Secure Hash Algorithms

Secure Hash Algorithm

Concepts
hash functions · SHA · DSA
Main standards
SHA-0 · SHA-1 · SHA-2 · SHA-3

The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:

SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA.
SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.

The corresponding standards are FIPS PUB 180 (original SHA), FIPS PUB 180-1 (SHA-1), FIPS PUB 180-2 (SHA-1, SHA-256, SHA-384, and SHA-512). NIST has updated Draft FIPS Publication 202, SHA-3 Standard separate from the Secure Hash Standard (SHS).

Comparison of SHA functions

In the table below, internal state means the "internal hash sum" after each compression of a data block.

Comparison of SHA functions
Algorithm and variant		Output size (bits)	Internal state size (bits)	Block size (bits)	Max message size (bits)	Rounds	Operations	Security bits (Info)	Capacity against length extension attacks	Performance on Skylake (median cpb)^[1]		First Published
Algorithm and variant		Output size (bits)	Internal state size (bits)	Block size (bits)	Max message size (bits)	Rounds	Operations	Security bits (Info)	Capacity against length extension attacks	long messages	8 bytes	First Published
MD5 (as reference)		128	128 (4 × 32)	512	Unlimited^[2]	64	And, Xor, Rot, Add (mod 2³²), Or	<64 (collisions found)	0	4.99	55.00	1992
SHA-0		160	160 (5 × 32)	512	2⁶⁴ − 1	80	And, Xor, Rot, Add (mod 2³²), Or	<34 (collisions found)	0	≈ SHA-1	≈ SHA-1	1993
SHA-1		160	160 (5 × 32)	512	2⁶⁴ − 1	80	And, Xor, Rot, Add (mod 2³²), Or	<63 (collisions found^[3])	0	3.47	52.00	1995
SHA-2	SHA-224 SHA-256	224 256	256 (8 × 32)	512	2⁶⁴ − 1	64	And, Xor, Rot, Add (mod 2³²), Or, Shr	112 128	32 0	7.62 7.63	84.50 85.25	2001
	SHA-384 SHA-512	384 512	512 (8 × 64)	1024	2¹²⁸ − 1	80	And, Xor, Rot, Add (mod 2⁶⁴), Or, Shr	192 256	128 (≤ 384) 0	5.12 5.06	135.75 135.50
	SHA-512/224 SHA-512/256	224 256	512 (8 × 64)	1024	2¹²⁸ − 1	80	And, Xor, Rot, Add (mod 2⁶⁴), Or, Shr	112 128	288 256	≈ SHA-384	≈ SHA-384
SHA-3	SHA3-224 SHA3-256 SHA3-384 SHA3-512	224 256 384 512	1600 (5 × 5 × 64)	1152 1088 832 576	Unlimited^[4]	24^[5]	And, Xor, Rot, Not	112 128 192 256	448 512 768 1024	8.12 8.59 11.06 15.88	154.25 155.50 164.00 164.00	2015
SHA-3	SHAKE128 SHAKE256	d (arbitrary) d (arbitrary)	1600 (5 × 5 × 64)	1344 1088	Unlimited^[4]	24^[5]	And, Xor, Rot, Not	min(d/2, 128) min(d/2, 256)	256 512	7.08 8.59	155.25 155.50	2015

Validation

All SHA-family algorithms, the FIPS-approved security functions, are subject to official validation at the CMVP, a joint program (Cryptographic Module Validation Program) run by the American's National Institute of Standards and Technology (NIST) and the Canadian's Communications Security Establishment (CSE).

References

↑ http://bench.cr.yp.to/results-hash.html#amd64-skylake
↑ "The MD5 Message-Digest Algorithm". Retrieved 2016-04-18. In the unlikely event that b is greater than 2^64, then only the low-order 64 bits of b are used.
↑ "Announcing the first SHA1 collision". Retrieved 2017-02-23.
↑ "The Sponge Functions Corner". Retrieved 2016-01-27.
↑ "The Keccak sponge function family". Retrieved 2016-01-27.

Cryptographic hash functions & message authentication codes
List Comparison Known attacks
Common functions	MD5 SHA-1 SHA-2 SHA-3 BLAKE2
SHA-3 finalists	BLAKE Grøstl JH Skein Keccak (winner)
Other functions	ECOH FSB GOST HAS-160 HAVAL Kupyna LM hash MD2 MD4 MD6 MDC-2 N-Hash RIPEMD RadioGatún SWIFFT Snefru Streebog Tiger VSH WHIRLPOOL
Key derivation functions	bcrypt crypt PBKDF2 scrypt Argon2 Lyra2
MAC functions	DAA CBC-MAC HMAC OMAC/CMAC PMAC VMAC UMAC Poly1305
Authenticated encryption modes	CCM CWC EAX GCM IAPM OCB
Attacks	Collision attack Preimage attack Birthday attack Brute-force attack Rainbow table Side-channel attack Length extension attack
Design	Avalanche effect Hash collision Merkle–Damgård construction Sponge function HAIFA construction Unique Block Iteration
Standardization	CRYPTREC NESSIE NIST hash function competition
Utilization	Hash-based cryptography Key stretching Merkle tree Message authentication Proof of work Salt

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.