Movatterモバイル変換

Secure Hash Algorithms

From Wikipedia, the free encyclopedia

Family of cryptographic hash functions

TheSecure Hash Algorithms are a family ofcryptographic hash functions published by theNational Institute of Standards and Technology (NIST) as aU.S.Federal Information Processing Standard (FIPS), including:

SHA-0: Aretronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
SHA-1: A 160-bit hash function which resembles the earlierMD5 algorithm. This was designed by theNational Security Agency (NSA) to be part of theDigital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
SHA-2: A family of two similar hash functions, with different block sizes, known asSHA-256 andSHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known asSHA-224,SHA-384,SHA-512/224 andSHA-512/256. These were also designed by the NSA.
SHA-3: A hash function formerly calledKeccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.

The corresponding standards areFIPS PUB 180 (original SHA), FIPS PUB 180-1 (SHA-1), FIPS PUB 180-2 (SHA-1, SHA-256, SHA-384, and SHA-512). NIST has updated Draft FIPS Publication 202, SHA-3 Standard separate from the Secure Hash Standard (SHS).

Comparison of SHA functions

[edit]

In the table below,internal state means the "internal hash sum" after each compression of a data block.

Further information:Merkle–Damgård construction

Comparison of SHA functions
view
talk
edit
Algorithm and variant		Output size (bits)	Internal state size (bits)	Block size (bits)	Rounds	Operations	Security (bits)	Performance onSkylake (mediancpb)^[1]		First published
Algorithm and variant		Output size (bits)	Internal state size (bits)	Block size (bits)	Rounds	Operations	Security (bits)	Long messages	8 bytes	First published
MD5 (as reference)		128	128 (4 × 32)	512	4 (16 operations in each round)	And, Xor, Or, Rot,Add (mod 2³²)	≤ 18 (collisions found)^[2]	4.99	55.00	1992
SHA-0		160	160 (5 × 32)	512	80	And, Xor, Or, Rot,Add (mod 2³²)	< 34 (collisions found)	≈ SHA-1	≈ SHA-1	1993
SHA-1		160	160 (5 × 32)	512	80	And, Xor, Or, Rot,Add (mod 2³²)	< 63 (collisions found)^[3]	3.47	52.00	1995
SHA-2	SHA-224 SHA-256	224 256	256 (8 × 32)	512	64	And, Xor, Or, Rot, Shr,Add (mod 2³²)	112 128	7.62 7.63	84.50 85.25	2004 2001
	SHA-384	384	512 (8 × 64)	1024	80	And, Xor, Or, Rot, Shr,Add (mod 2⁶⁴)	192	5.12	135.75	2001
	SHA-512	512					256	5.06	135.50	2001
	SHA-512/224 SHA-512/256	224 256					112 128	≈ SHA-384	≈ SHA-384	2012
SHA-3	SHA3-224 SHA3-256 SHA3-384 SHA3-512	224 256 384 512	1600 (5 × 5 × 64)	1152 1088 832 576	24^[4]	And, Xor, Rot, Not	112 128 192 256	8.12 8.59 11.06 15.88	154.25 155.50 164.00 164.00	2015
SHA-3	SHAKE128 SHAKE256	d (arbitrary) d (arbitrary)	1600 (5 × 5 × 64)	1344 1088	24^[4]	And, Xor, Rot, Not	min(d/2, 128) min(d/2, 256)	7.08 8.59	155.25 155.50	2015

Validation

[edit]

Main article:Cryptographic Module Validation Program

All SHA-family algorithms, as FIPS-approved security functions, are subject to official validation by theCMVP (Cryptographic Module Validation Program), a joint program run by the AmericanNational Institute of Standards and Technology (NIST) and the CanadianCommunications Security Establishment (CSE).

References

[edit]

^"Measurements table".bench.cr.yp.to.
^Tao, Xie; Liu, Fanbao; Feng, Dengguo (2013).Fast Collision Attack on MD5(PDF).Cryptology ePrint Archive (Technical report).IACR.
^
Stevens, Marc;Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik.The first collision for full SHA-1(PDF) (Technical report).Google Research.
- Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017)."Announcing the first SHA1 collision".Google Security Blog.
^"The Keccak sponge function family". Retrieved2016-01-27.

v t e Cryptographic hash functions andmessage authentication codes
List Comparison Known attacks
Common functions	MD5 (compromised) SHA-1 (compromised) SHA-2 SHA-3 BLAKE2
SHA-3 finalists	BLAKE Grøstl JH Skein Keccak (winner)
Other functions	BLAKE3 CubeHash ECOH FSB Fugue GOST HAS-160 HAVAL Kupyna LSH Lane MASH-1 MASH-2 MD2 MD4 MD6 MDC-2 N-hash RIPEMD RadioGatún SIMD SM3 SWIFFT Shabal Snefru Streebog Tiger VSH Whirlpool
Password hashing/ key stretching functions	Argon2 Balloon bcrypt Catena crypt LM hash Lyra2 Makwa PBKDF2 scrypt yescrypt
General purpose key derivation functions	HKDF KDF1/KDF2
MAC functions	CBC-MAC DAA GMAC HMAC NMAC OMAC/CMAC PMAC Poly1305 SipHash UMAC VMAC
Authenticated encryption modes	CCM ChaCha20-Poly1305 CWC EAX GCM IAPM OCB
Attacks	Collision attack Preimage attack Birthday attack Brute-force attack Rainbow table Side-channel attack Length extension attack
Design	Avalanche effect Hash collision Merkle–Damgård construction Sponge function HAIFA construction
Standardization	CAESAR Competition CRYPTREC NESSIE NIST hash function competition Password Hashing Competition NSA Suite B CNSA
Utilization	Hash-based cryptography Merkle tree Message authentication Proof of work Salt Pepper

Retrieved from "https://en.wikipedia.org/w/index.php?title=Secure_Hash_Algorithms&oldid=1324751853"

Category:

Cryptography

Hidden categories:

[8]ページ先頭