The National Institute of Standards and Technology today announced a public competition to pick a new cryptographic hash algorithm that would become the new federal information processing standard. This evaluation process is expected to run a minimum of three years.

In its essence, a cryptographic hash algorithm is a highly complex math formula that can be used to create digital signatures and authenticate data to ensure it hasn’t been tampered with. The current NIST federal hash standards include variations of the Secure Hash Algorithm, SHA-1, SHA-2, SHA-256, SHA-384 and SHA-512. But because cryptographic researchers have reported serious attacks against these algorithms, NIST has decided to start what’s expected to be a long process to find a new hash standard by eliciting public comment and submissions.

NIST successfully carried out this type of evaluation process several years ago to find the replacement for the older Digital Encryption Standard, which after a lively global competition, ended with the selection of the now widely used Advanced Encryption Standard, today a federal government standard. At that time, peer review by crypto experts of the published AES played a strong role in determining the future federal standard for non-classified encryption. NIST is hoping for similar success as it opens the hunt for a new hash algorithm.

“As a first step in this process, NIST is looking for comments on its recently published draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate algorithms,” stated NIST spokeswoman Jan Kosko, noting that this information has been published at the NIST site.

According to a statement in the Federal Register, the government’s official book of record, NIST today stated it is looking for “unclassified, publicly disclosed” algorithms that would be “royalty-free” and “capable of protecting sensitive government information well into the foreseeable future.”

The tentative schedule mapped out by NIST for receiving and evaluating technical proposals commences with the plan to present the “draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate hash functions” during the RSA Conference in San Francisco and at other conferences later.