25 January 2007, 10:03

New successor to SHA-1 hash algorithm to be developed

After long delays, the U.S. National Institute of Standards and Technology (NIST) has decided to determine a successor to the SHA-1 hash algorithm by public competition. In February 2005, a Chinese research team demonstrated a way of calculating collisions significantly faster than had previously been thought possible. SHA is used by many applications as a so-called 'hash' function, to check the validity of data. In particular, many digital signature procedures use SHA.

A hash function generates a relatively short number, the hash value, from a set of data, which is used as a kind of fingerprint. If the saved hash value for the original is the same as that for a given copy, it can be assumed that the data is the same and has not been changed. If, however, it is possible to deliberately create a second set of data with the same hash value, then the function has been cracked. Equal hash values from different sets of data are known as collisions. Attackers could then manipulate data without this being apparent from the hash value.

Although in principle SHA-1 has still not directly been cracked, efforts to look for a successor began back in 2005. Algorithms of the SHA-2 family (SHA-224, SHA-256, SHA-384 and SHA-512) were proposed, they are, however, essentially based on the same algorithm as SHA-1, but simply produce longer hash values. They are therefore likely to be vulnerable to the same type of attacks. However, because the SHA algorithm is authorised for use with government agencies as part of the Federal Information Processing Standard (FIPS), the NIST wanted to stick with SHA - and still prefers migration to SHA-2.

In parallel to this, the NIST wants to set in motion the development of a new function, as was done a few years ago with AES, the successor to DES. International cryptologists have called for this repeatedly. The NIST has therefore now published a notice of requirements, comments on which can be submitted until 27th April 2007. The minimum final requirements will then be presented at an RSA conference and FSE 2007. Proposals for a new function will then be accepted up to the end of 2008. The winner will become the Secure Hashing Standard SHS - the whole process will, however, take until 2012.