Federal Register Notices
November 2, 2007 - Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family
- If a construct is specified for the use of the candidate algorithm in an n-bit randomized hashing scheme, the construct must, with overwhelming probability, provide n-k bits of security against the following attack: The attacker chooses a message, M1 of length at most 2k bits. The specified construct is then used on M1 with a randomization value r1 that has been randomly chosen without the attacker’s control after the attacker has supplied M1. Given r1 , the attacker then attempts to find a second message M2 and randomization value r2 that yield the same randomized hash value. Note that in order to meet this specific security requirement, the specified randomized hashing construct may place restrictions on the length of the randomization value.
Correction (8/28/08)
4.A.ii Bullet 3 should have stated:
January 23, 2007 - Announcing the Development of New Hash Algorithm(s) for the Revision of Federal Information Processing Standard (FIPS) 180–2, Secure Hash Standard
Correction for the Federal Register Notice:
A.3 of the Proposed Draft Minimum Acceptability Requirements for Candidate Algorithms (Section A) should have stated:
"A.3 The algorithm must support 224, 256, 384, and 512-bit message digests, and must support a maximum message length of at least 264 bits."