In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

cryptographic hash -- THE SHA-3 PROJECT

Research Results on SHA-1 Collisions (2017)

A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message digest” and achieve certain security properties. Hash algorithms can be used for digital signatures, message authentication codes, key derivation functions, pseudo random functions, and many other security applications. The Federal Information Processing Standard (FIPS 180-4), Secure Hash Standard, specifies seven cryptographic hash algorithms for Federal use, and is widely adopted by the information technology industry as well.

In 2004-2005, several cryptographic hash algorithms were successfully attacked, and serious attacks were published against the NIST-approved SHA-1. In response, NIST held two public workshops to assess the status of its approved hash algorithms, and to solicit public input on its cryptographic hash algorithm policy and standard. As a result of these workshops, NIST decided to develop a new cryptographic hash algorithm for standardization through a public competition. The new hash algorithm would be referred to as SHA-3.

NIST announced the SHA-3 Cryptographic Hash Algorithm Competition on November 2, 2007, and ended the competition on October 2, 2012, when it announced Keccak as the winning algorithm to be standardized as the new SHA-3.

FIPS 202, SHA-3 Standard:  Permutation-Based Hash and Extendable-Output Functions was announced in the Federal Register, FRN 80 FR 46543, on August 5, 2015. Four fixed-length hash algorithms (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) and two closely related, “extendable-output” functions (SHAKE128 and SHAKE256) are specified in FIPS 202. The same Federal Register Notice also announced the approval of a revision of the Applicability Clause of FIPS 180-4. The revision approves the use of hash functions specified in either FIPS 180-4 or FIPS 202 for Federal applications when a secure hash function is required, including as a component within other cryptographic algorithms and protocols. Guidance for the use of approved hash algorithms is available here.

Subsequent to FIPS 202, NIST defines four types of Keccak-based (or, “SHA-3”-based) functions to provide new functionalities. These functions are specified in DRAFT SP 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, published in August 2016 for public comment.

This hash project website is organized chronologically as follows:

        • Pre-SHA-3 Competition (2004-2007)
        • SHA-3 Competition (2007-2012)
        • SHA-3 Standardization (2013-2015)
        • SHA-3 Derived Functions (2016)

A public forum is also provided for dialogue and feedback.