Bitcoin rules sha256
Publish: 2021-05-14 14:52:35
1. In order to understand the technical principle of bitcoin, we need to understand two important cryptographic techniques: hash code: it converts a long string into a fixed length string, and its conversion is irreversible, that is, it is impossible to guess the original string from hash code. Sha256 is mainly used in bitcoin protocol
public key system: corresponds to a public key and a private key, keeps the private key in the application and publishes the public key. When Party A transmits information to Party B, it can use Party A's private key to encrypt the information, and Party B can use Party A's public key to decrypt the information, so as to ensure that the third party cannot impersonate Party A to send the information; At the same time, when Party A transmits information to Party B, it is encrypted with Party B's public key and sent to Party B, and then Party B decrypts it with his own private key, so as to ensure that the third party cannot eavesdrop on the communication between the two people. RSA is the most common public key system, but the lliptic curve digital signature algorithm is used in bitcoin protocol. What's the difference between cash and bank account? Bitcoin is an electronic currency in BTC. In this article, it is also used to refer to the whole bitcoin system. Like opening an account in a bank, the corresponding concept in bitcoin is address. Everyone can have one or more bitcoin addresses, which are used to pay and collect money. Each address is a string that starts with 1. For example, I have two bitcoin accounts, and. A bitcoin account is uniquely determined by a pair of public key and private key. To save the account, you only need to save the private key file. Unlike bank accounts, banks keep all transaction records and maintain the book balance of each account, while bitcoin's transaction records are jointly maintained by the whole P2P network through a pre agreed protocol. How much money is in my account address? Although the current account balance can be seen by bitcoin software, unlike banks, there is no place to maintain the book balance of each address. It can only calculate the account balance in real time through all historical transactions. How do I pay? When I pay from address a to address B of the other party, the payment amount is e. at this time, both parties will announce the transaction information to each network node, telling address a to pay to address B, and the payment amount is e. In order to prevent the third party from forging the transaction information, the transaction information will be encrypted with the private key of address A. at this time, the network node receiving the transaction information can use the public key of address a to verify that the transaction information is indeed sent by address a. Of course, trading software will help us do these things, we just need to input the relevant parameters in the software. What will the network node do after receiving the transaction information? This is the most important part of the bitcoin system, which needs to be elaborated. For the sake of simplicity, only bitcoin protocol has been implemented. In the current version, each network node will save all transaction information synchronously. There are two kinds of transaction information in history, one is & quot; Verified & quot; The transaction information, that is, the verified transaction information, is stored in a series of "blocks". Each & quot; block" Is the previous & quot; bock" The ID of each block is the hash code of the hash code of the block and the new transaction information (see an actual block). The other category refers to those who also & quot; Unverified & quot; The transaction information just paid above belongs to this category. When a network node receives new unverified transaction information (possibly more than one), it can calculate the book balance of each address at that time because the node keeps all the transaction information in history, so it can calculate whether the transaction information is valid, that is, whether there is enough balance in the payment account. After eliminating the invalid transaction information, it first takes out the last & quot; block" Then, the unverified transaction information is combined with the ID, and a verification code is added to form a new "block". It needs a lot of calculation to build a new block, because it needs to calculate the verification code, so that the above combination becomes a block, that is, the first several bits of the hash code of the block are 1. At present, the first 13 bits need to be 1 (generally, the specific method is uncertain), which means that if the block is generated by enumeration method, the average number of enumerations is 16 ^ 13. Using CPU resources to generate a block is called "gold mining", because the proction of the block will get a certain reward, and the reward information has been included in the block. When a network node generates a new block, it will broadcast to other network nodes. However, this network block may not be accepted by the network, because it is possible that other network nodes have proced the block earlier. Only the earliest block or the block with the largest number of subsequent blocks is valid, and the remaining blocks are no longer used as the initial blocks of the next block. How does the other party confirm that the payment is successful? When the payment information is distributed to the network node, the network node begins to calculate whether the transaction is valid (that is, whether the account balance is enough to pay), and attempts to generate blocks containing the transaction information. When six blocks (one direct block and five subsequent blocks) contain the transaction information, the transaction information is considered "verified", so that the transaction is formally confirmed, and the other party can confirm the successful payment. A possible problem is that I will pay the balance of address a to address B, and at the same time pay to address C. If I only verify that the single comparison transaction is valid. At this point, my way of cheating is to generate six blocks including B to B and six blocks including C to C before the truth is revealed. Because I need a very long CPU time to generate a block, compared with the whole network, the probability of my cheating success is very small. What is the motivation of network nodes to proce blocks? As can be seen from the above description, in order to make the transaction information effective, the network node needs to generate 1 and 5 subsequent blocks to contain the transaction information, and such block generation is very CPU intensive. How to let other network nodes help to proce blocks as soon as possible? The answer is very simple. The agreement stipulates that BTC will be rewarded for the address where the block is proced, as well as the Commission promised by both parties. At present, the reward for procing a block is 50btc, which will be halved every four years in the future. For example, the reward will be 25btc from 2013 to 2016. Is the transaction anonymous? Yes, and No. All bitcoin transactions are visible. We can check all transaction records of each account, such as mine. But what's different from the banking monetary system is that everyone's account itself is anonymous, and everyone can open many accounts. In general, anonymity is not as good as it claims. But bitcoin has another advantage in doing black market trading: it can't be frozen. Even if the police trace a bitcoin address, there is nothing they can do unless they trace the computer used by the exchange based on the Internet address. How to ensure that bitcoin does not depreciate? Generally speaking, in the case of equivalent trading activities, the value of money is inversely proportional to the amount of money issued. Unlike the traditional money market, the central bank can determine the amount of money issued. Bitcoin does not have a central issuing institution. Only by procing blocks can we get a certain amount of BTC currency. Therefore, bitcoin's new amount of money depends on: 1. The speed of procing blocks: bitcoin's agreement stipulates that the difficulty of procing blocks is fixed at an average of 2016 every two weeks, about 10 minutes. Moore's law of doubling CPU speed every 18 months will not speed up the proction of block. 2. The number of rewards for block proction: at present, 50 BTC is awarded for each block proced, which is halved every four years. In 2013, 25 BTC is awarded, and in 2017, 12.5 BTC is awarded. Considering the above two factors, bitcoin's currency issuing speed is not controlled by any single node in the network. Its protocol makes the currency stock known in advance, and the maximum stock is only 21 million BTC
public key system: corresponds to a public key and a private key, keeps the private key in the application and publishes the public key. When Party A transmits information to Party B, it can use Party A's private key to encrypt the information, and Party B can use Party A's public key to decrypt the information, so as to ensure that the third party cannot impersonate Party A to send the information; At the same time, when Party A transmits information to Party B, it is encrypted with Party B's public key and sent to Party B, and then Party B decrypts it with his own private key, so as to ensure that the third party cannot eavesdrop on the communication between the two people. RSA is the most common public key system, but the lliptic curve digital signature algorithm is used in bitcoin protocol. What's the difference between cash and bank account? Bitcoin is an electronic currency in BTC. In this article, it is also used to refer to the whole bitcoin system. Like opening an account in a bank, the corresponding concept in bitcoin is address. Everyone can have one or more bitcoin addresses, which are used to pay and collect money. Each address is a string that starts with 1. For example, I have two bitcoin accounts, and. A bitcoin account is uniquely determined by a pair of public key and private key. To save the account, you only need to save the private key file. Unlike bank accounts, banks keep all transaction records and maintain the book balance of each account, while bitcoin's transaction records are jointly maintained by the whole P2P network through a pre agreed protocol. How much money is in my account address? Although the current account balance can be seen by bitcoin software, unlike banks, there is no place to maintain the book balance of each address. It can only calculate the account balance in real time through all historical transactions. How do I pay? When I pay from address a to address B of the other party, the payment amount is e. at this time, both parties will announce the transaction information to each network node, telling address a to pay to address B, and the payment amount is e. In order to prevent the third party from forging the transaction information, the transaction information will be encrypted with the private key of address A. at this time, the network node receiving the transaction information can use the public key of address a to verify that the transaction information is indeed sent by address a. Of course, trading software will help us do these things, we just need to input the relevant parameters in the software. What will the network node do after receiving the transaction information? This is the most important part of the bitcoin system, which needs to be elaborated. For the sake of simplicity, only bitcoin protocol has been implemented. In the current version, each network node will save all transaction information synchronously. There are two kinds of transaction information in history, one is & quot; Verified & quot; The transaction information, that is, the verified transaction information, is stored in a series of "blocks". Each & quot; block" Is the previous & quot; bock" The ID of each block is the hash code of the hash code of the block and the new transaction information (see an actual block). The other category refers to those who also & quot; Unverified & quot; The transaction information just paid above belongs to this category. When a network node receives new unverified transaction information (possibly more than one), it can calculate the book balance of each address at that time because the node keeps all the transaction information in history, so it can calculate whether the transaction information is valid, that is, whether there is enough balance in the payment account. After eliminating the invalid transaction information, it first takes out the last & quot; block" Then, the unverified transaction information is combined with the ID, and a verification code is added to form a new "block". It needs a lot of calculation to build a new block, because it needs to calculate the verification code, so that the above combination becomes a block, that is, the first several bits of the hash code of the block are 1. At present, the first 13 bits need to be 1 (generally, the specific method is uncertain), which means that if the block is generated by enumeration method, the average number of enumerations is 16 ^ 13. Using CPU resources to generate a block is called "gold mining", because the proction of the block will get a certain reward, and the reward information has been included in the block. When a network node generates a new block, it will broadcast to other network nodes. However, this network block may not be accepted by the network, because it is possible that other network nodes have proced the block earlier. Only the earliest block or the block with the largest number of subsequent blocks is valid, and the remaining blocks are no longer used as the initial blocks of the next block. How does the other party confirm that the payment is successful? When the payment information is distributed to the network node, the network node begins to calculate whether the transaction is valid (that is, whether the account balance is enough to pay), and attempts to generate blocks containing the transaction information. When six blocks (one direct block and five subsequent blocks) contain the transaction information, the transaction information is considered "verified", so that the transaction is formally confirmed, and the other party can confirm the successful payment. A possible problem is that I will pay the balance of address a to address B, and at the same time pay to address C. If I only verify that the single comparison transaction is valid. At this point, my way of cheating is to generate six blocks including B to B and six blocks including C to C before the truth is revealed. Because I need a very long CPU time to generate a block, compared with the whole network, the probability of my cheating success is very small. What is the motivation of network nodes to proce blocks? As can be seen from the above description, in order to make the transaction information effective, the network node needs to generate 1 and 5 subsequent blocks to contain the transaction information, and such block generation is very CPU intensive. How to let other network nodes help to proce blocks as soon as possible? The answer is very simple. The agreement stipulates that BTC will be rewarded for the address where the block is proced, as well as the Commission promised by both parties. At present, the reward for procing a block is 50btc, which will be halved every four years in the future. For example, the reward will be 25btc from 2013 to 2016. Is the transaction anonymous? Yes, and No. All bitcoin transactions are visible. We can check all transaction records of each account, such as mine. But what's different from the banking monetary system is that everyone's account itself is anonymous, and everyone can open many accounts. In general, anonymity is not as good as it claims. But bitcoin has another advantage in doing black market trading: it can't be frozen. Even if the police trace a bitcoin address, there is nothing they can do unless they trace the computer used by the exchange based on the Internet address. How to ensure that bitcoin does not depreciate? Generally speaking, in the case of equivalent trading activities, the value of money is inversely proportional to the amount of money issued. Unlike the traditional money market, the central bank can determine the amount of money issued. Bitcoin does not have a central issuing institution. Only by procing blocks can we get a certain amount of BTC currency. Therefore, bitcoin's new amount of money depends on: 1. The speed of procing blocks: bitcoin's agreement stipulates that the difficulty of procing blocks is fixed at an average of 2016 every two weeks, about 10 minutes. Moore's law of doubling CPU speed every 18 months will not speed up the proction of block. 2. The number of rewards for block proction: at present, 50 BTC is awarded for each block proced, which is halved every four years. In 2013, 25 BTC is awarded, and in 2017, 12.5 BTC is awarded. Considering the above two factors, bitcoin's currency issuing speed is not controlled by any single node in the network. Its protocol makes the currency stock known in advance, and the maximum stock is only 21 million BTC
2. Bitcoin is a consensus network, contributing to a new payment system and a fully digital currency. It is the first decentralized peer-to-peer payment network, which is controlled by its users without a central management organization or middleman. From the user's point of view, bitcoin is much like Internet cash. Bitcoin can also be regarded as the most outstanding three style bookkeeping system
anyone can run software on specialized hardware and become a bitcoin miner. Mining software monitors transaction broadcast through P2P network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners can earn transaction fees paid by users to speed up transaction processing and additional bitcoin issued according to fixed formula
new transactions need to be included in a block with mathematical workload proof before they can be confirmed. This kind of proof is hard to generate because it can only be generated by trying billions of calculations per second. Miners need to run these calculations before their blocks are accepted and rewarded. As more people start mining, the difficulty of finding effective blocks will be automatically increased by the network to ensure that the average time to find a block remains at 10 minutes. Therefore, the competition for mining is very fierce, and no indivial miner can control the content contained in the block chain
workload proof is also designed to rely on previous blocks, which forces the time sequence of block chain. This design makes it extremely difficult to cancel previous transactions, because the workload proof of all subsequent blocks needs to be recalculated. When two blocks are found at the same time, the miner will process the first block received, and once the next block is found, it will be transferred to the longest block chain. This ensures that the mining process maintains a global consistency based on processing capacity
bitcoin miners can neither increase their rewards by cheating, nor deal with the fraulent transactions that destroy the bitcoin network, because all bitcoin nodes will reject the blocks containing invalid data that violate the bitcoin protocol rules. Therefore, even if not all bitcoin miners can be trusted, the bitcoin network is still secure
sha256 is an encryption algorithm.
anyone can run software on specialized hardware and become a bitcoin miner. Mining software monitors transaction broadcast through P2P network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners can earn transaction fees paid by users to speed up transaction processing and additional bitcoin issued according to fixed formula
new transactions need to be included in a block with mathematical workload proof before they can be confirmed. This kind of proof is hard to generate because it can only be generated by trying billions of calculations per second. Miners need to run these calculations before their blocks are accepted and rewarded. As more people start mining, the difficulty of finding effective blocks will be automatically increased by the network to ensure that the average time to find a block remains at 10 minutes. Therefore, the competition for mining is very fierce, and no indivial miner can control the content contained in the block chain
workload proof is also designed to rely on previous blocks, which forces the time sequence of block chain. This design makes it extremely difficult to cancel previous transactions, because the workload proof of all subsequent blocks needs to be recalculated. When two blocks are found at the same time, the miner will process the first block received, and once the next block is found, it will be transferred to the longest block chain. This ensures that the mining process maintains a global consistency based on processing capacity
bitcoin miners can neither increase their rewards by cheating, nor deal with the fraulent transactions that destroy the bitcoin network, because all bitcoin nodes will reject the blocks containing invalid data that violate the bitcoin protocol rules. Therefore, even if not all bitcoin miners can be trusted, the bitcoin network is still secure
sha256 is an encryption algorithm.
3. The next week contract and the quarter contract will participate in the settlement. After the settlement, the profit and loss will be recalculated according to the settlement benchmark price. After the settlement, the profit part can be transferred out; If the user closes the position before settlement, all the margin and realized profit and loss required for opening the position after settlement can be transferred out of the virtual contract account.
4. By the time of delivery, the system will take the arithmetic mean value of BTC (LTC and other currencies) dollar index in the latest hour as the delivery price to close out all open contracts in the current week. The profit and loss after closing the position shall be added to the realized profit and loss.
5. Many people always ask me, can walking make money? Who gives the money and where it comes from. What makes a company profitable. What should I say
Introction 1
interesting step is a community of mining machines and exchanges for blockchain assets. After we download the app and complete the real name certification, as long as you walk 4000 steps a day, you can get 0.3333 candies, and the value has been rising. You can get 15 candies in 45 days. You can withdraw 5 candies in the first month, and you can use a primary scroll to buy goods in the second month, In fact, it is equivalent to that we do nothing and get money on this platform every day
Introction 2
why is candy valuable? First of all, everyone can use the app to dig for candy revenue, which is very attractive. It will attract a large number of users to participate. Then the number of APP users will be very large, and some people will be willing to invest in this platform, because the total amount of candy is constant. The more people come in, the more demand, the less candy, and the higher the value of candy, Investors are willing to buy candy and wait for appreciation. Therefore, it is not the platform that is burning money for charity, but the investors in the market who are investing to buy candy in our hands are giving cash to users, which is the source of candy value
Introction 3
the app is now in the drainage period. After the number of users is established, the app can do a lot of things, such as social networking, e-commerce, short video, and so on, and it can realize more value. Then, the currency in circulation is naturally these candies, so the appreciation of candies is certain, and candies represent the value of the platform, Holding candy is equivalent to holding shares in this platform, so many people will invest in buying candy in other people's hands
Introction 4
advantages of fun step
first, the entrance is large, everyone can get candy for free, which is a huge entrance
secondly, it is sticky and can get candy every day, which leads to users logging in every day
thirdly, with zero investment, neither the recommender nor the recommender is under pressure. They just introce others a software that makes money every day
introction 5
how to earn more candy? The more people you share, the more active you will be. The candy you get will multiply every day, and you will also get a bonus. There are people trading candy all the time on the platform, and the platform will charge transaction fees, which is a huge profit. The platform will distribute the income of transaction fees to users with high activity in proportion. When the number of users you recommend reaches about 70-80, The team keeps splitting. If you reach the level of 1 star, you can get nearly 10000 monthly dividends. If your team keeps splitting, your daily income will increase automatically. Upgrade 2 stars and 3 stars to form an automatic wave of income
Introction 6
this is a very good opportunity. I hope everyone can move to reach the one star level quickly. At present, according to the development speed of the market, it generally takes about 15-30 days to reach the one star level. Refuelling partners.
Introction 1
interesting step is a community of mining machines and exchanges for blockchain assets. After we download the app and complete the real name certification, as long as you walk 4000 steps a day, you can get 0.3333 candies, and the value has been rising. You can get 15 candies in 45 days. You can withdraw 5 candies in the first month, and you can use a primary scroll to buy goods in the second month, In fact, it is equivalent to that we do nothing and get money on this platform every day
Introction 2
why is candy valuable? First of all, everyone can use the app to dig for candy revenue, which is very attractive. It will attract a large number of users to participate. Then the number of APP users will be very large, and some people will be willing to invest in this platform, because the total amount of candy is constant. The more people come in, the more demand, the less candy, and the higher the value of candy, Investors are willing to buy candy and wait for appreciation. Therefore, it is not the platform that is burning money for charity, but the investors in the market who are investing to buy candy in our hands are giving cash to users, which is the source of candy value
Introction 3
the app is now in the drainage period. After the number of users is established, the app can do a lot of things, such as social networking, e-commerce, short video, and so on, and it can realize more value. Then, the currency in circulation is naturally these candies, so the appreciation of candies is certain, and candies represent the value of the platform, Holding candy is equivalent to holding shares in this platform, so many people will invest in buying candy in other people's hands
Introction 4
advantages of fun step
first, the entrance is large, everyone can get candy for free, which is a huge entrance
secondly, it is sticky and can get candy every day, which leads to users logging in every day
thirdly, with zero investment, neither the recommender nor the recommender is under pressure. They just introce others a software that makes money every day
introction 5
how to earn more candy? The more people you share, the more active you will be. The candy you get will multiply every day, and you will also get a bonus. There are people trading candy all the time on the platform, and the platform will charge transaction fees, which is a huge profit. The platform will distribute the income of transaction fees to users with high activity in proportion. When the number of users you recommend reaches about 70-80, The team keeps splitting. If you reach the level of 1 star, you can get nearly 10000 monthly dividends. If your team keeps splitting, your daily income will increase automatically. Upgrade 2 stars and 3 stars to form an automatic wave of income
Introction 6
this is a very good opportunity. I hope everyone can move to reach the one star level quickly. At present, according to the development speed of the market, it generally takes about 15-30 days to reach the one star level. Refuelling partners.
6. Bitcoin was about $3800 a year ago, and now it's between $38000 and $41000.
7. Sha family
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the pseudocode of SHA-1 algorithm is as follows:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & gt; 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the pseudocode of SHA-1 algorithm is as follows:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & gt; 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
8. SHA-256 is the encryption algorithm used by some columns of bitcoin digital currency. However, it uses a lot of computing power and processing time, forcing miners to set up mining pools to obtain benefits.
9. Bitcoin calculation requires the following parameters:
1. Version of block
2. Hash value of the previous block: prev_ Hash
3. The hash tree value of the transaction record to be written: Merkle_ Root
4. Update time: ntime
5. Current difficulty: nbits
the process of mining is to find x to make
sha256 (version + prev)_ hash + merkle_ root + ntime + nbits + x )) < Target
the range of X in the above formula is 0 ~ 2 ^ 32, which can be calculated according to the current difficulty. In addition to x, you can also try to change Merkle_ Root and ntime. Because of the hash feature, finding such an X can only be brute force search
once calculator a finds x, it can broadcast a new block, and other clients will verify whether the block published by calculator a is legal
if the published block is accepted, the first transaction in each block must be to send the newly generated 25 bitcoins to an address. Of course, calculator a will set this address to the address owned by calculator a to get the 25 bitcoins.
1. Version of block
2. Hash value of the previous block: prev_ Hash
3. The hash tree value of the transaction record to be written: Merkle_ Root
4. Update time: ntime
5. Current difficulty: nbits
the process of mining is to find x to make
sha256 (version + prev)_ hash + merkle_ root + ntime + nbits + x )) < Target
the range of X in the above formula is 0 ~ 2 ^ 32, which can be calculated according to the current difficulty. In addition to x, you can also try to change Merkle_ Root and ntime. Because of the hash feature, finding such an X can only be brute force search
once calculator a finds x, it can broadcast a new block, and other clients will verify whether the block published by calculator a is legal
if the published block is accepted, the first transaction in each block must be to send the newly generated 25 bitcoins to an address. Of course, calculator a will set this address to the address owned by calculator a to get the 25 bitcoins.
Hot content