Skip to content

NIST Hash Algorithm Competition Sees Influx of Entries, Builds Momentum

November 17, 2008

For anyone who follows developments in cryptography, the major news that hit in late October was that The National Institute of Standards and Technology (NIST) hash algorithm competition entered into its truly competitive stage. According to the organizers, 64 entries were submitted by the Oct. 31 deadline.

This is a major milestone in the long process initiated by NIST in November 2005, soon after researchers published new cryptanalysis results on SHA-1.. While NIST recommends transitioning from SHA-1 to the SHA-2 family of algorithms, it also wants to future-proof the hash algorithm selection by inviting new designs from the crypto community. The NIST hash algorithm competition is expected to produce the SHA-3 family of algorithms.

As an aside, Surety replaced SHA-1 with SHA-256 in all AbsoluteProof Service releases starting in December 2005, and follows closely all developments related to hash algorithms. The AbsoluteProof Service is designed so that it can easily support new stronger hash algorithms as they are introduced. When it becomes necessary to upgrade hash algorithms, customers have the option to renew existing seals (timestamp tokens) using the new, stronger hash algorithms. This extends the life of any preexisting timestamp token (seal) beyond the life of the original hash algorithm that was used to generate it. A renewal consists of a second seal computed over the original document and the original seal, and the renewed seal will remain valid even if the original hash algorithm is subsequently broken. In this process, the second seal serves to prove that the original seal already existed at renewal time, that is, at a time when the original hash algorithm was still in good standing (not broken).

While there is no official list of all entries to the NIST hash competition available yet, a partial list is available through cryptography related forums. Many of the most prominent names in cryptography are participating in the competition, along with newcomers and hobbyists. Early disclosure provides an opportunity for experts to start cryptanalysis work on the proposed algorithms, and some of the entries have already been broken!

NIST is expected to organize a first round candidate conference in mid-2009, and successive rounds will whittle down the candidates, until the winners are selected by the year 2012.

Good luck to all, and may the best one win.

– Dimitri Andivahis


Editor’s Note: Dimitri Andivahis is Surety’s Chief Scientist, and has been active in cryptography for 10 years. You can reach Dimitri at {encode=”dimitri@surety.com” title=”dimitri@surety.com”}.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: