Secure Hash Algorithm 3

Description

SHA-3, standardized by NIST as FIPS PUB 202, is a cryptographic hash function family derived from the Keccak algorithm, which won the NIST hash function competition. Unlike SHA-2's Merkle-Damgård structure, SHA-3 is built on a sponge construction, which offers inherent resistance to length-extension attacks and provides a flexible framework for hashing, authenticated encryption, and pseudorandom number generation. The core of SHA-3 is a permutation function operating on a state array of bits, with capacities and rates determining security and performance. Variants include SHA3-224, SHA3-256, SHA3-384, SHA3-512, and extendable-output functions (SHAKE128, SHAKE256).

In 3GPP systems, as specified in TS 35.934, SHA-3 is included as part of the cryptographic algorithm portfolio for future-proofing network security. Its operation involves absorbing input data into the sponge state through XOR operations, applying the Keccak-f permutation iteratively, and then squeezing out the desired hash length. This process provides a robust security margin due to its large internal state and lack of known structural weaknesses akin to those in older hash functions. For mobile networks, SHA-3 could be integrated into integrity protection algorithms for the PDCP layer, key derivation functions within authentication protocols, and certificate validation mechanisms, though its adoption in deployed systems has been slower compared to SHA-256.

The specification details the algorithm's parameters and its potential application within the Universal Terrestrial Radio Access Network (UTRAN) and Evolved UTRAN (E-UTRAN) security contexts. SHA-3's design allows for parallelization and efficient hardware implementation, which is beneficial for high-throughput 5G core networks and resource-constrained IoT devices. While not yet mandatory in mainstream 3GPP security profiles, its inclusion ensures that operators have a vetted alternative should future cryptanalysis threaten SHA-2, aligning with the principle of cryptographic agility essential for long-term network evolution.

Purpose & Motivation

SHA-3 was developed by NIST to provide a diverse cryptographic hash function standard, ensuring a backup should SHA-2 become compromised due to advances in cryptanalysis. The motivation for its inclusion in 3GPP, starting from Release 12, was to future-proof mobile network security by incorporating an algorithm with a completely different mathematical foundation than SHA-2. This addresses the risk of a single structural vulnerability affecting all widely deployed hash functions.

The sponge construction of SHA-3 offers theoretical advantages, such as immunity to length-extension attacks and a more straightforward security proof, which were limitations in the Merkle-Damgård design of SHA-2. For 3GPP, this provides an optional, robust primitive for next-generation security requirements, particularly for 5G and beyond, where quantum computing threats and enhanced attack models are considered. SHA-3's flexibility supports not only hashing but also authenticated encryption modes, which could simplify security protocol designs. Its adoption reflects 3GPP's proactive approach to cryptographic resilience, ensuring that mobile networks can maintain integrity and authentication assurances even in the face of evolving cryptographic threats.

Key Features

• Based on Keccak sponge construction, not Merkle-Damgård
• Provides variants SHA3-224, SHA3-256, SHA3-384, SHA3-512
• Includes extendable-output functions (SHAKE128, SHAKE256)
• Inherent resistance to length-extension attacks
• Suitable for hardware implementation and parallel processing
• Standardized by NIST in FIPS 202 and referenced in 3GPP TS 35.934

Evolution Across Releases

Defining Specifications