In a recent press release, the NIST has announced that the Belgian candidate Keccak has won the SHA-3 competition. The goal of the SHA-3 competition was to select a cryptographic hash function and to standardize it. It was initiated after the sequence of attacks against many popular designs, such as MD5, initiated in 2004 by Xiaoyun Wang and her co-authors.
The SHA-3 competition has run from November 2007 to October 2012 and has resulted in a fantastic amount of scientific work around the design, cryptanalysis and implementation of hash functions. From 64 candidates, short lists of 14 semi-finalists, then 5 finalists (BLAKE, Grøstl, JH, Keccak and Skein) have been chosen by the NIST in July 2009 and December 2010, respectively.
According to the NIST press release, Keccak has been chosen thanks to the following reasons (a more detailed report from them about the rationales of their choice should appear soon):
“The NIST team praised the Keccak algorithm for its many admirable qualities, including its elegant design and its ability to run well on many different computing devices. The clarity of Keccak’s construction lends itself to easy analysis (during the competition all submitted algorithms were made available for public examination and criticism), and Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists.
“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.”
For me, the selection of Keccak is a semi-surprise, as it was not the finalist with the best implementation performances: BLAKE and Skein were indeed faster in software. However, Keccak has demonstrated very good results when implemented as hardware. Furthermore, Keccak’s design is radically different from the other finalists, basing itself on the very modern cryptographic sponge construction. BLAKE and Skein are maybe more classical in their approach, more similar to the SHA-2 family. Hence, one can probably interpret NIST’s decision as a kind of “not put all my eggs in the same basket” strategy, which is very wise.
I would like to warmly congratulate the Keccak designers Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche for their formidable success, and especially to take my hat off to Joan Daemen, who won the AES competition with Vincent Rijmen
about 10 years ago on October 2nd, 2000, exactly 12 years ago, and now the SHA-3 one. Joan has definitely evolved from the demi-crypto-god status to the ultimate crypto-god one ! Finally, the planet must recognize now once for all that, additionally to brewing the best beers in the world, Belgium is the location where you can find many of the finest cryptographers, too. And never forget that the four non-selected hash functions are all extremely nice pieces of cryptographic engineering !