NIST Unveils Next Generation of Hash Algorithm'Keccak' Praised for Elegant Design
IT security professionals at the National Institute of Standards and Technology work deliberately, taking years to revise intricate information security guidance or choosing the next generation of cryptographic hash algorithm.
Nearly five years after announcing a competition to develop a new cryptographic hash algorithm, NIST announced a winner on Oct. 2: Keccak (pronounced catch-ack), which was created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors, both major European semiconductor companies.
NIST says the European team defeated 63 other submissions, and will become the Institute's SHA-3 hash algorithm. In 2007, NIST security experts thought SHA-2, the standard secure hash algorithm, might be threatened, so it sought a new one through the competition.
Cryptographic applications employ hash algorithms to ensure the authenticity of digital documents, such as digital signatures and message authentication codes. These algorithms take an electronic file and generate a short digest, a sort of digital fingerprint of the content, as NIST puts it. According to NIST, a good hash algorithm has a few vital characteristics. Any change in the original message, however small, must cause a change in the digest, and for any given file and digest, it must be infeasible for a forger to create a different file with the same digest.
Among the characteristics NIST scientists liked about Keccak: its elegant design and its ability to run well on many different computing devices. In announcing the winner, NIST says the clarity of Keccak's construction lends itself to easy analysis and it performs more efficiently in hardware than SHA-2 or any of the other finalists.
NIST computer security expert Tim Polk says Keccak isn't as vulnerable as SHA-2 is in some situations. "An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently," Polk says in a statement announcing the competition winner.Still, SHA-2 has proven to be resilient, and NIST considers it secure and suitable for general use. Keccak, for the foreseeable future, will be on standby as an "essential insurance policy" if SHA-2 ever breaks, Polk says.
The computer scientist says it could take years to identify all the possibilities for Keccak and he speculates the new hash algorithm's compactness could make it useful for embedded smart devices that connect to electronic networks that are not themselves full-fledged computers. For instance, he says, Keccak could be used in sensors in a building-wide security system or home appliances that can be controlled remotely.
"The Internet as we know it is expanding to link devices that many people do not ordinarily think of as being part of a network," Polk says. "SHA-3 provides a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before."