TechNews Pictorial PriceGrabber Video Fri Nov 29 03:45:56 2024

0


Secure crypto-algorithm wins gold-standard status
Source: Jacob Aron


A replacement for one of the most-used algorithms in computer security has finally been chosen after a competition between cryptographers that ran for five years.

The competition was designed to reassure cybersecurity experts spooked by surprise flaws in the previous gold standard, but it now seems we might not need the new algorithm for a while.

On 2 October an algorithm called Keccak was named the winner of the Secure Hash Algorithm-3 (SHA-3) competition, run by the US National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland.

The algorithms chosen by NIST are seen as the gold standard for cryptography. Its previous competition, concluded in 2000, chose the Advanced Encryption Standard, now used by everyone from Skype to the US National Security Agency. NIST kicked off this most recent contest in 2007 after fears arose that the existing hash algorithms, SHA-1 and SHA-2, might be flawed.

Hash algorithms are used by government agencies and businesses worldwide to make online transactions secure, store passwords and verify digital files and signatures. Unlike encryption algorithms that can be used to encrypt and then decrypt data, hash algorithms are one-way tools: they turn a file of any size into a fixed-length string of bits, called a hash.

The original file cannot be recovered from the hash, but anyone can verify the authenticity of a file by calculating its hash and checking that it matches one from a trusted source.
Avoiding collisions

For a hash algorithm to work, it must be very hard to produce what cryptographers call a "collision": two different files giving rise to the same hash.

In 2004 cryptographer Xiaoyun Wang discovered a flaw in SHA-1 that drastically reduced the time required to find a collision �C potentially making systems using the algorithm insecure. By this time NIST had already approved its successor, the SHA-2 family of algorithms, creating worry that the flaw might extend to them.

But while researching the requirements for SHA-3 contenders, NIST realised that SHA-2 was not flawed in this way. "They are actually very good hash algorithms, both in performance and security," says NIST's Tim Polk.

Rather than calling off the search, NIST decided SHA-3 should be a complementary option, explains Polk. The ideal algorithm would have a different cryptographic structure, making it unlikely that an attack on SHA-2 would also crack SHA-3, and it would be better suited to a wide variety of computing devices.

From an initial pool of 64 entries, NIST identified five finalists in 2010. The winner, Keccak, is based on a novel "sponge hash construction", so called because the function is flexible rather like a physical sponge. If you think of the input bits in a hash function being "absorbed" in the hashing phase and then "squeezed" to produce the hash, in a sponge construction, squeezing faster produces a quicker but less secure hash, and vice versa, offering flexibility.

The new algorithm is also generally faster than its predecessor and so consumes less energy, says Gilles Van Assche, one of the cryptographers behind Keccak, which was developed by semiconductor firms STMicroelectronics in Geneva, Switzerland, and NXP Semiconductors in Eindhoven, the Netherlands.
Algorithm seeks use

Other security experts are less certain of the usefulness of a new algorithm. Even Bruce Schneier, creator of a SHA-3 finalist called Skein, has expressed doubts. "It's not that the new hash functions aren't any good, it's that we don't really need one," Schneier wrote last week on his blog, although he added after the NIST announcement that Keccak is a "fine choice".

"For practical purposes, we don't know of anything wrong with the algorithms people use at the moment," says Ross Anderson, a security expert at the University of Cambridge. With no obvious vulnerability in SHA-2, systems may decide to stick with it rather than switch, he says.

"SHA-2 is still fine, but maybe SHA-3 can be advantageous in some situations," Van Assche says. "We are very proud of it."

Polk says that NIST is not encouraging anyone to abandon SHA-2 in favour of SHA-3. "They really are two very good algorithms, and SHA-3 is not better in all places than SHA-2."


}

© 2021 PopYard - Technology for Today!| about us | privacy policy |