by the submission deadline of Oct. 31, 2008. Among these, fifty-one entries were selected as the first-round candidates in Dec. 2008, and fourteen were selected as the second-round candidates in July 2009. A year was allocated for the public review of the fourteen second-round candidates.

NIST hosted a SHA-3 Candidate Conference at the University of California, Santa Barbara on August 23-24, 2010, where security and performance analyses of the second-round candidates were presented. NIST received significant feedback from the cryptographic community both before and after the conference. Based on the public feedback and internal reviews of the second-round candidates, NIST selected five finalists – BLAKE, Grøstl, JH, Keccak, and Skein, to advance to the third (and final) round of the competition on December 9, 2010. A one-year public comment period is planned for these candidates. NIST plans to host the final SHA-3 Candidate Conference in the spring of 2012 to discuss the public feedback on the third-round candidates, and select the SHA-3 winner later in 2012.

For more information regarding the Cryptographic Hash Algorithm Competition Project, please visit the Computer Security Resource Center (CSRC).

• First Cryptographic Hash Workshop, October 31-November 1, 2005; 
• Second Cryptographic Hash Workshop, August 24-25, 2006;
• Draft Minimum Acceptability Requirements, Submission Requirements, and Evaluation Criteria for candidate hash algorithms published for public comment [Federal Register Notice (January 23, 2007)]; 
• Call for a New Cryptographic Hash Algorithm (SHA-3) Family published [Federal Register Notice (November 2, 2007)]; SHA-3 competition began; 
• Sixty-four entries reviewed, fifty-one chosen as the first-round candidates on December 9, 2008;
• First SHA-3 Candidate Conference, February 25-28, 2009;
• Fourteen second-round candidates announced on July 24, 2009;
• Second SHA-3 Candidate Conference, August 23-24, 2010;
• Five SHA-3 finalists announced on December 9, 2010.