SHA

Secure Hash Algorithm

Security
Introduced in Rel-16
Secure Hash Algorithm (SHA) is a family of cryptographic hash functions standardized by NIST and widely adopted in 3GPP for security. It generates a fixed-size, unique digital fingerprint (hash) from input data, used for data integrity, digital signatures, and key derivation in network authentication and protection mechanisms.

Description

The Secure Hash Algorithm (SHA) is a critical cryptographic primitive used extensively within 3GPP security architectures. A hash function takes an input message of arbitrary length and processes it to produce a fixed-length output, called a hash digest or message digest. The core properties of a cryptographic hash function like SHA are: collision resistance (it is computationally infeasible to find two different inputs that produce the same hash), preimage resistance (given a hash, it is infeasible to find the original input), and second preimage resistance (given an input and its hash, it is infeasible to find a different input with the same hash).

Within 3GPP systems, specific SHA variants are mandated for various security functions. SHA-256, part of the SHA-2 family, is particularly prevalent. It produces a 256-bit (32-byte) digest. Its operation involves breaking the input into blocks, using a compression function, and iteratively processing each block with a series of logical operations (AND, OR, XOR, rotations) and constants. The internal state is updated with each block, culminating in the final hash value. SHA-256 is used in the 5G Authentication and Key Agreement (5G-AKA) protocol for generating cryptographic keys and in the integrity protection algorithms (like 128-NIA2) for signaling messages.

SHA is also a fundamental component of the HMAC (Hash-based Message Authentication Code) construction, which is used for message authentication and integrity verification. Furthermore, SHA-based functions are used in key derivation functions (KDFs), such as those defined in 3GPP TS 33.220, to generate multiple secret keys from a single shared secret established during authentication. For example, in 5G, the KDF uses SHA-256 to derive the specific keys used for ciphering (encryption) and integrity protection of user data and control plane signaling between the UE and the network. The algorithm's strength ensures that even a tiny change in the input data results in a completely different, unpredictable hash, making it ideal for verifying data integrity and authenticating network entities.

Purpose & Motivation

SHA was incorporated into 3GPP standards to provide a robust, standardized foundation for data integrity, authentication, and key derivation. Earlier mobile generations used weaker cryptographic algorithms. As computational power increased, these became vulnerable to attacks. The adoption of SHA, particularly SHA-256, was motivated by the need for stronger, future-proof security mechanisms capable of protecting against collision and preimage attacks that could compromise network authentication or allow for message forgery.

Its primary purpose is to ensure the trustworthiness of communications in 3GPP networks. For integrity protection, it allows the receiver to verify that a message has not been altered in transit. In digital signatures (used in certificate validation for network nodes), SHA creates a digest of the data that is then signed, providing authentication and non-repudiation. As a core component of key derivation, it enables the secure generation of multiple session keys from a master key, ensuring key separation and limiting the impact of a potential key compromise. The use of a widely-vetted, internationally recognized standard like SHA also promotes interoperability, security assurance, and regulatory compliance across global telecom deployments.

Key Features

  • Deterministic: Same input always produces the same hash
  • Fixed output size (e.g., 256 bits for SHA-256)
  • Computationally efficient to calculate
  • Highly sensitive to input changes (avalanche effect)
  • Collision-resistant and preimage-resistant
  • Foundation for HMAC, KDF, and digital signatures

Evolution Across Releases

Rel-16 Initial

SHA-256 was firmly established as a mandatory cryptographic algorithm in 3GPP Release 16, particularly for the 5G System. It was specified as the core hash function for the 5G Authentication and Key Agreement (5G-AKA) protocol, for key derivation functions (KDF), and for integrity protection algorithms. Release 16 formalized its use in securing the service-based interface (SBI) within the 5G Core and for SUCI calculation privacy protection.

TS 26.512TS 33.938
Rel-17

Release 17 expanded the application of SHA-256 into new 5G service areas. Enhancements included its use in security mechanisms for edge computing (EDGE), enhanced network slicing security, and integration into the security procedures for unmanned aerial systems (UAS) and 5G LAN-type services, ensuring consistent cryptographic strength across all 5G verticals.

TS 26.512TS 33.938
Rel-18

In Release 18, as part of 5G-Advanced, the role of SHA-256 was reinforced for ongoing security assurance. Work included potential profiling for post-quantum cryptography readiness, where hash functions like SHA-256 and SHA-384 are fundamental components of many post-quantum signature and KEM algorithms, ensuring a smooth future transition.

TS 26.512TS 33.938
Rel-19

Release 19 continues to rely on SHA-256 as a bedrock security primitive. Focus areas include its application in enhanced authentication frameworks, security for AI/ML in the RAN, and further refinements to privacy-preserving techniques and secure service communications, maintaining its position as the default hash function for 3GPP system security.

TS 26.512TS 33.938

Defining Specifications

SpecificationTitle
TS 26.512 3GPP TS 26.512
TS 33.938 3GPP TR 33.938