Earlier this year, NIST (National Institute of Standards and Technology), announced that they will be hosting an open competition to decide on a new secure cryptographic hash standard. Cryptographic hash functions are a fundamental part of cryptography and computer security. A cryptographic hash function takes an input and returns a (practically) unique output, providing applications in authentication, encryption and digital signatures.
The most commonly used hash functions right now have been around since the mid-nineties and are beginning to show some serious cracks. One of the basic requirements of a cryptographic hash functions is that it must be very hard to find two inputs that map to the same output. When two such inputs are found it is called a collision, and collisions are a really bad thing for hash functions. The Message Digest 5 (MD5) algorithm was created in 1991 by Ron Rivest and is still in common use despite some very serious cryptanalytic attacks that have made finding MD5 collisions relatively easy. The Secure Hash Algorithm-1 (SHA-1) was created by the NSA and is the current secure hash standard, but recent attacks have shown that finding a SHA-1 collision is on the verge of feasibility and many expect the first SHA-1 collision to be found within the year. Finding a collision is not the end of the line for a cryptographic hash function, it is more like a death sentence. Although many applications of hash functions can still work if collisions are found, having a weakness against collisions indicates that there are fundamental flaws in the algorithm and that more weaknesses are right around the corner.
The solution initially proposed by NIST was to phase out SHA-1 and to start using the so-called SHA-2 family of hash functions that have proven resistant to attacks for now. The problem with the SHA-2 hashes is that they are based on the same decade-old designs as the soon-to-be-insecure SHA-1 algorithm. Moreover, the documentation about the design decisions made in SHA-2 is still classified, so it is unknown what sort of modern attacks the algorithms are designed to resist. Considering that multiple advances have been made in the field of secure hash functions since the SHA algorithms were created, it was time for a change. To find a new hash standard, NIST decided to have a contest to let the greatest cryptographic minds in the public world sink their teeth into the problem. This route has proved fruitful before: a previous contest to replace the outdated Digital Encryption Standard (DES) resulted in the very successful choice of Rijndael as the new Advanced Encryption Standard (AES). Hopefully the competition for designing a new cryptographic hash standard will achieve a similar level of success.
By the end of the year, NIST will have finalized the minimum acceptability requirements, submission requirements, and evaluation criteria for candidate hash functions. Submissions will be due in the fall of 2008, so if you have a good idea for a secure hash function, get working!


More...