Announcing Draft Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Draft Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard, and Request for Comments, 30549-30550 [2014-12336]

Download as PDF Federal Register / Vol. 79, No. 102 / Wednesday, May 28, 2014 / Notices product or service. In the case of a trade association, the applicant must certify that, for each company to be represented by the trade association or trade organization, the products and services the represented company seeks to export are either produced in the United States, or, if not, marketed under the name of a U.S. firm and have demonstrable U.S. content. In the case of an academic or research institution, the applicant must certify that as part of its activities at the event, it will represent the interests of constituents that meet the criteria above. Applicants from a company, organization or institution that is majority owned or controlled by a foreign government entity will not be considered for participation in the U.S. Industry Program. emcdonald on DSK67QTVN1PROD with NOTICES Selection Criteria Selection will be based on the following criteria: • Suitability of the company’s (or, in the case of another organization, represented companies’ or constituents’) products or services to each of the markets the company or organization has expressed an interest in exporting to as part of this trade mission. • The company’s (or, in the case of another organization, represented companies’ or constituents’) potential for business in each of the markets to which the company or organization has expressed an interest in exporting as part of this trade mission, including likelihood of exports resulting from the mission. • Consistency of the applicant company’s (or, in the case of another organization, represented companies’ or constituents’) goals and objectives with the stated mission scope. Diversity of company size, sector or subsector, and location also may be considered in the review process. Referrals from political organizations and any documents containing references to partisan political activities (including political contributions) will be removed from an applicant’s submission and will not be considered. Timeframe for Recruitment and Participation Recruitment for participation in the U.S. Industry Program as a representative of the U.S. nuclear industry will be conducted in an open and public manner, including publication in the Federal Register, posting on the DOC trade mission calendar, notices to industry trade associations and other multiplier groups. Recruitment will begin two weeks after publication in the Federal VerDate Mar<15>2010 16:58 May 27, 2014 Jkt 232001 Register and conclude no later than June 14, 2014. The ITA will review applications and make selection decisions on a rolling basis. Applications received after June 14, 2014, will be considered only if space and scheduling permit. Contacts Jonathan Chesebro, Industry & Analysis, Office of Energy and Environmental Industries, Washington, DC, Tel: (202) 482–1297, Email: jonathan.chesebro@ trade.gov. Marta Haustein, Embassy of the United States of America, U.S. Commercial Service, Vienna, Austria, Tel: +43(0) 1 313 39 2205, Email: marta.haustein@ trade.gov. Shannon Fraser, International Business Development, U.S. Commercial Service—Silicon Valley, San Jose, CA, Tel: (408) 535–2757, ext. 106, Email: shannon.fraser@trade.gov. Dated: May 21, 2014. Edward A. O’Malley, Director, Office of Energy and Environmental Industries. [FR Doc. 2014–12173 Filed 5–27–14; 8:45 am] BILLING CODE 3510–DR–P DEPARTMENT OF COMMERCE National Institute of Standards and Technology Announcing Draft Federal Information Processing Standard (FIPS) 202, SHA– 3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Draft Revision of the Applicability Clause of FIPS 180–4, Secure Hash Standard, and Request for Comments Docket No.: [130917811–3811–01] AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice; request for comments. The National Institute of Standards and Technology (NIST) launched a public competition in November 2007 to develop a new cryptographic hash algorithm for standardization to augment the Government standard hash algorithms specified in Federal Information Processing Standard (FIPS) 180, Secure Hash Standard. NIST announced the selection of Keccak as the winning algorithm in a press release issued on October 2, 2012, which is available at http://www.nist.gov/itl/csd/sha100212.cfm. Draft FIPS 202 specifies the new ‘‘Secure Hash Algorithm-3’’ (SHA– 3) family of permutation-based functions based on Keccak. SUMMARY: PO 00000 Frm 00011 Fmt 4703 Sfmt 4703 30549 Four fixed-length cryptographic hash algorithms (SHA3–224, SHA3–256, SHA3–384, and SHA3–512) and two closely related, ‘‘extendable-output’’ functions (SHAKE128 and SHAKE256) are specified in Draft FIPS 202; all six algorithms are permutation-based ‘‘sponge’’ functions. The four SHA–3 hash functions provide alternatives to the SHA–2 family of hash functions. The extendable-output functions (XOFs) can be specialized to hash functions, subject to additional security considerations, or used in a variety of other applications. Hash algorithms are used in many information security applications, including (1) the generation and verification of digital signatures, (2) key-derivation functions, and (3) random bit generation. Both FIPS 180–4 and Draft FIPS 202 specify cryptographic hash algorithms. FIPS 180–4 specifies SHA–1 and the SHA–2 family of hash functions, and mandates the use of one of these functions for Federal applications that require a cryptographic hash function. Draft FIPS 202 specifies the new SHA– 3 family of hash and extendable-output functions. To allow the use of the functions specified in either FIPS 180– 4 or Draft FIPS 202 for Federal applications that require a cryptographic hash function, NIST proposes revising the Applicability Clause (#6) of the Announcement Section of FIPS 180–4; the other sections of FIPS 180–4 remain unchanged. The NIST Policy on Hash Functions, available at http:// csrc.nist.gov/groups/ST/hash/ policy.html, provides guidance on the choice of hash functions for specific applications. NIST invites public comments on Draft FIPS 202, which is available at http://csrc.nist.gov/publications/ PubsDrafts.html, and on the proposed revision of the Applicability Clause of the Announcement Section of FIPS 180– 4, available at http://csrc.nist.gov/ publications/PubsFIPS.html. After the comment period closes, NIST will analyze the comments, make changes to the respective documents, as appropriate, and then propose Draft FIPS 202 and the revised FIPS 180–4 to the Secretary of Commerce for approval. DATES: Comments on Draft FIPS 202 and the revised Applicability Clause of FIPS 180–4 must be received on or before August 26, 2014. ADDRESSES: Comments on Draft FIPS 202 and the revised Applicability Clause of FIPS 180–4 may be sent electronically to SHA3comments@ nist.gov with the relevant Subject line: ‘‘Comment on Draft FIPS 202,’’ or E:\FR\FM\28MYN1.SGM 28MYN1 emcdonald on DSK67QTVN1PROD with NOTICES 30550 Federal Register / Vol. 79, No. 102 / Wednesday, May 28, 2014 / Notices ‘‘Comment on draft revision to the Applicability Clause of FIPS 180.’’ Comments may also be sent by mail to: Chief, Computer Security Division, Information Technology Laboratory, ATTN: Comments on Draft FIPS 202 for SHA–3, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899–8930. FOR FURTHER INFORMATION CONTACT: Ms. Shu-jen Chang (301) 975–2940, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899–8930, email: Shu-jen.Chang@nist.gov. SUPPLEMENTARY INFORMATION: On November 2, 2007, NIST announced a Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA–3) Family in the Federal Register (72 FR 62212), which is available at https:// federalregister.gov/a/E7-21581. The notice requested the submission of candidate hash algorithms for consideration in a public competition to select a new hash algorithm that would augment the Government standard hash algorithms specified in Federal Information Processing Standard (FIPS) 180, Secure Hash Standard. The competition was referred to as the SHA– 3 Cryptographic Hash Algorithm Competition, or the SHA–3 Competition. By October 31, 2008, NIST received sixty-four entries from cryptographers around the world. From these entries, NIST selected fifty-one first-round candidates in December 2008, fourteen second-round candidates in July 2009, and five finalists in December 2010. NIST summarized its decision in a report at the end of each round; NISTIR 7620 for the first round and NISTIR 7764 for the second round are available at http://csrc.nist.gov/publications/ PubsNISTIRs.html. Eighteen months were provided for the public review of the SHA–3 finalists. The worldwide cryptographic community provided an enormous amount of analysis and public feedback on the candidates throughout the competition. NIST also hosted a SHA– 3 candidate conference during each round of the competition to obtain public feedback. After much careful study and consideration of the finalists and public comments, NIST announced the selection of Keccak as the winner of the SHA–3 Cryptographic Hash Algorithm Competition in a press release on October 2, 2012. Keccak is a family of permutation-based sponge functions that cryptographic hash functions and other applications can be built from. The press release is available VerDate Mar<15>2010 19:27 May 27, 2014 Jkt 232001 at http://www.nist.gov/itl/csd/sha100212.cfm, and a report explaining this selection (NISTIR 7896) is available at http://dx.doi.org/10.6028/NIST.IR.7896. Request for Comments NIST publishes this notice to solicit public comments on Draft FIPS 202. Draft FIPS 202 specifies the new SHA– 3 family of permutation-based hash and extendable-output functions based on Keccak. This algorithm is the core of the proposed SHA–3 Standard, but the standard does not standardize nor approve every variant that the Keccak family of functions can support. NIST strongly encourages the public to continue analyzing the security of the Keccak family of permutation-based sponge functions in general, and the six algorithms specified in Draft FIPS 202 in particular, and to submit those analyses as official comments in response to this request. NIST invites public comments on Draft FIPS 202, which is available at http:// csrc.nist.gov/publications/ PubsDrafts.html. Such analyses and other comments received will be considered by NIST in preparing the final version of FIPS 202. NIST also invites public comments on the revised Applicability Clause in the Announcement Section of FIPS 180–4; the revision would permit compliance with FIPS 202 in lieu of FIPS 180–4 for Federal applications when a cryptographic hash function is called for. Public comments received in response to this request will be posted regularly at http://csrc.nist.gov/groups/ ST/hash/sha-3/sha-3_ standardization.html. NIST reminds all interested parties that the SHA–3 development effort was conducted as an open standards-setting activity. NIST requests that all interested parties inform NIST of any patents or inventions that may be required for the use of Draft FIPS 202 algorithms. This includes comments from all parties regarding specific claims that the use of Draft FIPS 202 algorithms infringes on their patent(s). Claims regarding the infringement of copyrighted software are also solicited. NIST views this input as a critical factor in the eventual widespread adoption and implementation of Draft FIPS 202. All comments received by the deadline will be made publicly available at http:// csrc.nist.gov/groups/ST/hash/sha-3/ sha-3_standardization.html without change or redaction. Therefore, comments should not include proprietary or confidential information. To encourage on-going discussions related to the SHA–3 standardization effort, NIST will continue to maintain PO 00000 Frm 00012 Fmt 4703 Sfmt 4703 its SHA–3 electronic discussion forum at hash-forum@nist.gov. Please note that comments sent to this list will NOT be considered ‘‘official’’ comments; to be considered ‘‘official,’’ a comment must be submitted as described above in the ADDRESSES section of this Notice. Authority: In accordance with the Information Technology Management Reform Act of 1996 (Pub. L. 104–106) and the Federal Information Security Management Act of 2002 (FISMA) (Pub. L. 107–347), the Secretary of Commerce is authorized to approve FIPS. NIST activities to develop computer security standards to protect federal sensitive (unclassified) information systems are undertaken pursuant to specific responsibilities assigned to NIST by Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3), as amended. E.O. 12866: This notice has been determined not to be significant for the purposes of E.O. 12866. Dated: May 21, 2014. Willie E. May, Associate Director for Laboratory Programs. [FR Doc. 2014–12336 Filed 5–27–14; 8:45 am] BILLING CODE 3510–13–P DEPARTMENT OF COMMERCE National Institute of Standards and Technology Board of Overseers of the Malcolm Baldrige National Quality Award and Judges Panel of the Malcolm Baldrige National Quality Award National Institute of Standards and Technology, Department of Commerce. ACTION: Notice of open meeting. AGENCY: The Board of Overseers of the Malcolm Baldrige National Quality Award (Board of Overseers) and the Judges Panel of the Malcolm Baldrige National Quality Award (Judges Panel) will meet together in open session on Thursday, June 12, 2014, from 8:30 a.m. to 3:00 p.m. Eastern time. The Board of Overseers, appointed by the Secretary of Commerce, reports the results of the Malcolm Baldrige National Quality Award (Award) activities to the Director of The National Institute of Standards and Technology (NIST) each year, along with its recommendations for the improvement of the Award process. The Judges Panel, also appointed by the Secretary of Commerce, ensures the integrity of the Award selection process and recommends Award recipients to the Secretary of Commerce. The purpose of this meeting is to discuss and review information received from the National SUMMARY: E:\FR\FM\28MYN1.SGM 28MYN1

Agencies

[Federal Register Volume 79, Number 102 (Wednesday, May 28, 2014)]
[Notices]
[Pages 30549-30550]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-12336]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology


Announcing Draft Federal Information Processing Standard (FIPS) 
202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output 
Functions, and Draft Revision of the Applicability Clause of FIPS 180-
4, Secure Hash Standard, and Request for Comments

Docket No.: [130917811-3811-01]

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
launched a public competition in November 2007 to develop a new 
cryptographic hash algorithm for standardization to augment the 
Government standard hash algorithms specified in Federal Information 
Processing Standard (FIPS) 180, Secure Hash Standard. NIST announced 
the selection of Keccak as the winning algorithm in a press release 
issued on October 2, 2012, which is available at http://www.nist.gov/itl/csd/sha-100212.cfm. Draft FIPS 202 specifies the new ``Secure Hash 
Algorithm-3'' (SHA-3) family of permutation-based functions based on 
Keccak.
    Four fixed-length cryptographic hash algorithms (SHA3-224, SHA3-
256, SHA3-384, and SHA3-512) and two closely related, ``extendable-
output'' functions (SHAKE128 and SHAKE256) are specified in Draft FIPS 
202; all six algorithms are permutation-based ``sponge'' functions. The 
four SHA-3 hash functions provide alternatives to the SHA-2 family of 
hash functions. The extendable-output functions (XOFs) can be 
specialized to hash functions, subject to additional security 
considerations, or used in a variety of other applications. Hash 
algorithms are used in many information security applications, 
including (1) the generation and verification of digital signatures, 
(2) key-derivation functions, and (3) random bit generation.
    Both FIPS 180-4 and Draft FIPS 202 specify cryptographic hash 
algorithms. FIPS 180-4 specifies SHA-1 and the SHA-2 family of hash 
functions, and mandates the use of one of these functions for Federal 
applications that require a cryptographic hash function. Draft FIPS 202 
specifies the new SHA-3 family of hash and extendable-output functions. 
To allow the use of the functions specified in either FIPS 180-4 or 
Draft FIPS 202 for Federal applications that require a cryptographic 
hash function, NIST proposes revising the Applicability Clause 
(6) of the Announcement Section of FIPS 180-4; the other 
sections of FIPS 180-4 remain unchanged. The NIST Policy on Hash 
Functions, available at http://csrc.nist.gov/groups/ST/hash/policy.html, provides guidance on the choice of hash functions for 
specific applications.
    NIST invites public comments on Draft FIPS 202, which is available 
at http://csrc.nist.gov/publications/PubsDrafts.html, and on the 
proposed revision of the Applicability Clause of the Announcement 
Section of FIPS 180-4, available at http://csrc.nist.gov/publications/PubsFIPS.html. After the comment period closes, NIST will analyze the 
comments, make changes to the respective documents, as appropriate, and 
then propose Draft FIPS 202 and the revised FIPS 180-4 to the Secretary 
of Commerce for approval.

DATES: Comments on Draft FIPS 202 and the revised Applicability Clause 
of FIPS 180-4 must be received on or before August 26, 2014.

ADDRESSES: Comments on Draft FIPS 202 and the revised Applicability 
Clause of FIPS 180-4 may be sent electronically to 
SHA3comments@nist.gov with the relevant Subject line: ``Comment on 
Draft FIPS 202,'' or

[[Page 30550]]

``Comment on draft revision to the Applicability Clause of FIPS 180.'' 
Comments may also be sent by mail to: Chief, Computer Security 
Division, Information Technology Laboratory, ATTN: Comments on Draft 
FIPS 202 for SHA-3, National Institute of Standards and Technology, 100 
Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.

FOR FURTHER INFORMATION CONTACT: Ms. Shu-jen Chang (301) 975-2940, 
National Institute of Standards and Technology, 100 Bureau Drive, Mail 
Stop 8930, Gaithersburg, MD 20899-8930, email: Shu-jen.Chang@nist.gov.

SUPPLEMENTARY INFORMATION: On November 2, 2007, NIST announced a 
Request for Candidate Algorithm Nominations for a New Cryptographic 
Hash Algorithm (SHA-3) Family in the Federal Register (72 FR 62212), 
which is available at https://federalregister.gov/a/E7-21581. The 
notice requested the submission of candidate hash algorithms for 
consideration in a public competition to select a new hash algorithm 
that would augment the Government standard hash algorithms specified in 
Federal Information Processing Standard (FIPS) 180, Secure Hash 
Standard. The competition was referred to as the SHA-3 Cryptographic 
Hash Algorithm Competition, or the SHA-3 Competition.
    By October 31, 2008, NIST received sixty-four entries from 
cryptographers around the world. From these entries, NIST selected 
fifty-one first-round candidates in December 2008, fourteen second-
round candidates in July 2009, and five finalists in December 2010. 
NIST summarized its decision in a report at the end of each round; 
NISTIR 7620 for the first round and NISTIR 7764 for the second round 
are available at http://csrc.nist.gov/publications/PubsNISTIRs.html.
    Eighteen months were provided for the public review of the SHA-3 
finalists. The worldwide cryptographic community provided an enormous 
amount of analysis and public feedback on the candidates throughout the 
competition. NIST also hosted a SHA-3 candidate conference during each 
round of the competition to obtain public feedback. After much careful 
study and consideration of the finalists and public comments, NIST 
announced the selection of Keccak as the winner of the SHA-3 
Cryptographic Hash Algorithm Competition in a press release on October 
2, 2012. Keccak is a family of permutation-based sponge functions that 
cryptographic hash functions and other applications can be built from. 
The press release is available at http://www.nist.gov/itl/csd/sha-100212.cfm, and a report explaining this selection (NISTIR 7896) is 
available at http://dx.doi.org/10.6028/NIST.IR.7896.

Request for Comments

    NIST publishes this notice to solicit public comments on Draft FIPS 
202. Draft FIPS 202 specifies the new SHA-3 family of permutation-based 
hash and extendable-output functions based on Keccak. This algorithm is 
the core of the proposed SHA-3 Standard, but the standard does not 
standardize nor approve every variant that the Keccak family of 
functions can support.
    NIST strongly encourages the public to continue analyzing the 
security of the Keccak family of permutation-based sponge functions in 
general, and the six algorithms specified in Draft FIPS 202 in 
particular, and to submit those analyses as official comments in 
response to this request. NIST invites public comments on Draft FIPS 
202, which is available at http://csrc.nist.gov/publications/PubsDrafts.html. Such analyses and other comments received will be 
considered by NIST in preparing the final version of FIPS 202.
    NIST also invites public comments on the revised Applicability 
Clause in the Announcement Section of FIPS 180-4; the revision would 
permit compliance with FIPS 202 in lieu of FIPS 180-4 for Federal 
applications when a cryptographic hash function is called for. Public 
comments received in response to this request will be posted regularly 
at http://csrc.nist.gov/groups/ST/hash/sha-3/sha-3_standardization.html. NIST reminds all interested parties that the SHA-
3 development effort was conducted as an open standards-setting 
activity. NIST requests that all interested parties inform NIST of any 
patents or inventions that may be required for the use of Draft FIPS 
202 algorithms. This includes comments from all parties regarding 
specific claims that the use of Draft FIPS 202 algorithms infringes on 
their patent(s). Claims regarding the infringement of copyrighted 
software are also solicited. NIST views this input as a critical factor 
in the eventual widespread adoption and implementation of Draft FIPS 
202. All comments received by the deadline will be made publicly 
available at http://csrc.nist.gov/groups/ST/hash/sha-3/sha-3_standardization.html without change or redaction. Therefore, comments 
should not include proprietary or confidential information.
    To encourage on-going discussions related to the SHA-3 
standardization effort, NIST will continue to maintain its SHA-3 
electronic discussion forum at hash-forum@nist.gov. Please note that 
comments sent to this list will NOT be considered ``official'' 
comments; to be considered ``official,'' a comment must be submitted as 
described above in the ADDRESSES section of this Notice.

    Authority:  In accordance with the Information Technology 
Management Reform Act of 1996 (Pub. L. 104-106) and the Federal 
Information Security Management Act of 2002 (FISMA) (Pub. L. 107-
347), the Secretary of Commerce is authorized to approve FIPS. NIST 
activities to develop computer security standards to protect federal 
sensitive (unclassified) information systems are undertaken pursuant 
to specific responsibilities assigned to NIST by Section 20 of the 
National Institute of Standards and Technology Act (15 U.S.C. 278g-
3), as amended.

    E.O. 12866: This notice has been determined not to be significant 
for the purposes of E.O. 12866.

    Dated: May 21, 2014.
Willie E. May,
Associate Director for Laboratory Programs.
[FR Doc. 2014-12336 Filed 5-27-14; 8:45 am]
BILLING CODE 3510-13-P