The term Secure Hash Algorithm (SHA) refers to a group of standardized cryptologic hash functions. These are used to calculate a check value for any digital data (messages) and are, among other things, the basis for creating a digital signature.
The check value is used to ensure the integrity of a message. If two messages result in the same check value, the equality of the messages should be guaranteed at normal discretion. For this reason, a cryptologic hash function is required to have the property of collision protection: it should be practically impossible to generate two different messages with the same check value.
Hash functions are mathematical algorithms that take input data (often of variable length) and produce a fixed-size string of bytes, which is typically a unique representation of the original input data. The key characteristics of a secure hash function include:
---
- Deterministic: For the same input, the hash function must always produce the same output.
- Fast: The computation of the hash value should be quick.
- Pre-image resistance: Given a hash value, it should be computationally infeasible to reverse-engineer the original input.
- Collision resistance: It should be extremely unlikely for two different inputs to produce the same hash value.
The National Institute of Standards and Technology (NIST), together with the National Security Agency (NSA), developed a hash function as part of the Digital Signature Algorithm (DSA) for the Digital Signature Standard (DSS). The feature was released in 1993. This standard, known as the Secure Hash Standard (SHS), specifies the secure hash algorithm (SHA) with a hash value of 160 bits for any digital data of no more than 264 − 1 bit (≈ 2 exbibytes) in length.
The original SHA was corrected in 1995 due to a “design flaw” and therefore played little role in practice. It is now known as SHA-0, the corrected variant as SHA-1. The correction consists only in a small detail (rotation of a data word in the key classification), but not in the number of rounds passed or other measures that immediately lead to a much higher level of security. However, cryptanalysis confirms that rotation makes the calculation of collisions much more difficult.
NIST has published four more algorithms that produce larger hash values. These are the SHA-224, SHA-256, SHA-384 and SHA-512, with the appended number indicating the length of the hash value (in bits). Later, the SHA-512/256 and SHA-512/224 versions were added. These advancements are often referred to as SHA-2. They are built on the same design principle as SHA-1, only the internal data block has been enlarged to 256 or 512 bits and the block encryption on which the compression function is based has been modified. From the algorithms SHA-1 and SHA-256 the block encryption SHACAL was derived. This essentially consists of the internal block encryption of SHA-1 or SHA-256, which is used here on its own.
In 2004, because fundamental weaknesses of the Merkle-Damgård design were discovered, NIST was looking for a new hash function that would be much more future-proof than SHA-2. It called for a competition, as it had previously done for the Advanced Encryption Standard (AES). In October 2012, Keccak was chosen, which was then standardized in August 2015 under the designation SHA-3 in various variants. SHA-3 is fundamentally different from SHA-2, namely as a so-called sponge construction.
SHA algorithms are widely used in various security applications and protocols, including digital signatures, message authentication codes (MACs), and other cryptographic processes. Different versions of the SHA algorithm exist, such as SHA-1, SHA-2, and SHA-3, each offering different levels of security and performance. For example, SHA-1 is now considered vulnerable to collision attacks and is being phased out in favor of the more secure SHA-2 and SHA-3 algorithms.
