80 FR 46543 - Announcing Approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 80, Issue 150 (August 5, 2015)
National Institute of Standards and Technology
Federal Register Volume 80, Issue 150 (August 5, 2015)
| Page Range | 46543-46544 | |
| FR Document | 2015-19181 |
[Federal Register Volume 80, Number 150 (Wednesday, August 5, 2015)] [Notices] [Pages 46543-46544] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-19181] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No.: 130917811-5349-02] Announcing Approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable- Output Functions, and Revision of the Applicability Clause of FIPS 180- 4, Secure Hash Standard AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and a revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard. FIPS 202 specifies the SHA-3 family of hash functions, as well as mechanisms for other cryptographic functions to be specified in the future. The revision to the Applicability Clause of FIPS 180-4 approves the use of hash functions specified in either FIPS 180-4 or FIPS 202 when a secure hash function is required for the protection of sensitive, unclassified information in Federal applications, including as a component within other cryptographic algorithms and protocols. DATES: FIPS 202 and FIPS 180-4 are effective on August 5, 2015. FOR FURTHER INFORMATION CONTACT: Ms. Shu-jen Chang, (301) 975-2940, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930, email: [email protected]. SUPPLEMENTARY INFORMATION: NIST announced the SHA-3 Cryptographic Hash Algorithm Competition in the Federal Register (72 FR 62212, available at https://federalregister.gov/a/E7-21581) on November 2, 2007. The purpose of the SHA-3 Competition was to develop a new cryptographic hash algorithm for standardization to augment the hash functions specified in FIPS 180-4, Secure Hash Standard. NIST announced the winning algorithm, Keccak, in a press release on October 2, 2012, which is available at http://www.nist.gov/itl/csd/sha-100212.cfm. NIST then developed Draft FIPS 202, SHA-3 Standard: Permutation- Based Hash and Extendable-Output Functions to specify Keccak for use in the Federal Government. On May 28, 2014, NIST announced Draft FIPS 202 in the Federal Register (79 FR 30549, available at https://federalregister.gov/a/2014-12336) and requested comments. In the same notice, NIST also proposed a revision of the Applicability Clause (#6) of the Announcement Section of FIPS 180-4, Secure Hash Standard, and requested comments. The revision of this clause allows the use of hash functions specified in either FIPS 180-4 or FIPS 202, modifying the original mandate to use only the hash functions specified in FIPS 180- 4. The other sections of FIPS 180-4 remain unchanged. FIPS 202 and FIPS 180-4 are available at: http://csrc.nist.gov/publications/PubsFIPS.html. The May 28, 2014 notice solicited comments from the public. An announcement was also posted on a public hash forum ([email protected]) and on the NIST hash Web site (http://csrc.nist.gov/groups/ST/hash/sha-3/sha-3_standard_fips202.html). A ninety-day public comment period commenced on May 28, 2014, and ended on August 26, 2014. NIST received comments on Draft FIPS 202 from seven commenters: Two government agencies, two industry groups, and three individuals. In addition, NIST received one comment on the Draft Revision of the Applicability Clause of FIPS 180-4 from one individual, although this comment was not related to the revision of the specific clause for which NIST was requesting comments. All comments received are posted at http://csrc.nist.gov/groups/ST/hash/sha-3/fips-202-public-comments-aug2014.html. None of the comments opposed the adoption of the SHA-3 Standard or the revision of the Applicability Clause of FIPS 180-4. Some comments offered editorial suggestions, pointed out inconsistencies in the text, or suggested structural changes. All of the comments were carefully reviewed, and changes were made to FIPS 202, where appropriate. NIST made additional editorial changes to improve FIPS 202. The following section summarizes the comments received during the public comment period, and includes NIST's responses to each comment. Comment: One commenter submitted two editorial comments on Draft FIPS 202. The first comment was to replace ``relatively small'' with ``sufficiently small'' in the fourth footnote, on page 1. The second comment applied to an earlier draft of FIPS 202. Response: The first comment was accepted; the error that the second comment identified had already been corrected in the draft that was released for public comment. [[Page 46544]] Comment: One commenter agreed with the inclusion of the Extendable- Output Functions in Draft FIPS 202, citing the TUAK algorithm--for authentication and key generation in mobile telephony--as a suitable application. Response: NIST acknowledges the comment. No change to the Standard was made as a result of the comment. Comment: Two commenters recommended a significant restructuring of Draft FIPS 202. One commenter's proposal was to emphasize the role of the Keccak-p permutation as a ``primitive,'' i.e., a fundamental cryptographic technique. This permutation family is the main component of each SHA-3 function. The comment included a detailed outline of the commenter's proposal. The other commenter's proposal was to replace FIPS 202 with three standards. The first standard would specify the Keccak[c] sponge functions as a distinct primitive, and the second and third standards would specify the SHA-3 hash functions and extendable- output functions, respectively, as instances of these sponge functions. For both commenters, the rationale for their proposals was to provide greater flexibility to extend the technology in the future. Response: The restructuring proposals were not accepted. The text in Section 7 on conformance already explicitly accommodates the possibility of developing new uses of the Keccak[c] sponge functions and other intermediate functions, as well as new functions based on the Keccak-p permutations. Moreover, the primary purpose of FIPS 202 is to standardize the winning algorithm from the SHA-3 competition. Both of the restructuring proposals would detract from the perception of the Standard as fulfilling that goal. Comment: One of the previous commenters also submitted several editorial comments and one general comment on Draft FIPS 202. The general comment suggested that hyphens be inserted into the names ``SHAKE128'' and ``SHAKE256'' in order to separate the numerical parameter, which would be consistent with the naming convention for the SHA-3 hash functions. Response: The editorial comments were accepted, with a modification to the suggested resolution in one case. In particular, the commenter observed that the following sentence in Section 3 could be clarified to distinguish between the input, which is fixed, and the state, which is mutable: ``The set of values for the b-bit input to the permutation, as it undergoes successive applications of the step mappings, culminating in the output, is called the state.'' The commenter suggested the following replacement: ``The permutation, as it undergoes successive applications of the step mappings, maintains a b-bit state, which is initially set to the input values.'' Instead, NIST revised the sentence as follows: ``The permutation is specified in terms of an array of values for b bits that is repeatedly updated, called the state; the state is initially set to the input values of the permutation.'' This revision is preferable because it retains an explicit definition of the term ``state.'' NIST did not include the change requested in the general comment. Although the stated rationale for the general comment is reasonable, it is preferable to omit the hyphens, as originally specified, in order to help distinguish the different roles of the parameters. In particular, the numerical suffixes in ``SHAKE128'' and ``SHAKE256'' indicate security strengths, while for the SHA-3 hash functions such as SHA3-256, the suffix indicates the digest length of the hash function. Comment: One commenter requested that FIPS 202 clarify how the SHA- 3 hash functions would be implemented within the keyed-hash message authentication code (HMAC) that is specified in FIPS 198-1. Response: The comment was accepted and addressed with new text in the conformance section that identified the value of the HMAC parameter B for each of the SHA-3 hash functions. Comment: One commenter expressed appreciation for the opportunity to review Draft FIPS 202. Response: NIST acknowledges the comment. No change was made as a result of the comment. Comment: One commenter discussed the use of the extendable-output functions specified in Draft FIPS 202. The comment distinguished between two types of applications: (1) Variable-length hash functions, and (2) random-looking functions, such as key derivation functions (KDFs). The comment explained why variable-length hash functions were not very interesting from a cryptographic perspective, suggesting that NIST approval be limited to KDF-like functions. The comment also pointed out that the incorporation of the output length into the input for these functions could be specified as a method of addressing the prefix property that is discussed in the Standard. Response: The text in Section 7 on conformance explicitly asserts that approved uses of the extendable-output functions will be specified in NIST special publications. NIST will consider the commenter's suggestions in the development of those publications. Also, text was added to clarify that extendable-output functions are not yet approved as variable-length hash functions. Comment: The only comment on FIPS 180-4 recommended that the SHA-1 hash algorithm be excluded ``due to highly untrusted security algorithm.'' Response: NIST made no change based on this comment. The comment does not directly apply to the Revised Applicability Clause of FIPS 180-4, which simply acknowledges that FIPS 202 specifies valid options for secure hash functions. Moreover, NIST has already developed and adopted an appropriate policy for the use of SHA-1, based on the latest security information, as described in NIST Special Publication 800- 131A. The Secretary of Commerce hereby approves FIPS 202 and FIPS 180-4. Copies of FIPS 202 and FIPS 180-4 are available at: http://csrc.nist.gov/publications/PubsFIPS.html. Authority: In accordance with the Information Technology Management Reform Act of 1996 (Pub. L. 104-106) and the Federal Information Security Management Act of 2002 (FISMA) (Pub. L. 107- 347), the Secretary of Commerce is authorized to approve FIPS. NIST activities to develop computer security standards to protect federal sensitive (unclassified) information systems are undertaken pursuant to specific responsibilities assigned to NIST by Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g- 3), as amended. Richard R. Cavanagh, Acting Associate Director for Laboratory Programs. [FR Doc. 2015-19181 Filed 8-4-15; 8:45 am] BILLING CODE 3510-13-P
![Federal Register / Vol. 80, No. 150 / Wednesday, August 5, 2015 / Notices 46543
Notification to Importers DEPARTMENT OF COMMERCE Federal Register (79 FR 30549, available
at https://federalregister.gov/a/2014-
This notice serves as a final reminder National Institute of Standards and 12336) and requested comments. In the
to importers of their responsibility Technology same notice, NIST also proposed a
under 19 CFR 351.402(f)(2) to file a revision of the Applicability Clause (#6)
[Docket No.: 130917811–5349–02]
certificate regarding the reimbursement of the Announcement Section of FIPS
of antidumping duties prior to Announcing Approval of Federal 180–4, Secure Hash Standard, and
liquidation of the relevant entries Information Processing Standard requested comments. The revision of
during this review period. Failure to (FIPS) 202, SHA–3 Standard: this clause allows the use of hash
comply with this requirement could Permutation-Based Hash and functions specified in either FIPS 180–
result in the Secretary’s presumption Extendable-Output Functions, and 4 or FIPS 202, modifying the original
that reimbursement of antidumping Revision of the Applicability Clause of mandate to use only the hash functions
duties occurred and the subsequent FIPS 180–4, Secure Hash Standard specified in FIPS 180–4. The other
assessment of double antidumping sections of FIPS 180–4 remain
AGENCY: National Institute of Standards unchanged. FIPS 202 and FIPS 180–4
duties.
and Technology (NIST), Commerce. are available at: http://csrc.nist.gov/
Administrative Protective Order ACTION: Notice. publications/PubsFIPS.html.
Notification to Interested Parties The May 28, 2014 notice solicited
SUMMARY: This notice announces the comments from the public. An
This notice serves as the only Secretary of Commerce’s approval of announcement was also posted on a
reminder to parties subject to Federal Information Processing public hash forum (hash-forum@
administrative protective order (APO) of Standard (FIPS) 202, SHA–3 Standard: nist.gov) and on the NIST hash Web site
their responsibility concerning the Permutation-Based Hash and (http://csrc.nist.gov/groups/ST/hash/
disposition of proprietary information Extendable-Output Functions, and a sha-3/sha-3_standard_fips202.html). A
disclosed under APO in accordance revision of the Applicability Clause of ninety-day public comment period
with 19 CFR 351.305(a)(3), which FIPS 180–4, Secure Hash Standard. commenced on May 28, 2014, and
continues to govern business FIPS 202 specifies the SHA–3 family of ended on August 26, 2014.
proprietary information in this segment hash functions, as well as mechanisms NIST received comments on Draft
of the proceeding. Timely written for other cryptographic functions to be FIPS 202 from seven commenters: Two
notification of the return or destruction specified in the future. The revision to government agencies, two industry
of APO materials or conversion to the Applicability Clause of FIPS 180–4 groups, and three individuals. In
approves the use of hash functions addition, NIST received one comment
judicial protective order is hereby
specified in either FIPS 180–4 or FIPS on the Draft Revision of the
requested. Failure to comply with the
202 when a secure hash function is Applicability Clause of FIPS 180–4 from
regulations and the terms of an APO is one individual, although this comment
required for the protection of sensitive,
a sanctionable violation. was not related to the revision of the
unclassified information in Federal
Notification to Interested Parties applications, including as a component specific clause for which NIST was
within other cryptographic algorithms requesting comments. All comments
This administrative review and notice and protocols. received are posted at http://
are issued and published in accordance DATES: FIPS 202 and FIPS 180–4 are csrc.nist.gov/groups/ST/hash/sha-3/
with sections 751(a)(1) and 777(i)(1) of effective on August 5, 2015. fips-202-public-comments-
the Act and 19 CFR 351.213(h)(1). aug2014.html. None of the comments
FOR FURTHER INFORMATION CONTACT: Ms.
opposed the adoption of the SHA–3
Dated: July 27, 2015. Shu-jen Chang, (301) 975–2940, Standard or the revision of the
Paul Piquado, National Institute of Standards and Applicability Clause of FIPS 180–4.
Assistant Secretary for Enforcement and Technology, 100 Bureau Drive, Mail Some comments offered editorial
Compliance. Stop 8930, Gaithersburg, MD 20899– suggestions, pointed out inconsistencies
8930, email: Shu-jen.Chang@nist.gov. in the text, or suggested structural
Appendix I—List of Issues Raised in SUPPLEMENTARY INFORMATION: NIST
Case and Rebuttal Briefs changes. All of the comments were
announced the SHA–3 Cryptographic carefully reviewed, and changes were
Summary Hash Algorithm Competition in the made to FIPS 202, where appropriate.
Background Federal Register (72 FR 62212, available NIST made additional editorial changes
Scope of the Order at https://federalregister.gov/a/E7- to improve FIPS 202.
Discussion of the Issue 21581) on November 2, 2007. The The following section summarizes the
Issue 1: Use of CINAR’s Revised Home purpose of the SHA–3 Competition was comments received during the public
Market Data Base Conclusion to develop a new cryptographic hash comment period, and includes NIST’s
[FR Doc. 2015–19095 Filed 8–4–15; 8:45 am] algorithm for standardization to responses to each comment.
BILLING CODE 3510–DS–P
augment the hash functions specified in Comment: One commenter submitted
FIPS 180–4, Secure Hash Standard. two editorial comments on Draft FIPS
NIST announced the winning algorithm, 202. The first comment was to replace
Keccak, in a press release on October 2, ‘‘relatively small’’ with ‘‘sufficiently
asabaliauskas on DSK5VPTVN1PROD with NOTICES
2012, which is available at http:// small’’ in the fourth footnote, on page 1.
www.nist.gov/itl/csd/sha-100212.cfm. The second comment applied to an
NIST then developed Draft FIPS 202, earlier draft of FIPS 202.
SHA–3 Standard: Permutation-Based Response: The first comment was
Hash and Extendable-Output Functions accepted; the error that the second
to specify Keccak for use in the Federal comment identified had already been
Government. On May 28, 2014, NIST corrected in the draft that was released
announced Draft FIPS 202 in the for public comment.
VerDate Sep<11>2014 16:54 Aug 04, 2015 Jkt 235001 PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 E:\FR\FM\05AUN1.SGM 05AUN1](https://thefederalregister.org/doc/80_FR_46693/page/1.svg)
![46544 Federal Register / Vol. 80, No. 150 / Wednesday, August 5, 2015 / Notices
Comment: One commenter agreed applications of the step mappings, special publications. NIST will consider
with the inclusion of the Extendable- culminating in the output, is called the the commenter’s suggestions in the
Output Functions in Draft FIPS 202, state.’’ The commenter suggested the development of those publications.
citing the TUAK algorithm—for following replacement: ‘‘The Also, text was added to clarify that
authentication and key generation in permutation, as it undergoes successive extendable-output functions are not yet
mobile telephony—as a suitable applications of the step mappings, approved as variable-length hash
application. maintains a b-bit state, which is initially functions.
Response: NIST acknowledges the set to the input values.’’ Instead, NIST Comment: The only comment on FIPS
comment. No change to the Standard revised the sentence as follows: ‘‘The 180–4 recommended that the SHA–1
was made as a result of the comment. permutation is specified in terms of an hash algorithm be excluded ‘‘due to
Comment: Two commenters array of values for b bits that is highly untrusted security algorithm.’’
recommended a significant restructuring repeatedly updated, called the state; the Response: NIST made no change
of Draft FIPS 202. One commenter’s state is initially set to the input values based on this comment. The comment
proposal was to emphasize the role of of the permutation.’’ This revision is does not directly apply to the Revised
the Keccak-p permutation as a preferable because it retains an explicit Applicability Clause of FIPS 180–4,
‘‘primitive,’’ i.e., a fundamental definition of the term ‘‘state.’’ NIST did which simply acknowledges that FIPS
cryptographic technique. This not include the change requested in the 202 specifies valid options for secure
permutation family is the main general comment. Although the stated hash functions. Moreover, NIST has
component of each SHA–3 function. rationale for the general comment is already developed and adopted an
The comment included a detailed reasonable, it is preferable to omit the appropriate policy for the use of
outline of the commenter’s proposal. hyphens, as originally specified, in SHA–1, based on the latest security
The other commenter’s proposal was to order to help distinguish the different information, as described in NIST
replace FIPS 202 with three standards. roles of the parameters. In particular, Special Publication 800–131A.
The first standard would specify the the numerical suffixes in ‘‘SHAKE128’’ The Secretary of Commerce hereby
Keccak[c] sponge functions as a distinct and ‘‘SHAKE256’’ indicate security approves FIPS 202 and FIPS 180–4.
primitive, and the second and third strengths, while for the SHA–3 hash Copies of FIPS 202 and FIPS 180–4 are
standards would specify the SHA–3 functions such as SHA3–256, the suffix available at: http://csrc.nist.gov/
hash functions and extendable-output indicates the digest length of the hash publications/PubsFIPS.html.
functions, respectively, as instances of function.
these sponge functions. For both Comment: One commenter requested Authority: In accordance with the
commenters, the rationale for their Information Technology Management Reform
that FIPS 202 clarify how the SHA–3
Act of 1996 (Pub. L. 104–106) and the
proposals was to provide greater hash functions would be implemented Federal Information Security Management
flexibility to extend the technology in within the keyed-hash message Act of 2002 (FISMA) (Pub. L. 107–347), the
the future. authentication code (HMAC) that is Secretary of Commerce is authorized to
Response: The restructuring proposals specified in FIPS 198–1. approve FIPS. NIST activities to develop
were not accepted. The text in Section Response: The comment was accepted computer security standards to protect
7 on conformance already explicitly and addressed with new text in the federal sensitive (unclassified) information
accommodates the possibility of conformance section that identified the systems are undertaken pursuant to specific
developing new uses of the Keccak[c] value of the HMAC parameter B for each responsibilities assigned to NIST by Section
sponge functions and other intermediate of the SHA–3 hash functions. 20 of the National Institute of Standards and
functions, as well as new functions Comment: One commenter expressed Technology Act (15 U.S.C. 278g-3), as
based on the Keccak-p permutations. amended.
appreciation for the opportunity to
Moreover, the primary purpose of FIPS review Draft FIPS 202. Richard R. Cavanagh,
202 is to standardize the winning Response: NIST acknowledges the Acting Associate Director for Laboratory
algorithm from the SHA–3 competition. comment. No change was made as a Programs.
Both of the restructuring proposals result of the comment. [FR Doc. 2015–19181 Filed 8–4–15; 8:45 am]
would detract from the perception of the Comment: One commenter discussed BILLING CODE 3510–13–P
Standard as fulfilling that goal. the use of the extendable-output
Comment: One of the previous functions specified in Draft FIPS 202.
commenters also submitted several The comment distinguished between DEPARTMENT OF COMMERCE
editorial comments and one general two types of applications: (1) Variable-
comment on Draft FIPS 202. The general length hash functions, and (2) random- National Oceanic and Atmospheric
comment suggested that hyphens be looking functions, such as key Administration
inserted into the names ‘‘SHAKE128’’ derivation functions (KDFs). The
RIN 0648–XE074
and ‘‘SHAKE256’’ in order to separate comment explained why variable-length
the numerical parameter, which would hash functions were not very interesting Atlantic Highly Migratory Species;
be consistent with the naming from a cryptographic perspective, Meeting of the Atlantic Highly
convention for the SHA–3 hash suggesting that NIST approval be Migratory Species Advisory Panel
functions. limited to KDF-like functions. The
Response: The editorial comments comment also pointed out that the AGENCY: National Marine Fisheries
were accepted, with a modification to incorporation of the output length into Service (NMFS), National Oceanic and
asabaliauskas on DSK5VPTVN1PROD with NOTICES
the suggested resolution in one case. In the input for these functions could be Atmospheric Administration (NOAA),
particular, the commenter observed that specified as a method of addressing the Commerce.
the following sentence in Section 3 prefix property that is discussed in the ACTION: Notice of public meeting and
could be clarified to distinguish Standard. webinar/conference call.
between the input, which is fixed, and Response: The text in Section 7 on
the state, which is mutable: ‘‘The set of conformance explicitly asserts that SUMMARY: NMFS will hold a 2-day
values for the b-bit input to the approved uses of the extendable-output Atlantic Highly Migratory Species
permutation, as it undergoes successive functions will be specified in NIST (HMS) Advisory Panel (AP) meeting in
VerDate Sep<11>2014 16:54 Aug 04, 2015 Jkt 235001 PO 00000 Frm 00007 Fmt 4703 Sfmt 4703 E:\FR\FM\05AUN1.SGM 05AUN1](https://thefederalregister.org/doc/80_FR_46693/page/2.svg)
Document Created: 2018-02-23 10:53:02
Document Modified: 2018-02-23 10:53:02
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice. | |
| Dates | FIPS 202 and FIPS 180-4 are effective on August 5, 2015. | |
| Contact | Ms. Shu-jen Chang, (301) 975-2940, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930, email: [email protected] | |
| FR Citation | 80 FR 46543 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR