NIST boosts crypto with faster SHA-2 functions

The National Institute of Standards and Technology, guardian of America's cryptography standards, has announced a new extension to the SHA-2 hashing algorithm family that promises to boost performance on modern chips.

The Secure Hash Algorithm, or SHA, is a conerstone of modern cryptography. The algorithm is designed to produce a one-way hash which can be used to verify that a message hasn't been tampered with during transit, and is often used to validate software packages following distribution.

While SHA-0, the original implementation, was found to be flawed, its replacement SHA-1 is still in common use today, despite the discovery of a mathematical weakness - but this most recent announcement from NIST could help popularise its replacement, SHA-2.

The SHA-2 family of algorithms uses four 'digest' lengths: 224-bit, 256-bit, 384-bit, and 512-bit. The longer the digest, the less likely a 'collision' - where two differing messages equate to the same digest. The longest implementation, SHA-512, has another interesting quirk beyond improved security, however: it performs significantly faster than the others on 64-bit hardware.

Despite the improved performance, the additional overhead needed to calculate a larger digest means that SHA-512 is still slower than its smaller counterparts overall - but the latest filing with NIST suggests a method to take advantage of its speed for smaller digest sizes.

Announced this week, two new standards - SHA-512/224 and SHA-512/256 - have been created to directly replace the SHA-224 and SHA-256 standards. They take advantage of the speed improvements inherent in SHA-512 on 64-bit processors to produce checksums more rapidly than their predecessors - but truncate them at a shorter length, reducing the overall timespan and complexity of the digest.

It's an interesting method of improving performance, and with the vast majority of x86 hardware - though not, it must be said, ARM hardware - running 64-bit code, could spell an impressive performance boost for those who choose to implement it.

With SHA-3 already under development, with an hash function to be chosen by NIST at the culmination of a competition next year, it's as yet unclear how many developers will choose to adopt the new functions for what could prove a short-term performance gain.

Both the SHA-512/224 and SHA-512/256 standards are available for download now directly from NIST.