I had already written the post about NIST Competition for New Cryptographic Hash Function on my blog. Here are updates based on article by William E. Burr, “A New Hash Competition”, IEEE Security and Privacy, vol. 6, no. 3, pp. 60-62, May/Jun, 2008.
Author says in abstract:
Since the discovery of collision attacks against several well-known cryptographic hash functions in 2004, a rush of new cryptanalytic results cast doubt on the current hash function standards. The relatively new NIST SHA-2 standards aren’t yet immediately threatened, but their long-term viability is now in question. The US National Institute of Standards and Technology (NIST) has therefore begun an international competition to select a new SHA-3 standard. This article outlines the competition, its rules, the requirements for the hash function candidates, and the process that NIST will use to select the final winning SHA-3 standard.
And then, in article:
NIST expects to launch a Hash Competition Conference to review the initial submissions in February 2009; the second conference will occur roughly a year later in 2010 to review public comments submitted on the submissions and their analysis. Following this second conference, NIST will select a small number of finalist candidates (probably five or so) for intensive review by the community. If, as we expect, we get 20 or more initial submissions, we’ll inevitably hear some disagreements about the finalists, but we can only intensively analyze a small number of algorithms, and, as in the AES competition, all the finalists will be good hash functions, although we might have to drop some worthy submissions.
Cryptanalysis of the finalists will be the tricky part—the time that skilled cryptanalysts can donate is the limiting resource here.
NIST is building up its limited cryptanalytic resources, but will rely heavily on the global cryptographic research community to do the bulk of the cryptanalysis. If the AES competition is any model, many analysis papers on the candidates will be submitted to various conferences. NIST will tentatively review the cryptanalysis results and review performance in a third workshop scheduled for 2012, after which they will select a winner.
The winning team might get nothing but glory for their huge effort. NIST expects the best people in the world to participate, as they did in the AES competition, because the community believes an open competition is the best way to select cryptographic standards. NIST expects to work hard, have fun, and significantly advance the state of the art while giving the world a valuable, secure hash function standard.