NIST SHA-3 competition
Read more about the SHA-3 competition at the website of the National Institute for Standards and Technology.
The SHA-3 ASIC team, From left: Patrick Schaumont, Dinesh Ganta, Leyla Nazhandali, Michael B. Henry, Xu Guo and Meeta Srivastav
When checks go electronic, our signatures have to become electronic, too.
The need for standard signatures for widespread use makes the search for a new standard very difficult. “Think about what happens if suddenly all of the signatures you made in the past 10 years, as well as the next, can now be forged,” says Associate Professor Patrick Schaumont, who, with Assistant Professor Leyla Nazhandali, is helping to test potential new encryption standards.
Their team is one of three university research groups being funded by the National Institute of Standards and Technology to test the next hashing standard, a key component in electronic signatures.
The most common hashing algorithm, which is also the dominant standard for Internet use, is Secure Hashing Algorithm 1 (SHA-1). SHA-2, a variation of SHA-1, is a slightly newer standard, and no one has found a problem with it so far. However, anyone who cracks SHA-1 will be close to cracking SHA-2, according to Schaumont.
In 2008, the National Institute for Standards and Technology (NIST) began a competition to determine a new SHA-3 standard that does not resemble SHA-1 and SHA-2. Five finalists remain and are being tested.
When NIST is choosing an algorithm for SHA-3, security will be the most important consideration, according to Nazhandali. “But most likely, several finalists will be very secure, and then they are going to look at the algorithms in terms of performance,” she explains. “Some algorithms can be implemented in hardware very efficiently, and some require a lot of real estate and consume a lot of power.”
The Virginia Tech team has fabricated all five standards on a single chip, and is testing them in application specific integrated circuits (ASIC). Among other behaviors, they are testing power consumption and speed. Nazhandali explains that although a classic brute-force attack with the intent of forging is almost impossible, but “but that does not mean that the circuit’s implementation of the algorithm is secure. Some of the finalists might be more secure than others.”
NIST is expected to announce the winner this summer.