SHA-2
SHA-2 is the family of cryptographic hash functions published by NIST in FIPS 180-4, comprising SHA-224, SHA-256, SHA-384, SHA-512, and two truncated variants. Built on the Merkle-Damgard construction, it is the most widely deployed hash family, securing TLS certificate signatures, software integrity checks, and the proof-of-work in many blockchains.
Quantum impact
SHA-2 faces no exponential quantum attack. Grover's algorithm (Grover's algorithm) gives at most a quadratic speedup, lowering the preimage margin of SHA-256 from 2^256 to about 2^128 quantum operations. Collision resistance is set by the classical birthday bound (2^128 for SHA-256), and known quantum collision methods demand so much memory that they offer little real advantage. A SHA-2 function with adequate output size is therefore treated as post-quantum safe, which is why it appears inside conservative hash-based signatures.
Relationship to SHA-3
SHA-2 and the later SHA-3 standard share no internal structure: SHA-3 uses a sponge construction and was standardized as an independent backup, not a replacement. Both remain approved for use.
Sources
- FIPS 180-4, Secure Hash Standard (SHS) (NIST, 2015)
- A fast quantum mechanical algorithm for database search (arXiv, 1996)
- Post-Quantum Cryptography FAQs (NIST, 2025)
Cite this entry
"SHA-2." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/sha-2@misc{pqwiki-sha-2,
title = {SHA-2},
howpublished = {\url{https://postquantum.wiki/sha-2}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}