In response to a SHA-1 vulnerability announced in Feb. 2005, NIST held a Cryptographic Hash Workshop on Oct. 31- Nov. 1, 2005 to assess the status of the NIST-approved hash functions. While NIST continues to recommend a transition from SHA-1 to the approved SHA-2 family of hash functions (SHA-224, SHA-256, SHA-384, and SHA-512), NIST has also decided that it would be prudent in the long-term to develop one or more hash functions through a public competition, similar to the development process for the block cipher in the Advanced Encryption Standard (AES).
A tentative timeline for this process is proposed below, as a starting point for discussion at the next (the Second) Cryptographic Hash Workshop. The proposed timeline takes the following factors into consideration:
- The timeline is uncertain because NIST has not yet decided when to initiate the competition. NIST will hold at least two more public workshops on hash functions before making this decision.
- After NIST initiates the competition, NIST expects the timeline to be similar to that of the AES development (Appendix A), although this is also subject to adjustment.
- As in the AES competition, NIST intends to schedule the hash function workshops in conjunction with other workshops and conferences, perhaps having back-to-back events to minimize travel by interested parties and to maximize attendance.
- FIPS 180-2 (the Secure Hash Standard) is scheduled for a review in 2007 and again in 2012. It would be unrealistic to develop additional hash functions by 2007; a more reasonable goal is to complete the process by 2012.
The proposed timeline for the development of new hash functions is listed below, followed by the timeline of the AES development effort for reference. Comments should be sent to hash-function@nist.gov by August 4, 2006.
Tentative Timeline for the Development of New Hash Functions: | |
| 8/2006 | Second Hash Function Status and Research Workshop: Assess current status, discuss hash function development strategy, and encourage further research. |
| 2007 | Third Hash Function Workshop |
| 2007 | Decision : NIST will decide whether or not to hold additional workshops on hash function research, especially on requirements and evaluation criteria, before initiating the competition. In either case, NIST proposes the timeline below for the competition itself. |
Tentative Timeline for the Competition | |
| Year 1 (2008?): | |
| 1Q | Draft and publish the minimum acceptability requirements, evaluation criteria, and submission requirements for public comments. Announce a public workshop to discuss these requirements. |
| 2Q | Public comment period ends. |
| 2Q | Host a workshop to discuss these requirements. |
| 3Q | Finalize and publish the minimum acceptability requirements, evaluation criteria and submission requirements. Request submissions for new hash algorithms. |
| Year 2 (2009?): | |
| 2Q | Review submitted algorithms, and select candidates that meet basic submission requirements. |
| 3Q | Host the First Hash Function Candidate Conference. A nnounce first round candidates |
| 3Q | Call for public comments on the first round candidates. |
| Year 3 (2010?): | |
| 1Q | Hold the Second Hash Function Candidate Conference. Discuss analysis results on the first round candidates. |
| 2Q | Public comment period on the first round candidates ends. |
| 3Q | Address public comments; select the second round finalists. Prepare a report to explain the selection. |
| 3Q | Announce the second round finalists. Publish the selection report, and call for public comments on the second round candidates. |
| Year 4 (2011?): | |
| 2Q | Host the Third Hash Function Candidate Conference. Submitters of the second round finalists discuss comments on their algorithms. |
| 2Q | Public comment period ends. |
| 3Q | Address public comments, and select the finalist. Prepare a report to describe the final selection(s). |
| 4Q | Announce the new hash function(s). |
| Year 5 (2012?): | |
| 1Q | Publish draft standard for public comments. |
| 2Q | Public comment period ends |
| 3Q | Address public comments. |
| 4Q | Publish new hash function standard. |
| Appendeix A. | AES Development Timeline |
| 01/01/1997 | Published draft minimum acceptability requirements, evaluation criteria, and submission requirements for public comments. Announced a public workshop to address these requirements. |
| 04/02/1997 | Public comment period ended. |
| 04/15/1997 | AES Evaluation Criteria/Submission Requirements Workshop. Discussed the draft minimum acceptability requirements, evaluation criteria, and submission requirements. |
| 09/12/1997 | Called for new algorithms. [NIST reviewed the algorithms and selected the first round winners – 15 algorithms] |
| 08/20-22/1998 | First AES Candidate Conference (AES1) , Ventura, California |
| 09/14/1998 | Called for public comments on the 15 candidates. |
| 03/22-23/1999 | Second AES Candidate Conference (AES2) , Rome. |
| 04/15/1999 | Public comment period ended. |
| 08/09/1999 | Announced 5 finalists; Round 1 Report described the selection of the finalists. |
| xx/xx/xxxx | Set up discussion forum to discuss the 5 candidate algorithms. |
| 04/13-14/2000 | Third AES Candidate Conference (AES3) , NYC. |
| 05/15/2000 | Public comment period ended on the 5 finalists. |
| 10/02/2000 | Announced the AES. |
| 02/xx/2001 | Draft FIPS-197 announced for public comments. |
| 11/26/2001 | FIPS-197 published. |
