Good news everybody! A while ago John Kelsey has presented NIST's plans to change SHA-3 [1] in order to make it faster but also weaker. Last Friday he posted a mail on NIST's internal hash-forum mailing list. NIST is planing to drop these plans and to move forward with the SHA-3 draft in its original state. I can keep the sha3 module in Python 3.4 and don't have to remove it. Maybe I'm going to add the new SHAKE functions to hashlib, too.
But first let me explain the background. NIST is going to standardize four replacements for SHA2: SHA3-224, SHA3-256, SHA3-384 and SHA3-512. (The number after the hyphen is the output size in bits.) These are going to be standardized variants of the Keccak-f[1600] sponge construction. [2] Similar to a real sponge Keccak has a capacity, can absorb data at some rate and can be squeezed to output data. The rate parameter affects performance of the Keccak construction (higher rate == faster). A higher capacity results in better collision resistance. Keccak-f[1600] rate + capacity = 1600 bits with capacity/2 collision and pre-image resistance. Contrary to a real sponge the squeeze function can return arbitrarily amounts of data. The old and new parameters for the SHA-3 are SHA3-224: capacity=448, output=224 SHA3-256: capacity=512, output=256 SHA3-384: capacity=768, output=384 SHA3-512: capacity=1024, output=512 NIST was about to standardize SHA3-224/SHA3-256 with capacity=256 and SHA3-384 /SHA3-512 with capacity=512. That's (most like) off the stove. However NIST is going to standardize two additional functions: SHAKE128 and SHAKE256. These functions support arbitrary length output with a collision resistance of 128/256 bits with a capacity of 256/512. The SHAKE functions can be easily implemented on top of the current code and PEP 247 API with mandatory length arguments for digst() and hexdigest(). Christian [1] http://bristolcrypto.blogspot.de/2013/08/ches-invited-talk-future-of-sha-3.html [2] http://keccak.noekeon.org/ _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
