Information about http://www.csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
62212 …
Tags: algorithms, collisions, e mail, federal register, gaithersburg md, initiation, itc, jen chang, material injury, md4, md5, nist, november 2, prc, sha, shu, submission package,Pages: 9
Language: english
Created: Fri Nov 2 01:49:06 2007
Display cached document
Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
62212 Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices
Preliminary Determination by the ITC related to a specific submission package, Recently, cryptanalysts have found
The ITC will preliminarily determine, contact Ms. Shu-jen Chang, National collisions on the MD4, MD5, and SHA
within 25 days after the date on which Institute of Standards and Technology, 0 algorithms; moreover, a method for
it receives notice of the initiation, 100 Bureau Drive--Stop 8930, finding SHA1 collisions with less than
whether there is a reasonable indication Gaithersburg, MD 208998930; the expected amount of work has been
that imports of subsidized LWTP from telephone: 3019752940 or via fax at published, although at this time SHA
the PRC are causing material injury, or 3019758670, e-mail: shu- 1 collisions have not yet been
threatening to cause material injury, to jen.chang@nist.gov. demonstrated. Although there is no
a U.S. industry. See section 703(a)(2) of SUPPLEMENTARY INFORMATION: This specific reason to believe that a practical
the Act. A negative ITC determination notice contains the following sections: attack on any of the SHA2 family of
will result in the investigation being hash functions is imminent, a successful
1. Background collision attack on an algorithm in the
terminated; otherwise, the investigation 2. Requirements for Candidate Algorithm
will proceed according to statutory and SHA2 family could have catastrophic
Submission Packages
regulatory time limits. 2.A Cover Sheet
effects for digital signatures.
This notice is issued and published 2.B Algorithm Specifications and NIST has decided that it is prudent to
pursuant to section 777(i) of the Act. Supporting Documentation develop a new hash algorithm to
2.C Optical Media augment and revise FIPS 1802. The
Dated: October 29, 2007.
2.D Intellectual Property Statements/ new hash algorithm will be referred to
Stephen J. Claeys, Agreements/Disclosures as ``SHA3'', and will be developed
Acting Assistant Secretary for Import 2.E General Submission Requirements through a public competition, much like
Administration. 2.F Technical Contacts and Additional the development of the Advanced
[FR Doc. E721616 Filed 11107; 8:45 am] Information
Encryption Standard (AES). NIST
BILLING CODE 3510DSS 3. Minimum Acceptability Requirements
4. Evaluation Criteria intends that SHA3 will specify an
4.A Security unclassified, publicly disclosed
4.B Cost algorithm(s), which is available
DEPARTMENT OF COMMERCE
4.C Algorithm and Implementation worldwide without royalties or other
National Institute of Standards and Characteristics intellectual property restrictions, and is
5. Initial Planning for the First SHA3 capable of protecting sensitive
Technology
Candidate Conference information for decades. Following the
[Docket No.: 070911510751201] 6. Plans for the Candidate Evaluation Process close of the submission period, NIST
6.A Overview
intends to make all ``complete and
Announcing Request for Candidate 6.B Round 1 Technical Evaluation
6.C Round 2 Technical Evaluation proper'' (as defined in section 3)
Algorithm Nominations for a New
7. Miscellaneous submissions publicly available for
Cryptographic Hash Algorithm
review and comment.
(SHA3) Family Authority: This work is being initiated
pursuant to NIST's responsibilities under the
NIST does not currently plan to
AGENCY: National Institute of Standards Federal Information Security Management withdraw SHA2 or remove it from the
and Technology, Commerce. Act (FISMA) of 2002, Public Law 107347. revised Secure Hash Standard; however,
ACTION: Notice and request for it is intended that SHA3 can be
nominations for candidate hash 1. Background directly substituted for SHA2 in
algorithms. Modern, collision resistant hash current applications, and will
functions were designed to create small, significantly improve the robustness of
SUMMARY: This notice solicits fixed size message digests so that a NIST's overall hash algorithm toolkit.
nominations from any interested party digest could act as a proxy for a possibly Therefore, the submitted algorithms for
for candidate algorithms to be very large variable length message in a SHA3 must provide message digests of
considered for SHA3, and specifies digital signature algorithm, such as RSA 224, 256, 384 and 512 bits to allow
how to submit a nomination package. It or DSA. These hash functions have substitution for the SHA2 family. The
presents the nomination requirements since been widely used for many other 160-bit hash value produced by SHA1
and the minimum acceptability ``ancillary'' applications, including is becoming too small to use for digital
requirements of a ``complete and hash-based message authentication signatures, therefore, a 160-bit
proper'' candidate algorithm codes, pseudo random number replacement hash algorithm is not
submission. The evaluation criteria that generators, and key derivation contemplated.
will be used to appraise the candidate functions. Many cryptographic applications that
algorithms are also described. A series of related hash functions are currently specified in FIPS and NIST
DATES: Candidate algorithm nomination have been developed, such as MD4, Special Publications require the use of
packages must be received by October MD5, SHA0, SHA1 and the SHA2 a NIST-approved hash algorithm. These
31, 2008. Further details are available in family, (which includes 224, 256, 384 publications include:
section 2. and 512-bit variants); all of these follow · FIPS 1862, Digital Signature
ADDRESSES: Candidate algorithm the Merkle-Damgard construct. NIST Standard;
submission packages should be sent to: began the standardization of the SHA · FIPS 198, The Keyed-Hash Message
Ms. Shu-jen Chang, Information hash functions in 1993, with a Authentication Code (HMAC);
Technology Laboratory, Attention: Hash specification of SHA0 in the Federal · SP 80056A, Recommendation for
Algorithm Submissions, 100 Bureau Information Processing Standards Pair-Wise Key Establishment Schemes
Drive--Stop 8930, National Institute of Publication (FIPS PUBS) 180, the Secure Using Discrete Logarithm Cryptography;
pwalker on PROD1PC71 with NOTICES
Standards and Technology, Hash Standard; subsequent revisions of and
Gaithersburg, MD 208998930. the FIPS have replaced SHA0 with · SP 80090, Recommendation for
FOR FURTHER INFORMATION CONTACT: For SHA1 and added the SHA2 family in Random Number Generation Using
general information, send e-mail to FIPS 1801 and FIPS 1802, Deterministic Random Bit Generators
hash-function@nist.gov. For questions respectively. (DRBGs).
VerDate Aug2005 15:58 Nov 01, 2007 Jkt 214001 PO 00000 Frm 00009 Fmt 4703 Sfmt 4703 E:\FR\FM\02NON1.SGM 02NON1
Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices 62213
The SHA3 algorithm is expected to be deadline. Requests for the withdrawal of proof, and 2) a preliminary analysis,
suitable for these applications. submission packages will only be such as possible attack scenarios for
Since SHA3 is expected to provide a honored until the submission deadline. collision-finding, first-preimage-finding,
simple substitute for the SHA2 family Due to the specific requirements of second-preimage-finding, length-
of hash functions, certain properties of the submission package such as extension attack, multicollision attack,
the SHA2 hash functions must be Intellectual Property Statements / or any cryptographic attacks that have
preserved, including the input Agreements / Disclosures as specified in been considered and their results.
parameters; the output sizes; the section 2.D, e-mail submissions will not In addition, the submitted algorithm
collision resistance, preimage be accepted for these statements or for may include a tunable security
resistance, and second-preimage the initial submission package. parameter, such as the number of
resistance properties; and the ``one- However, e-mail submissions of rounds, which would allow the
pass'' streaming mode of execution. amendments to the initial submission selection of a range of possible security/
However, it is also desirable that the package will be allowed prior to the performance tradeoffs. If such a
selected SHA3 algorithm offer features submission deadline. parameter is provided, the submission
or properties that exceed, or improve ``Complete and proper'' submission document must specify a recommended
upon, the SHA2 hash functions. For packages received in response to this value for each digest size specified in
example, the selected SHA3 algorithm notice will be posted at http:// Section 3, with justification. The
may offer efficient integral options, such www.nist.gov/hash-competition for submission should also provide any
as randomized hashing, that inspection. To be considered as a bounds that the designer feels are
fundamentally improve security, or it ``complete'' submission package (and appropriate for the parameter, including
may be parallelizable, more efficient to continue further in the hash algorithm a bound below which the submitter
implement on some platforms, more consideration process), candidate expects cryptanalysis to become
suitable for certain applications, or may algorithm submission packages must practical. The tunable parameter may be
avoid some of the incidental ``generic'' contain the following (as described in used to produce weakened versions of
properties (such as length extension) of detail below): the submitted algorithm for analysis,
the Merkle-Damgard construct that often · Cover Sheet. and permit NIST to select a different
result in insecure applications. · Algorithm Specifications and security/performance tradeoff than
NIST expects SHA3 to have a Supporting Documentation. originally specified by the submitter, in
security strength that is at least as good · Optical Media. light of discovered attacks or other
as the hash algorithms currently · Intellectual Property Statements/ analysis, and in light of the alternative
specified in FIPS 1802, and that this Agreements/Disclosures. algorithms that are available. NIST will
security strength will be achieved with · General Submission Requirements. consult with the submitter of the
significantly improved efficiency. NIST Each of these items is discussed in algorithm if it plans to select that
also desires that the SHA3 hash detail below. algorithm for SHA3, but with a
functions will be designed so that a different parameter value than originally
possibly successful attack on the SHA 2.A Cover Sheet
specified by the submitter. Submissions
2 hash functions is unlikely to be A cover sheet shall contain the that do not include such a parameter
applicable to SHA3. The SHA3 family following information: should include a weakened version of
should be suitably flexible for a wide · Name of the submitted algorithm.
the submitted algorithm for analysis, if
variety of implementations, even though · Principal submitter's name, e-mail
at all possible.
it may not operate with optimal address, telephone, fax, organization,
and postal address. NIST is open to, and encourages,
efficiency in each and every potential
application. · Name(s) of auxiliary submitter(s). submissions of hash functions that
For interoperability, NIST strongly · Name of the algorithm inventor(s)/ differ from the traditional Merkle-
desires a single hash algorithm family developer(s). Damgard model, using other structures,
(that is, that different size message · Name of the owner, if any, of the chaining modes, and possibly additional
digests be internally generated in as algorithm. (normally expected to be the inputs. However, if a submitted
similar a manner as possible) to be same as the submitter). algorithm cannot be used directly in
selected for SHA3. However, if more · Signature of the submitter. current applications of hash functions
than one suitable candidate family is · (optional) Backup point of contact as specified in FIPS or NIST Special
identified, and each provides significant (with telephone, fax, postal address, e- Publications, the submitted algorithm
advantages, NIST may consider mail address). must define a compatibility construct
recommending more than one family for with the same input and output
2.B Algorithm Specifications and parameters as the SHA hash functions
inclusion in the revised Secure Hash Supporting Documentation
Standard. such that it can replace the existing
2.B.1 A complete written SHA functions in current applications
2. Requirements for Candidate specification of the algorithm shall be without any loss of security. The
Algorithm Submission Packages included, consisting of all necessary replacement of all SHA functions in any
Candidate algorithm nomination mathematical operations, equations, standardized application by this
packages must be received by October tables, diagrams, and parameters that compatibility construct shall require no
31, 2008. Submission packages received are needed to implement the algorithm. additional modification of the standard
before August 31, 2008 will be reviewed The document shall include design application beyond the alteration of any
for completeness by NIST; the rationale (e.g., the rationale for choosing algorithm specific parameters already
submitters will be notified of any the specific number of rounds for present in the standard, such as
pwalker on PROD1PC71 with NOTICES
deficiencies by September 30, 2008, computing the hashes) and an algorithm name and message block
allowing time for deficient packages to explanation for all the important design length. Submissions may optionally
be amended by the submission decisions that are made. It should also define other variants, constructs, or
deadline. No amendments to packages include 1) any security argument that is iterated structures for specific useful
will be permitted after the submission applicable, such as a security reduction applications.
VerDate Aug2005 15:58 Nov 01, 2007 Jkt 214001 PO 00000 Frm 00010 Fmt 4703 Sfmt 4703 E:\FR\FM\02NON1.SGM 02NON1
62214 Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices
It should be noted that standards digest, etc.), and shall be in the exact 2.B.6 A statement that lists and
which refer to a block length are format specified by NIST at http:// describes the advantages and limitations
generally designed with the Merkle- www.nist.gov/hash-competition. of the algorithm shall be included. Such
Damgard model in mind, and a number a. All applicable KATs shall be advantages and limitations may address
of applications make additional included that can be used to exercise the ability to:
assumptions--for example HMAC various features of the algorithm. A set a. Implement the algorithm in various
implicitly assumes that the message of KATs shall be included for each environments, including--but not
block length is larger than the message message digest size specified in section limited to: 8-bit processors (e.g.,
digest size. This is not to say that NIST 3. Required KATs include: smartcards), voice applications, satellite
requires the candidate algorithm to i. If the candidate algorithm calculates applications, or other environments
satisfy these assumptions, but in cases intermediate values (e.g., internal where low power, constrained memory,
where the appropriate choice for a rounds) for a message digest or limited real-estate are factors. To
parameter such as message block length computation, then the submitter shall demonstrate the efficiency of a
is not obvious, the submission package include known answers for those hardware implementation of the
must specify a value that will preserve intermediate values for a 1-block and a algorithm, the submitter may include a
the security properties and functionality 2-block message digest computation for specification of the algorithm in a
of any of the current standard each of the required message digest nonproprietary Hardware Description
applications. sizes. Examples of providing such Language (HDL).
2.B.2 A statement of the algorithm's intermediate values for the SHA family b. Use the algorithm with message
estimated computational efficiency and of hash functions are available at: digest sizes other than those specified in
memory requirements in hardware and http://www.nist.gov/ section 3.
software across a variety of platforms CryptoToolkitExamples. If the submitter believes that the
shall be included. At a minimum, the ii. If tables are used in the algorithm, algorithm has certain features that are
submitter shall state efficiency estimates then a set of KAT vectors shall be deemed advantageous, then these
for the ``NIST SHA3 Reference included to exercise every table entry. should be listed and described, along
Platform'' (specified in section 6.B) and Note: The submitter is encouraged to with supporting rationale. Some
for 8-bit processors. (Efficiency include any other KATs that exercise examples of these features might
estimates for other platforms may be different features of the algorithm (e.g., for include, for example: Mathematically
permutation tables, etc.). The purposes of (rather than empirically) designed
included at the submitters' discretion.)
these tests shall be clearly described in the tables, statistical basis for inter-round
These estimates shall each include the file containing the test values.
following information, at a minimum: mixing, etc.
a. Description of the platform used to b. Four MCTs, to be specified at the
web site indicated below, shall be 2.C Optical Media
generate the estimate, in sufficient detail
so that the estimates could be verified included, with message and message All electronic data shall be provided
in the public evaluation process (e.g., digest values, for each of the message on a single CD-ROM or DVD labeled
for software running on a PC, include digest sizes specified in section 3. with the submitter's name, and the
information about the processor, clock A link to a description of the required algorithm name.
speed, memory, operating system, etc.). tests will be available at http://
2.C.1 Reference Implementation
For hardware estimates, a gate count (or www.nist.gov/hash-competition.
Required submission data for the MCTs A reference implementation shall be
estimated gate count) should be
will also be found at that location. submitted in order to promote the
included.
b. Speed estimate for the algorithm on 2.B.4 A statement of the expected understanding of how the candidate
the platform specified in section 6.B. At strength (i.e., work factor) of the algorithm may be implemented. This
a minimum, the number of clock cycles algorithm shall be included, along with implementation shall consist of source
required to: any supporting rationale, for each of the code written in ANSI C; appropriate
1. Generate one message digest, and security requirements specified in comments should be included in the
2. Set up the algorithm (e.g., build sections 4.A.ii and 4.A.iii, and for each code, and the code should clearly map
internal tables) shall be specified for message digest size specified in section to the algorithm description included
each message digest size required in the 3. under section 2.B.1. Since this
Minimum Acceptability Requirements 2.B.5 An analysis of the algorithm implementation is intended for
section (section 3) of this with respect to known attacks (e.g., reference purposes, clarity in
announcement. differential cryptanalysis) and their programming is more important than
c. Any available information on results shall be included. efficiency.
tradeoffs between speed and memory. To prevent the existence of possible The reference implementation shall
2.B.3 A series of Known Answer ``trap-doors'' in an algorithm, the be capable of fully demonstrating the
Tests (KATs) and Monte Carlo Tests submitter shall explain the provenance operation of the candidate algorithm.
(MCTs) shall be included as specified of any constants or tables used in the The reference implementation shall
below. All of these KAT and MCT algorithm, with justification of why support all message digest sizes
values shall be submitted electronically, these were not chosen to make some specified in section 3. Additionally, it
in separate files, on a CDROM or DVD attack easier. must support all other message digest
as described in section 2.C.3. Each file The submitter shall provide a list of sizes that are claimed to be supported
shall be clearly labeled with header known references to any published by the algorithm.
information listing: materials describing or analyzing the NIST will specify a set of
1. Algorithm name, security of the submitted algorithm. The cryptographic service calls, namely a
pwalker on PROD1PC71 with NOTICES
2. Test name, submission of copies of these materials cryptographic API, for the ANSI C
3. Description of the test, and (accompanied by a waiver of copyright implementations, which will be made
4. Message digest size being tested. or permission from the copyright holder available at http://www.nist.gov/hash-
All values within the file shall be for the SHA3 public evaluation competition. All ANSI C submissions
clearly labeled (e.g., message, message purposes) is encouraged. shall implement that API so that the
VerDate Aug2005 15:58 Nov 01, 2007 Jkt 214001 PO 00000 Frm 00011 Fmt 4703 Sfmt 4703 E:\FR\FM\02NON1.SGM 02NON1
Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices 62215
NIST test system can be compatible descriptions of the required tests, as these available within three months
with all the submissions. well as a list of the values that must be after publication of this notice.
Separate source code for provided.
2.D Intellectual Property Statements/
implementing the required KATs with The required format for the test
Agreements/Disclosures
the reference implementation shall also vectors will be specified by NIST at
be included. This code shall be able to http://www.nist.gov/hash-competition. Each submitted algorithm must be
process input specified in the format The test values shall be provided in available worldwide on a royalty free
indicated by NIST (on the web site as a directory labeled: \KAT_MCT. basis during the period of the hash
referred to under section 2.B.3) and run function competition. In order to ensure
2.C.4 Supporting Documentation this and minimize any intellectual
the required tests.
The reference implementation shall To facilitate the electronic property issues, the following series of
be provided in a directory labeled: distribution of submissions to all signed statements are required for a
\Reference Implementation. interested parties, copies of all written submission to be considered complete:
materials must also be submitted in Statement by the Submitter, Statement
2.C.2 Optimized Implementations electronic form in PDF. Submitters are by Patent (and Patent Application)
Two optimized implementations of encouraged to use the thumbnail and Owner(s) (if applicable), and Statement
the candidate algorithm shall be bookmark features, to have a clickable by Reference/Optimized
submitted--one implementation that is table of contents (if applicable), and to Implementations' Owner(s). Note for the
optimized for a 32-bit platform, and include other links within the PDF as last two statements, separate statements
another for a 64-bit platform. The appropriate. must be completed if multiple
optimized implementations shall be This electronic version of the individuals are involved.
specified in the ANSI C programming supporting documentation shall be 2.D.1 Statement by the Submitter
language. These implementations will provided in a directory labeled:
I, llll (print submitter's full
be evaluated on 32- and 64-bit \Supporting Documentation.
name) do hereby declare that, to the
platforms.
2.C.5 General Requirements for best of my knowledge, the practice of
General Requirements for Both
Optical Media the algorithm, reference
Optimized Implementations:
implementation, and optimized
· Both of the optimized For the portions of the submissions
that may be provided electronically, the implementations that I have submitted,
implementations shall support the
information shall be provided on a known as llll (print name of
message digest sizes specified in section
single CD-ROM or DVD using the ISO algorithm), may be covered by the
3.
following U.S. and/or foreign patents:
· Separate source code for 9660 format. This disc shall have the
following structure: llll (describe and enumerate or
implementing the required KATs and
· \README. state ``none'' if appropriate).
MCTs with the optimized I do hereby declare that I am aware
implementations shall also be included. · \Reference Implementation.
of no patent applications that may cover
This code shall be able to process the · \Optimized_32 bit.
the practice of my submitted algorithm,
input specified in the format indicated · \Optimized_64 bit.
reference implementation or optimized
by NIST (on the Web site as referred to · \KAT_MCT.
implementations.--OR--I do hereby
under section 2.B.3) and run the · \Supporting Documentation.
declare that the following pending
required tests. The ``README'' file shall list all files patent applications may cover the
· The submitter shall provide the that are included on this disc with a practice of my submitted algorithm,
optimized implementations in two brief description of each. reference implementation or optimized
separate directories labeled: All optical media presented to NIST implementations:llll (describe and
Æ \Optimized_32 bit must be free of viruses or other enumerate).
Æ \Optimized_64 bit malicious code. The submitted media I do hereby understand that my
respectively. will be scanned for the presence of such submitted algorithm may not be selected
· Additionally, submitters may, at code. If malicious code is found, NIST for inclusion in the Secure Hash
their discretion, submit revised will notify the submitter and ask that a Standard. I also understand and agree
optimized implementations (for both the clean version of the optical media be re- that after the close of the submission
32- and 64-bit implementations) for use submitted. period, my submission may not be
in the Round 2 evaluation process, NIST will define a set of withdrawn from public consideration
allowing additional time for cryptographic service calls for the ANSI for SHA3. I further understand that I
improvements. These must be received C implementations. These calls will be will not receive financial compensation
prior to the beginning of the Round 2 used by the NIST test software to make from the U.S. Government for my
evaluation; submitters will be notified appropriate calls to the optimized and submission. I certify that, to the best of
of the specific deadline, as appropriate. reference implementations, so that the my knowledge, I have fully disclosed all
Note that the optimized test software does not have to be patents and patent applications relating
implementations on file with NIST at rewritten for each submitted algorithm. to my algorithm. I also understand that
the close of the initial submission Therefore, both the optimized and the U.S. Government may, during the
period will be the ones used by NIST in reference implementations are required course of the lifetime of the SHS or
the Round 1 evaluation. to conform to these specific calls. The during the FIPS public review process,
implementations shall be supplied in modify the algorithm's specifications
2.C.3 Test Values--Known Answer source code so that NIST can compile (e.g., to protect against a newly
pwalker on PROD1PC71 with NOTICES
Tests and Monte Carlo Tests and link them appropriately with the discovered vulnerability). Should my
The files on the CDROM or DVD test software. The two selected sets of submission be selected for SHA3, I
shall contain all of the test values required calls will be available at the hereby agree not to place any
required under section 2.B.3 of this following location: http://www.nist.gov/ restrictions on the use of the algorithm,
announcement. That section includes hash-competition. NIST intends to make intending it to be available on a
VerDate Aug2005 15:58 Nov 01, 2007 Jkt 214001 PO 00000 Frm 00012 Fmt 4703 Sfmt 4703 E:\FR\FM\02NON1.SGM 02NON1
62216 Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices
worldwide, non-exclusive, royalty-free to verify the availability of the candidate hash algorithm shall meet the
basis. submission on a royalty free basis following minimum acceptability
I do hereby agree to provide the worldwide. requirements:
statements required by Sections 2.D.2 1. The algorithm shall be publicly
and 2.D.3, below, for any patent or 2.D.3 Statement by Reference/
Optimized Implementations' Owner(s) disclosed and available worldwide
patent application identified to cover without royalties or any intellectual
the practice of my algorithm, reference The following must also be included: property restrictions.
implementation or optimized I,llll(print full name), am the 2. The algorithm shall be
implementations and the right to use owner of the submitted reference implementable in a wide range of
such implementations for the purposes implementation and optimized hardware and software platforms.
of the SHA3 evaluation process. implementations and hereby grant the
3. The candidate algorithm shall be
I understand that NIST will announce U.S. Government and any interested
capable of supporting message digest
the selected algorithm(s) and proceed to party the right to use such
sizes of 224, 256, 384, and 512 bits, and
publish the draft FIPS for public implementations for the purposes of the
shall support a maximum message
comment. If my algorithm (or the SHA3 evaluation process,
derived algorithm) is not selected for length of at least 2641 bits. Submitted
notwithstanding that the
SHA3 (including those that are not algorithms may support other message
implementations may be copyrighted.
selected for the second round of public digest sizes and maximum message
Signed: lengths, and such features will be taken
evaluation), I understand that all rights, Title:
including use rights of the reference and into consideration during the analysis
Dated:
optimized implementations, revert back and evaluation period.
Place:
to the submitter (and other owner[s], as (End of minimum acceptability
appropriate). Additionally, should the 2.E General Submission Requirements requirements).
U.S. Government not select my NIST welcomes both domestic and
A candidate algorithm submission
algorithm for SHA3 at the time NIST international submissions; however, in
package that is complete (as defined
ends the competition, all rights revert to order to facilitate analysis and
above) and whose algorithm meets the
the submitter (and other owner[s] as evaluation, it is required that the
minimum acceptability requirements (as
appropriate). submission packages be in English. This
defined immediately above) will be
Signed: requirement includes the cover sheet,
deemed to be a ``complete and proper''
Title: algorithm specification and supporting
submission. A submission that is
Dated: documentation, source code, and
Place: deemed otherwise at the close of the
intellectual property information. Any
submission period will receive no
2.D.2 Statement by Patent (and Patent required information that is submitted
further consideration