The Cryptography Olympics : the hash algorithm contest
36 teams from all over the world have qualified for the Cryptographic Hash Algorithm Competition – a kind of first Olympic Games for Cryptography – which will be taking place from the 25th to 28th of February 2009 at the Katholieke Universiteit Leuven. The objective is, within the next three years, to achieve an IT security standard that meets the exacting demands of the IT industry and is able to keep pace with technical developments. The application process, which has taken several years, pits various hash algorithms, which will form the basis for password protection or digital signatures, against each other. The winning algorithm will receive the SHA-3 (secure hash algorithm) trophy and will have to compete, from 2012, against SHA-1 and SHA-2 as a global standard. Graz University of Technology, which is taking part in the contest, in conjunction with the Technical University of Denmark, hosts a list of current submissions.
The impetus for the cryptography competition was provided by the cracking of existing security standards by various researchers. Such attacks serve to probe protection mechanisms and aid their development. Because the world needs reliable protection, the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, issued the call for an international Cryptographic Olympics. The victorious algorithm must fulfil the full range of requirements imposed by data processing technology, ranging from sensors the size of a grain of sand, to future high speed data networks. The competitors lining up in Leuven are major players – the list includes Microsoft, Sony, the Massachusetts Institute of Technology (MIT) and leading business and scientific institutions.
The Federal Information Processing Standard Publication on Secure Hash Standard (SHS) — FIPS 180-3 — is published by NIST and the U.S. Department of Commerce. This publication specifies five secure hash algorithms: SHA-1 (now considered weak, following several successful attacks) and SHA-224, SHA-256, SHA-384, and SHA-512, the members of the SHA-2 family. These are used in procedures such as OpenPGP encryption using GnuPG for generating digital signatures and checksums for downloaded software.