ࡱ>  +;bjbj?H?H .]"c]"c3'     8WYo^"x4XXXXXXX$[u^X X  Xd  XXLOS X6O!,jP,XX0YP _ _XSSL _ ThXX\^Y _ : Hash Candidate Submission Checklist Submission ID: [SJ will fill in, most likely based on the submission sequence] Name of submitted algorithm: [SJ will fill in] Principal submitters name: [SJ will fill in] Name(s) of auxiliary submitter(s): [SJ will fill in] Date submission received: [SJ will fill in] Date submission evaluated: Technical Evaluation Team: [SJ will fill in] Optical Media Evaluation Team: [SJ will fill in] Cover Sheet & IP Statements Evaluation Team: [SJ will fill in] Evaluators initial: [Circle your name above and initial] Submission complete and proper? [SJ will fill in at the completion of all evaluations] Hash Candidate Submission Checklist ____ Cover Sheet (separate checklist to follow) ____  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html" Algorithm Specifications and Supporting Documentation (separate checklist to follow) ____ Implementable in hardware and software ____ Support message digest sizes of 224, 256, 384, and 512 bits ____ Support maximum message length of at least 264-1 bits ____ Statement about Estimated Computational Efficiency and Memory Requirements in hardware and software across a variety of platforms (separate checklist to follow) ____ Known Answer Tests and Monte Carlo Tests (separate checklist to follow) ____ Statement of expected strength (i.e., work factor) of the algorithm, along with any supporting rationale (separate checklist to follow) ____ Cryptanalysis with respect to known attacks and their results ____ Provide cryptanalysis on any known attacks and their results ____ Explain the provenance of any constants or tables used, and with justification ____ Provide references to any published materials describing or analyzing the security of the submitted algorithm ____ Provide copies of references, as well as applicable copyright release [encouraged] ____ Statement on the advantages and limitations of the algorithm, with supporting rationale ____  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html" Optical Media (separate detailed checklist to follow) ____ Reference Implementation in ANSI C ____ Optimized Implementations in ANSI C ____ Known Answer Tests ____ Monte Carlo Tests ____ Supporting Documentation ____ Additional Implementation (optional) ____  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/intell_prop.html" Intellectual Property Statements / Agreements / Disclosures ____ Statement by the Submitter ____ Statement by Patent (and Patent Application) Owner(s) (if applicable) ____ Statement by Reference/Optimized Implementations' Owner(s). Note for the last two statements, separate statements must be completed if multiple individuals are involved. ____ Submission package in English [Optional supporting materials in another language is acceptable] ____ Cover Sheet containing ____ Name of the submitted algorithm ____ Principal submitters name, e-mail address, telephone, fax, organization, and postal address ____ Name(s) of auxiliary submitter(s) ____ Name of the algorithm inventor(s)/developer(s) ____ Name of the owner, if any, of the algorithm (Normally expected to be the same as the submitter) ____ Signature of the submitter ____ (optional) Backup point of contact (with telephone, fax, postal address, e-mail address) ____  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html" Algorithm Specifications and Supporting Documentation *Note to reviewer: When checking the submissions for completeness, just check if the submitters have attempted to address the NIST-specified issues, at a minimum, and include the required documents and implementations. We dont need to evaluate whether the security properties have been met or anything else that would take a lot of thought at this stage. A complete written specification of the algorithm consisting of all necessary mathematical operations, equations, tables, diagrams, and parameters that are needed to implement the algorithm. Must include: Design rationale Explanation of design decisions Should include: Security arguments A preliminary analysis on attack scenarios such as: collision-finding first-preimage-finding second-preimage-finding length-extension attack multicollision attack, or any cryptographic attacks that have been considered. May include: A tunable security parameter If provided, the submission document must specify a recommended value for each digest size specified in Section 3, with justification. The submission should also provide any bounds that the designer feels are appropriate for the parameter, including a bound below which the submitter expects cryptanalysis to become practical. Submissions that do not include such a parameter should include a weakened version of the submitted algorithm for analysis, if at all possible. Must support and preserve the security properties and functionality of any of the current standard applications. ____ Statement about Estimated Computational Efficiency and Memory Requirements in hardware and software across a variety of platforms ____ Estimates (memory requirements and speed) on NIST Reference Platform (32 bit) Platform/processor used: Clock speed: Memory: Operating system: Gate count or estimated gate count (for hardware estimates) (For 224-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 256-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 384-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 512-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) Any available information on tradeoffs between speed and memory ____ Estimates on NIST Reference Platform (64-bit) Platform/processor used: Clock speed: Memory: Operating system: Gate count or estimated gate count (for hardware estimates) (For 224-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 256-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 384-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 512-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) Any available information on tradeoffs between speed and memory ____ Estimates on 8-bit processors Platform/processor used: Clock speed: Memory: Operating system: Gate count or estimated gate count (for hardware estimates) (For 224-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 256-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 384-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) (For 512-bit message digest) Number of clock cycles required to: generate one message digest, and set up the algorithm (e.g., build internal tables) Any available information on tradeoffs between speed and memory ____  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html" Optical Media ____ Reference Implementation in ANSI C with comments ____ Support message digest sizes of 224, 256, 384, and 512 bits ____ Support maximum message length of at least 264-1 bits ____ Support other message digest sizes (optional), if yes, what sizes? ______________________________________ ____ Support the NIST test API ____ Separate source code included for required KATs ____ Separate source code included for required MCTs ____ Optimized Implementations in ANSI C with comments ____ Optimized Implementation for a 32-bit platform ____ Optimized Implementation for a 64-bit platform ____ Support message digest sizes of 224, 256, 384, and 512 bits ____ Support maximum message length of at least 264-1 bits ____ Support the NIST test API ____ Separate source code for required KATs with the optimized implementation ____ Separate source code for required MCTs with the optimized implementation ____ Known Answer Tests ____ KATs for 224-bit message digest ____ Short Message Test as provided by NIST ____ Long Message Test as provided by NIST ____ Extremely Long Message Test as provided by NIST ____ KATs for 256-bit message digest ____ Short Message Test ____ Long Message Test ____ Extremely Long Message Test ____ KATs for 384-bit message digest ____ Short Message Test ____ Long Message Test ____ Extremely Long Message Test ____ KATs for 512-bit message digest ____ Short Message Test ____ Long Message Test ____ Extremely Long Message Test ____ Monte Carlo Tests ____ MCT for 224-bit hash ____ MCT for 256-bit hash ____ MCT for 384-bit hash ____ MCT for 512-bit hash ____ Supporting Documentation ____ copies of all written materials in PDF ____ Additional Implementation (optional) ____ Directories on the Optical Media \README \Reference Implementation \Optimized_32 bit \Optimized_64 bit \KAT_MCT \Supporting Documentation \Additional Implementation (optional) ____ Statement of expected strength (i.e., work factor) of the algorithm along with any supporting rationale, for ____ each of the security requirements specified in Sections 4.A.ii and 4.A.iii (see below), and for ____ each message digest size (224, 256, 384, 512) *Note to reviewer: When checking the submissions for completeness, just check if the submitters have attempted to address the NIST-specified issues, at a minimum, and include the required documents and implementations. We dont need to evaluate whether the security properties have been met or anything else that would take a lot of thought at this stage. Sections 4.A.ii and 4.A.iii are provided below for your quick reference; no attempt was made to rephrase or simplify these requirements. --------------------------------------------------------------------------------------------------------------- Specific requirements to support HMAC, Pseudo Random Functions (PRFs), and Randomized Hashing: NIST requires that the selected SHA-3 support HMAC, PRFs, and randomized hashing. Each candidate algorithm must have at least one construction to support HMAC as a PRF; it may have additional constructions for other, non-HMAC based PRFs, or for use in a randomized hashing scheme. The following criteria will be used to evaluate each candidate algorithm of message digest size n in such constructions. When the candidate algorithm is used with HMAC to construct a PRF as specified in the submitted package, that PRF must resist any distinguishing attack that requires much fewer than 2n/2 queries and significantly less computation than a preimage attack. Any additional PRF constructions specified for use with the candidate algorithm must provide the security that is claimed in the submission document. If a construct is specified for the use of the candidate algorithm in a randomized hashing scheme, the construct must, with overwhelming probability, provide n bits of security against the following attack: The attacker chooses a message, M1. The specified construct is then used on M1 with a randomization value r1 that has been randomly chosen without the attackers control after the attacker has supplied M1. Given r1, the attacker then attempts to find a second message M2 and randomization value r2 that yield the same randomized hash value. Additional security requirements Collision resistance of approximately n/2 bits, Preimage resistance of approximately n bits, Second-preimage resistance of approximately n-k bits for any message shorter than 2k bits, Resistance to length-extension attacks, and Any m-bit hash function specified by taking a fixed subset of the candidate function's output bits is expected to meet the above requirements with m replacing n. (Note that an attacker can choose the m-bit subset specifically to allow a limited number of precomputed message digests to collide, but once the subset has been chosen, finding additional violations of the above properties is expected to be as hard as described above.) Increasing second preimage resistance and resistance against other attacks, such as multicollision attacks, will be viewed positively by NIST; however, this could also have performance implications. Submitters should be prepared to argue for their overall security/performance trade-offs.     PAGE  PAGE 2 $rs   0 1 M g y z   % & ' ( G X ƷƷƷƷƝ||qfq[h}zhu *CJaJh}zh-HCJaJh}zhUCJaJh}zh9CJaJh}zhhXCJaJh}zhipCJaJh}zh(E]CJaJh}zhipCJaJnHtHh}zh4'CJaJnHtHh}zhhXCJaJnHtHh}zhQ4CJaJnHtHh}zhNCJaJnHtHh}zhip5CJaJ $s 1 L M z { ' (  dd[$\$gd[gdhXdd[$\$^`gdip dd[$\$gdip$a$gdipX } ~  < = r s ȼq\qCCCq\q1jh}zhNCJPJUaJmH nHsH tH(h}zhh?CJPJaJmH nHsH tH(h}zhf CJPJaJmH nHsH tH(h}zhNCJPJaJmH nHsH tH(h}zhW CJPJaJmH nHsH tHh}zhhX5CJaJh}zhip5CJaJh}zh4'CJaJh}zhu *CJaJnHtHh}zh4'CJaJnHtHh}zh-HCJaJnHtH 1 3 : ; # , . 3 v w ˿֪k\M\>h}zhtNCJaJnHtHh}zhcd.CJaJnHtHh}zhuCJaJnHtH(h}zhuCJPJaJmH nHsH tH(h}zhh?CJPJaJmH nHsH tH(h}zh4CJPJaJmH nHsH tH(h}zh`oCJPJaJmH nHsH tHh}zhjUCJH*aJh}zhjUCJaJ(h}zhjUCJPJaJmH nHsH tH(h}zhCJPJaJmH nHsH tH ; . @A  c{ ^`gd@ ^`gdq ^`gdY0 ^`gdS dd[$\$gdx\dd[$\$^`gdu dd[$\$gd`odd[$\$^`gd`odd[$\$`gdjU -?@F  ;}r}eVGV8h}zhqCJaJnHtHh}zh@CJaJnHtHh}zhj(CJaJnHtHh}zhqCJPJaJh}zhx\CJaJh}zhY0CJaJh}zhcd.CJPJaJh}zhY0CJPJaJh}zhSCJPJaJh}zhrqUCJaJnHtHh}zhx\CJaJnHtH(h}zhx\CJPJaJmH nHsH tHh}zhtNCJaJnHtHh}zhh?CJaJnHtH ",-.VWbh*+89DƱ~ePePe;(h}zhJuCJPJaJmH nHsH tH(h}zhNCJPJaJmH nHsH tH1jh}zhNCJPJUaJmH nHsH tH(h}zhW CJPJaJmH nHsH tHh}zh1"VCJaJnHtHh}zhL jCJaJnHtH(h}zhL jCJPJaJmH nHsH tHh}zh=tCJaJnHtHh}zhcd.CJaJnHtHh}zhqCJaJnHtHh}zhqCJPJaJcb*;|xxdd@&[$\$`gd/^gd/ dd[$\$gdW dd[$\$`gd[dd@&[$\$`gd dd[$\$`gd dd[$\$^gd:@ dd[$\$gdJudd[$\$^`gd1"V DMV`b*ueuUCe.(h}zh[CJPJaJmH nHsH tH"h}zh[5CJ\aJnHtHh}zhNCJ\aJnHtHh}zh[CJ\aJnHtHh}zh CJ\aJnHtH"h}zh 5CJ\aJnHtH(h}zhR/CJPJaJmH nHsH tH(h}zh;BCJPJaJmH nHsH tH(h}zh CJPJaJmH nHsH tH(h}zhJuCJPJaJmH nHsH tH(h}zhBoCJPJaJmH nHsH tH*/0;@ NPRҽҽҽkVFh}zh/CJ\aJnHtH(h}zh cCCJPJaJmH nHsH tH(h}zh0 CJPJaJmH nHsH tH(h}zh3uCJPJaJmH nHsH tHh}zh3uCJaJh}zh/CJaJ"h}zh/5CJ\aJnHtH(h}zhNCJPJaJmH nHsH tH1jh}zhNCJPJUaJmH nHsH tH(h}zhW CJPJaJmH nHsH tH|OPRoT7;^gd(o dd[$\$gd(o8dd[$\$^8`gddd[$\$^gd dd@&[$\$gd/ dd[$\$gd3udd[$\$^`gd cCdd@&[$\$^gd/RXdnot$TYį|m^^I(h}zhq"CJPJaJmH nHsH tHh}zh|l_CJaJnHtHh}zh 5rCJaJnHtHh}zhJ&CJaJnHtH(h}zhJ&CJPJaJmH nHsH tHh}zhkCJaJnHtH(h}zhkCJPJaJmH nHsH tHh}zhkCJ\aJnHtHh}zhkCJaJh}zhk5CJaJ(h}zhCJPJaJmH nHsH tH-.78=>:; &Ӿwp[PDP8h}zh(oCJ\aJh}zh(o5CJaJh}zh(oCJaJ(h}zh|}zCJPJaJmH nHsH tH h}zh|}z+h}zhP5CJPJaJmH nHsH tH+h}zh(o5CJPJaJmH nHsH tH4jh}zh(o5CJPJUaJmH nHsH tH(h}zh(oCJPJaJmH nHsH tHh}zh(oCJaJnHtHh}zh|l_CJaJnHtHh}zhq"CJaJnHtH ;<L_;<Ifg^gd(o8^8gd(o^gd(o8^8gd(op^pgd(o & F ^gdlI & F ^gdlI^gd(o&)9<JLM]^<?GJeg!34U?@Aܺܪvvvvvvvvvvdd"h}zh(o5CJ\aJnHtH"h}zh(oh.&CJaJnHtHh}zh(oCJaJnHtH%h}zh(oh.&5CJaJnHtHh}zh(o5CJaJnHtHh}zhCJaJh}zhCJaJh}zh(o5CJaJh}zh(oCJaJh}zh(oCJ\aJh}zhCJ\aJ%@A:Vw^gdf` & F pp^pgdlI 8h^8`hgdf` h^hgdf`dd[$\$^`gdf`dd[$\$^`gdf`^gd(o^gd(o9:#'#(#)#1# & &J&K&P&ưܣܔtܔeP(h}zh$9CJPJaJmH nHsH tHh}zh0CJaJnHtH(h}zh.}CJPJaJmH nHsH tHh}zhf`CJaJh}zhf`CJaJmH sH h}zhf`CJPJaJ+h}zhFO5CJPJaJmH nHsH tH+h}zhf`5CJPJaJmH nHsH tH(h}zhf`CJPJaJmH nHsH tHh}zhf`CJaJnHtHAB<op  + i j h^hgdf`dd[$\$`gdf` & Fgdf` & Fgdf`^gdf` & Fgdf` 8h^8`hgdf`j !!C!d!!!!!."/"q""""#)#dd[$\$`gdf` & F gdf` & F gdf`^gdf` & Fgdf`^gdf` & Fgdf` 8h^8`hgdf`)#B#Q#[#o####$D$E$$$$$%?%r%s%% & F gdf`^gdf` & F gdf`^gdf` & F gdf` 8h^8`hgdf` h^hgdf` ^gdf`%% & &J&&&<'w'''(:(o((}dd[$\$`gd0dd[$\$^`gd}&dd[$\$^`gd0dd[$\$^`gd0dd[$\$^gd$9 dd[$\$gd$9^gdf`^gdf` & Fgdf`P&Q&&&&&&&&&I'm'o'v'(o(t((()\))庥ϏxcϏNCh}zh"MCJaJ(h}zh"MCJPJaJmH nHsH tH(h}zh}&CJPJaJmH nHsH tHh}zh0CJH*aJh}zh0CJaJ+h}zh*5CJPJaJmH nHsH tH(h}zh0CJPJaJmH nHsH tH(h}zh$9CJPJaJmH nHsH tH+h}zh05CJPJaJmH nHsH tH4jh}zh05CJPJUaJmH nHsH tH(()O))))E*]****+3+dd[$\$^`gdO8Gdd@&[$\$`gd0dd[$\$^`gdr?dd[$\$^`gd}&dd[$\$^`gd"Mdd[$\$^`gd0 )))))))"*E*\*]*b*******ӾrgR@.@R#h}zh"&RCJPJ\aJnHtH#h}zhO8GCJPJ\aJnHtH(h}zhO8GCJPJaJmH nHsH tHh}zh0CJaJh}zh0CJ\aJnHtH"h}zh05CJ\aJnHtH(h}zhr?CJPJaJmH nHsH tH(h}zh0CJPJaJmH nHsH tH(h}zh}&CJPJaJmH nHsH tH(h}zh"MCJPJaJmH nHsH tHh}zh"MCJaJh}zh"MCJH*aJ****** +++2+3+8+K+P+b+g++++++++++++++,#,6,;,M,R,m,n,g.h}zhzqThQCJPJaJmH nHsH tH#h}zhzqTCJPJ\aJnHtH(h}zhzqTCJPJaJmH nHsH tHh}zh0CJaJ(h}zh0CJPJaJmH nHsH tH(h}zhO8GCJPJaJmH nHsH tH#h}zh"&RCJPJ\aJnHtH#h}zhO8GCJPJ\aJnHtH$3+K+b++++++,6,M,n,,,,,,dd@&[$\$^`gdmdd@&[$\$^`gd0dd@&[$\$`gd0dd[$\$^`gd0dd[$\$^`gdzqTn,s,,,,,,,, - --0-6-7-<-`-f---ȳȳueO9+h}zh{(5CJPJaJmH nHsH tH+h}zh05CJPJaJmH nHsH tHh}zh{(CJ\aJnHtHh}zh{(\]nHtHh}zh{(]nHtH"h}zh{(5CJ\aJnHtH"h}zhm5CJ\aJnHtH(h}zhmCJPJaJmH nHsH tH(h}zh0CJPJaJmH nHsH tH"h}zh05CJ\aJnHtHh}zh0CJ\aJnHtH, -7-a--------...!/dd[$\$^gddd[$\$^`gddd[$\$^`gd & FgdZg & Fgd{(dd[$\$`gd0dd@&[$\$^`gd{(dd@&[$\$`gdm---............!/"/5/e/p]N81 h}zhP+h}zhP5CJPJaJmH nHsH tHh}zhPCJaJnHtH%h}zh5CJ\]aJnHtHh}zh aCJaJnHtHh}zhCJPJaJh}zhCJaJnHtHh}zh5CJaJnHtH(h}zhCJPJaJmH nHsH tHh}zhZgnHtH(h}zhZgCJPJaJmH nHsH tH(h}zhYL5CJPJaJmH nHsH tHh}zh{(nHtH!/"/5/0111r3p45*7K7}}}q & FL`LgdlI & F dd[$\$^gdlIdd[$\$^gdP$ & F h0dd[$\$^`0gdlI & Fdd[$\$gdP & Fdd[$\$gdBhdd[$\$^hgdPdd[$\$^gd e/0a00001111111X3Y3)4*4-4o4555555!6"6#6?6@6A66666666666666+7λλ~~~~~v~~h}zhmHH*h}zhmH6H*h}zhmHH*h}zhmH6H*h}zhmH6 h}zhP$h}zhmHnHtH h}zhmH$h}zhPCJaJmH nHsH tHh}zhPCJaJnHtH(h}zhPCJPJaJmH nHsH tH h}zhP h}zhB,+7J7K7q7r777777778+838488888888899;;;;;; ; ; ; ;;;;;;;;;;#;$;%;&;';);*;+;»h}z0JmHnHu hg.0Jjhg.0JUhg.hrhg.CJaJhFjhFU h}zh h}zhh}zhmH6h}zhmH6H*h}zhmH6nHtHh}zhmHnHtH h}zhmH h}zh_f4K7{778/899;;;;; ; ; ;;;;;;;;'; &`#$gdp$a$gdr^gd^gdV! & Fgd & Fdd[$\$gd';(;);*;+;^gd,1h/ =!"#$% v2&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@666PJ_HmH nH sH tH D`D /mnNormalCJPJ_HaJmH sH tH DA`D Default Paragraph FontRiR  Table Normal4 l4a (k (No List 66 ZTOC 3 5CJaJ4U 4 N Hyperlink >*ph@@@  Comment Text PJnHtHH"H D Balloon TextCJOJQJ^JaJ4@24 rHeader  !4 @B4 rFooter  !.)@Q. p Page NumberPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VGRU1a$N% ʣꂣKЛjVkUDRKQj/dR*SxMPsʧJ5$4vq^WCʽ D{>̳`3REB=꽻Ut Qy@֐\.X7<:+& 0h @>nƭBVqu ѡ{5kP?O&Cנ Aw0kPo۵(h[5($=CVs]mY2zw`nKDC]j%KXK 'P@$I=Y%C%gx'$!V(ekڤք'Qt!x7xbJ7 o߼W_y|nʒ;Fido/_1z/L?>o_;9:33`=—S,FĔ觑@)R8elmEv|!ո/,Ә%qh|'1:`ij.̳u'k CZ^WcK0'E8S߱sˮdΙ`K}A"NșM1I/AeހQתGF@A~eh-QR9C 5 ~d"9 0exp<^!͸~J7䒜t L䈝c\)Ic8E&]Sf~@Aw?'r3Ȱ&2@7k}̬naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n| .qc:?7/N<Z*`]u-]e|aѸ¾|mH{m3CԚ .ÕnAr)[;-ݑ$$`:Ʊ>NVl%kv:Ns _OuCX=mO4m's߸d|0n;pt2e}:zOrgI( 'B='8\L`"Ǚ 4F+8JI$rՑVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)sֻڙӇiE4(=U\.O. +x"aMB[F7x"ytѫиK-zz>F>75eo5C9Z%c7ܼ%6M2ˊ 9B" N "1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lוDA=eX)Ly5ot e㈮bW3gp : j$/g*QjZTa!e9#i5*j5ö fE`514g{7vnO(^ ,j~V9;kvv"adV݊oTAn7jah+y^@ARhW.GMuO "/e5[s󿬅`Z'WfPt~f}kA'0z|>ܙ|Uw{@՘tAm'`4T֠2j ۣhvWwA9 ZNU+Awvhv36V`^PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] +39 &&&)X D*R&P&)*n,-e/+7+; !#$&')*,.3568:<= c|j )#%(3+,!/K7';+;"%(+-/012479;>?<r*8/ = P+3XXXXX ")!!8@0(  B S  ? _Hlt190167129 _Hlt190167130 _Hlt190167133 _Hlt190167134 _Hlt190167147 _Hlt190167148,3@@@@@@,3333333 3 3 3333&3)3,3U ] ,>K33333 3 3 333)3,31L _Vw<Cdq)?J!!E"]"#3#K####$$$ %%%%&& '))*/K/3333333 3 3 333)3,33333333 3 3 333)3,3T Ψ*&zzbomnVW~dZ-\$?:/4P}OiMEIpv2FJP/ \t '\f&'Rfȹ6 j6:_Bqck of#~Ⱦh pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH. hh^h`o(hH4.A.ii ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.^`56o(hH4.A.iii^`56OJQJo(hH L^`LhH.   ^ `hH. \ \ ^\ `hH. ,L,^,`LhH. ^`hH. ^`hH. L^`LhH.h^`OJQJo(hHh^`OJQJo(hHohpp^p`OJ QJ o(hHh@ @ ^@ `OJQJo(hHh^`OJQJo(hHoh^`OJ QJ o(hHh^`OJQJo(hHh^`OJQJo(hHohPP^P`OJ QJ o(hHh pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h^`B*OJQJo(phhH  ^ `OJQJ^Jo(hHo  ^ `OJ QJ o(hHxx^x`OJQJo(hHHH^H`OJQJ^Jo(hHo^`OJ QJ o(hH^`OJQJo(hH^`OJQJ^Jo(hHo^`OJ QJ o(hHh^`B*OJQJo(phhHh^`OJQJ^Jo(hHohpp^p`OJ QJ o(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJ QJ o(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJ QJ o(hHh pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h^`B*OJQJo(phhHh^`OJQJ^Jo(hHohpp^p`OJ QJ o(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJ QJ o(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJ QJ o(hHh pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h^`B*o(phhH.h  ^ `OJQJ^Jo(hHoh  ^ `OJ QJ o(hHhxx^x`OJQJo(hHhHH^H`OJQJ^Jo(hHoh^`OJ QJ o(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJ QJ o(hHh pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h ^`hH.h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.h pp^p`hH.h @ @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h PP^P`hH.h   ^ `hH.h L^`LhH.Im)BMEI/ \0*&f#~/T Bqck o2FJ6 jgQD}< '\f~\$mnr/K=Rf                  "        潎'                                   Yn;                         FR                  h2                                                              D#`/ u-D#`/ uaRyaRyq2G~-@P4*eC^m<Wlrq! f ~ y  / 0 W `  !_c d>60r'.&;lIJu V!f!]=$ =%}&4'g(j({(D)U)u *s6,cd.g.I/R/1YL58Gq8Ou8R ;TF;Cu;>/a?h?9@:@LB;BSC cCD&EO8GI%I*JKXK"MtNFO#PmQRR"&R$SY^ScS(*T@TzqTpU`UfUrqU1"VhXiYZz*Z>Ze[x\(E]F]7t]H_ d_|l_f`W{` a(a+a1aod_fZgngHhL jBklVlmn/mnoBoNo`oLpycpip~qr 5r]ridrKs/t<=t=tRtu3u4gwnxz3 z=zRGz|}zn{.}aB1[mH%D3gqUw6K[)NO*145I1?E%=;o$9"q"~({tFuWPk7_r1-Hm%FYglbDjU}zq#4y?^SWTgZ[%b(oQ4BV6$J&^ix+.}`QwP$UXNo[" yrY0[v/Ws!gpr?%NhVGT9RgU:v@b@JSQYD33@+3@Unknown G*Cx Times New Roman5Symbol3.*Cx ArialC (PMingLiUe0}fԚ;(SimSun[SO5..[`)TahomaC.,{ @Calibri Light7.{ @Calibri?=*Cx Courier New;WingdingsA$BCambria Math"1hLGXg{¦f+ \f+ \422 3qHP ?n2! xx Cryptographic Hash Competition Shu-jen Chang Sara KermanX              Oh+'0 ,8 X d p | Cryptographic Hash CompetitionShu-jen Chang Normal.dotm Sara Kerman3Microsoft Office Word@^в@l' p@Z@rL! f+՜.+,D՜.+,P  hp  NIST\2 Cryptographic Hash Competition Title 8@ _PID_HLINKSAdTM Whttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html=3 Thttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.htmlUhttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/intell_prop.htmlTMWhttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html=3Thttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html  !"#$%&'()*+,-./0123456789:;<=>?@BCDEFGHJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxz{|}~Root Entry F7O!Data A1TableIc_WordDocument.SummaryInformation(yDocumentSummaryInformation8CompObjr  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q