Cryptographic competitions
Introduction
Secret-key cryptography
Disasters
Features
Focused competitions:
AES
eSTREAM
SHA-3
PHC
CAESAR
Broader evaluations:
CRYPTREC
NESSIE
CAESAR details:
Submissions
Call for submissions
Call draft 5
Call draft 4
Call draft 3
Call draft 2
Call draft 1
Committee
Frequently asked questions

SHA-3: a Secure Hash Algorithm

The MD5 cryptographic hash function was published in April 1992:

This document describes the MD5 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

MD5 became very widely used and inspired a number of similar-looking hash functions, including SHA-0 (1993), SHA-1 (1995), and SHA-2 (2001). SHA-2 is actually four functions: SHA-224, SHA-256, SHA-384, and SHA-512.

On 12 August 2004, Joux, Carribault, Lemuet, and Jalby announced collisions in SHA-0. On 17 August 2004, Xiaoyun Wang independently presented collisions in MD5 and faster collisions in SHA-0. In February 2005, Wang, Yiqun Lisa Yin, and Hongbo Yu announced an attack that could find collisions in SHA-1 using only 2^69 simple operations.

The goal of the SHA-3 competition was to specify "a new hash algorithm to augment and revise" FIPS 180-2, the standard that specified SHA-1 and SHA-2. The SHA-3 competition was organized by the United States National Institute of Standards and Technology (NIST).

Timeline

  • M-21, 2007.01.23: NIST announces SHA-3 competition and draft requirements.
  • M-12, 2007.10.29: NIST publishes call for submissions, including final requirements.
  • M0, 2008.10.31: Deadline for submissions.
  • M2, 2008.12.10: NIST announces selection of 51 first-round candidates.
  • M4, 2009.02.25–28: First SHA-3 Candidate Conference. Leuven.
  • M9, 2009.07.24: NIST announces selection of 14 second-round candidates.
  • M22, 2010.08.23–24: Second SHA-3 Candidate Conference. Santa Barbara.
  • M26, 2010.12.09: NIST announces selection of 5 finalists.
  • M28, 2011.02: Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition.
  • M41, 2012.03.22–23: Third SHA-3 Candidate Conference. Washington.
  • M48, 2012.10.02: NIST announces selection of SHA-3.

Candidates

This list includes the 51 submissions accepted for round 1, and 5 of the 13 submissions not accepted for round 1; the other 8 submissions have not been disclosed.

winner

finalist

round 2

round 1

yes

yes

yes

yes

Keccak

yes

yes

yes

BLAKE

yes

yes

yes

Grøstl

yes

yes

yes

JH

yes

yes

yes

Skein

yes

yes

Blue Midnight Wish

yes

yes

CubeHash

yes

yes

ECHO

yes

yes

Fugue

yes

yes

Hamsi

yes

yes

Luffa

yes

yes

Shabal

yes

yes

SHAvite-3

yes

yes

SIMD

yes

ARIRANG

yes

CHI

yes

CRUNCH

yes

FSB

yes

LANE

yes

Lesamnta

yes

MD6

yes

SANDstorm

yes

Sarmal

yes

SWIFFTX

yes

TIB3

yes

AURORA (broken)

yes

Blender (broken)

yes

Cheetah (broken)

yes

Dynamic SHA (broken)

yes

Dynamic SHA2 (broken)

yes

ECOH (broken)

yes

Edon-R (broken)

yes

EnRUPT (broken)

yes

ESSENCE (broken)

yes

LUX (broken)

yes

MCSSHA-3 (broken)

yes

NaSHA (broken)

yes

Sgàil (broken)

yes

Spectral Hash (broken)

yes

Twister (broken)

yes

Vortex (broken)

yes

Abacus (withdrawn)

yes

Boole (withdrawn)

yes

DCH (withdrawn)

yes

Khichidi-1 (withdrawn)

yes

MeshHash (withdrawn)

yes

SHAMATA (withdrawn)

yes

StreamHash (withdrawn)

yes

Tangle (withdrawn)

yes

WaMM (withdrawn)

yes

Waterfall (withdrawn)

HASH 2X

Maraca

NKS 2D

Ponic

ZK-Crypt

Version: This is version 2014.01.27 of the sha3.html web page.