Bitcoin formula
Publish: 2021-04-28 22:55:43
1. In order to understand the technical principle of bitcoin, we need to understand two important cryptographic techniques: hash code: it converts a long string into a fixed length string, and its conversion is irreversible, that is, it is impossible to guess the original string from hash code. Sha256 is mainly used in bitcoin protocol
public key system: corresponds to a public key and a private key, keeps the private key in the application and publishes the public key. When Party A transmits information to Party B, it can use Party A's private key to encrypt the information, and Party B can use Party A's public key to decrypt the information, so as to ensure that the third party cannot impersonate Party A to send the information; At the same time, when Party A transmits information to Party B, it is encrypted with Party B's public key and sent to Party B, and then Party B decrypts it with his own private key, so as to ensure that the third party cannot eavesdrop on the communication between the two people. RSA is the most common public key system, but the lliptic curve digital signature algorithm is used in bitcoin protocol. What's the difference between cash and bank account? Bitcoin is an electronic currency in BTC. In this article, it is also used to refer to the whole bitcoin system. Like opening an account in a bank, the corresponding concept in bitcoin is address. Everyone can have one or more bitcoin addresses, which are used to pay and collect money. Each address is a string that starts with 1. For example, I have two bitcoin accounts, and. A bitcoin account is uniquely determined by a pair of public key and private key. To save the account, you only need to save the private key file. Unlike bank accounts, banks keep all transaction records and maintain the book balance of each account, while bitcoin's transaction records are jointly maintained by the whole P2P network through a pre agreed protocol. How much money is in my account address? Although the current account balance can be seen by bitcoin software, unlike banks, there is no place to maintain the book balance of each address. It can only calculate the account balance in real time through all historical transactions. How do I pay? When I pay from address a to address B of the other party, the payment amount is e. at this time, both parties will announce the transaction information to each network node, telling address a to pay to address B, and the payment amount is e. In order to prevent the third party from forging the transaction information, the transaction information will be encrypted with the private key of address A. at this time, the network node receiving the transaction information can use the public key of address a to verify that the transaction information is indeed sent by address a. Of course, trading software will help us do these things, we just need to input the relevant parameters in the software. What will the network node do after receiving the transaction information? This is the most important part of the bitcoin system, which needs to be elaborated. For the sake of simplicity, only bitcoin protocol has been implemented. In the current version, each network node will save all transaction information synchronously. There are two kinds of transaction information in history, one is & quot; Verified & quot; The transaction information, that is, the verified transaction information, is stored in a series of "blocks". Each & quot; block" Is the previous & quot; bock" The ID of each block is the hash code of the hash code of the block and the new transaction information (see an actual block). The other category refers to those who also & quot; Unverified & quot; The transaction information just paid above belongs to this category. When a network node receives new unverified transaction information (possibly more than one), it can calculate the book balance of each address at that time because the node keeps all the transaction information in history, so it can calculate whether the transaction information is valid, that is, whether there is enough balance in the payment account. After eliminating the invalid transaction information, it first takes out the last & quot; block" Then, the unverified transaction information is combined with the ID, and a verification code is added to form a new "block". It needs a lot of calculation to build a new block, because it needs to calculate the verification code, so that the above combination becomes a block, that is, the first several bits of the hash code of the block are 1. At present, the first 13 bits need to be 1 (generally, the specific method is uncertain), which means that if the block is generated by enumeration method, the average number of enumerations is 16 ^ 13. Using CPU resources to generate a block is called "gold mining", because the proction of the block will get a certain reward, and the reward information has been included in the block. When a network node generates a new block, it will broadcast to other network nodes. However, this network block may not be accepted by the network, because it is possible that other network nodes have proced the block earlier. Only the earliest block or the block with the largest number of subsequent blocks is valid, and the remaining blocks are no longer used as the initial blocks of the next block. How does the other party confirm that the payment is successful? When the payment information is distributed to the network node, the network node begins to calculate whether the transaction is valid (that is, whether the account balance is enough to pay), and attempts to generate blocks containing the transaction information. When six blocks (one direct block and five subsequent blocks) contain the transaction information, the transaction information is considered "verified", so that the transaction is formally confirmed, and the other party can confirm the successful payment. A possible problem is that I will pay the balance of address a to address B, and at the same time pay to address C. If I only verify that the single comparison transaction is valid. At this point, my way of cheating is to generate six blocks including B to B and six blocks including C to C before the truth is revealed. Because I need a very long CPU time to generate a block, compared with the whole network, the probability of my cheating success is very small. What is the motivation of network nodes to proce blocks? As can be seen from the above description, in order to make the transaction information effective, the network node needs to generate 1 and 5 subsequent blocks to contain the transaction information, and such block generation is very CPU intensive. How to let other network nodes help to proce blocks as soon as possible? The answer is very simple. The agreement stipulates that BTC will be rewarded for the address where the block is proced, as well as the Commission promised by both parties. At present, the reward for procing a block is 50btc, which will be halved every four years in the future. For example, the reward will be 25btc from 2013 to 2016. Is the transaction anonymous? Yes, and No. All bitcoin transactions are visible. We can check all transaction records of each account, such as mine. But what's different from the banking monetary system is that everyone's account itself is anonymous, and everyone can open many accounts. In general, anonymity is not as good as it claims. But bitcoin has another advantage in doing black market trading: it can't be frozen. Even if the police trace a bitcoin address, there is nothing they can do unless they trace the computer used by the exchange based on the Internet address. How to ensure that bitcoin does not depreciate? Generally speaking, in the case of equivalent trading activities, the value of money is inversely proportional to the amount of money issued. Unlike the traditional money market, the central bank can determine the amount of money issued. Bitcoin does not have a central issuing institution. Only by procing blocks can we get a certain amount of BTC currency. Therefore, bitcoin's new amount of money depends on: 1. The speed of procing blocks: bitcoin's agreement stipulates that the difficulty of procing blocks is fixed at an average of 2016 every two weeks, about 10 minutes. Moore's law of doubling CPU speed every 18 months will not speed up the proction of block. 2. The number of rewards for block proction: at present, 50 BTC is awarded for each block proced, which is halved every four years. In 2013, 25 BTC is awarded, and in 2017, 12.5 BTC is awarded. Considering the above two factors, bitcoin's currency issuing speed is not controlled by any single node in the network. Its protocol makes the currency stock known in advance, and the maximum stock is only 21 million BTC
public key system: corresponds to a public key and a private key, keeps the private key in the application and publishes the public key. When Party A transmits information to Party B, it can use Party A's private key to encrypt the information, and Party B can use Party A's public key to decrypt the information, so as to ensure that the third party cannot impersonate Party A to send the information; At the same time, when Party A transmits information to Party B, it is encrypted with Party B's public key and sent to Party B, and then Party B decrypts it with his own private key, so as to ensure that the third party cannot eavesdrop on the communication between the two people. RSA is the most common public key system, but the lliptic curve digital signature algorithm is used in bitcoin protocol. What's the difference between cash and bank account? Bitcoin is an electronic currency in BTC. In this article, it is also used to refer to the whole bitcoin system. Like opening an account in a bank, the corresponding concept in bitcoin is address. Everyone can have one or more bitcoin addresses, which are used to pay and collect money. Each address is a string that starts with 1. For example, I have two bitcoin accounts, and. A bitcoin account is uniquely determined by a pair of public key and private key. To save the account, you only need to save the private key file. Unlike bank accounts, banks keep all transaction records and maintain the book balance of each account, while bitcoin's transaction records are jointly maintained by the whole P2P network through a pre agreed protocol. How much money is in my account address? Although the current account balance can be seen by bitcoin software, unlike banks, there is no place to maintain the book balance of each address. It can only calculate the account balance in real time through all historical transactions. How do I pay? When I pay from address a to address B of the other party, the payment amount is e. at this time, both parties will announce the transaction information to each network node, telling address a to pay to address B, and the payment amount is e. In order to prevent the third party from forging the transaction information, the transaction information will be encrypted with the private key of address A. at this time, the network node receiving the transaction information can use the public key of address a to verify that the transaction information is indeed sent by address a. Of course, trading software will help us do these things, we just need to input the relevant parameters in the software. What will the network node do after receiving the transaction information? This is the most important part of the bitcoin system, which needs to be elaborated. For the sake of simplicity, only bitcoin protocol has been implemented. In the current version, each network node will save all transaction information synchronously. There are two kinds of transaction information in history, one is & quot; Verified & quot; The transaction information, that is, the verified transaction information, is stored in a series of "blocks". Each & quot; block" Is the previous & quot; bock" The ID of each block is the hash code of the hash code of the block and the new transaction information (see an actual block). The other category refers to those who also & quot; Unverified & quot; The transaction information just paid above belongs to this category. When a network node receives new unverified transaction information (possibly more than one), it can calculate the book balance of each address at that time because the node keeps all the transaction information in history, so it can calculate whether the transaction information is valid, that is, whether there is enough balance in the payment account. After eliminating the invalid transaction information, it first takes out the last & quot; block" Then, the unverified transaction information is combined with the ID, and a verification code is added to form a new "block". It needs a lot of calculation to build a new block, because it needs to calculate the verification code, so that the above combination becomes a block, that is, the first several bits of the hash code of the block are 1. At present, the first 13 bits need to be 1 (generally, the specific method is uncertain), which means that if the block is generated by enumeration method, the average number of enumerations is 16 ^ 13. Using CPU resources to generate a block is called "gold mining", because the proction of the block will get a certain reward, and the reward information has been included in the block. When a network node generates a new block, it will broadcast to other network nodes. However, this network block may not be accepted by the network, because it is possible that other network nodes have proced the block earlier. Only the earliest block or the block with the largest number of subsequent blocks is valid, and the remaining blocks are no longer used as the initial blocks of the next block. How does the other party confirm that the payment is successful? When the payment information is distributed to the network node, the network node begins to calculate whether the transaction is valid (that is, whether the account balance is enough to pay), and attempts to generate blocks containing the transaction information. When six blocks (one direct block and five subsequent blocks) contain the transaction information, the transaction information is considered "verified", so that the transaction is formally confirmed, and the other party can confirm the successful payment. A possible problem is that I will pay the balance of address a to address B, and at the same time pay to address C. If I only verify that the single comparison transaction is valid. At this point, my way of cheating is to generate six blocks including B to B and six blocks including C to C before the truth is revealed. Because I need a very long CPU time to generate a block, compared with the whole network, the probability of my cheating success is very small. What is the motivation of network nodes to proce blocks? As can be seen from the above description, in order to make the transaction information effective, the network node needs to generate 1 and 5 subsequent blocks to contain the transaction information, and such block generation is very CPU intensive. How to let other network nodes help to proce blocks as soon as possible? The answer is very simple. The agreement stipulates that BTC will be rewarded for the address where the block is proced, as well as the Commission promised by both parties. At present, the reward for procing a block is 50btc, which will be halved every four years in the future. For example, the reward will be 25btc from 2013 to 2016. Is the transaction anonymous? Yes, and No. All bitcoin transactions are visible. We can check all transaction records of each account, such as mine. But what's different from the banking monetary system is that everyone's account itself is anonymous, and everyone can open many accounts. In general, anonymity is not as good as it claims. But bitcoin has another advantage in doing black market trading: it can't be frozen. Even if the police trace a bitcoin address, there is nothing they can do unless they trace the computer used by the exchange based on the Internet address. How to ensure that bitcoin does not depreciate? Generally speaking, in the case of equivalent trading activities, the value of money is inversely proportional to the amount of money issued. Unlike the traditional money market, the central bank can determine the amount of money issued. Bitcoin does not have a central issuing institution. Only by procing blocks can we get a certain amount of BTC currency. Therefore, bitcoin's new amount of money depends on: 1. The speed of procing blocks: bitcoin's agreement stipulates that the difficulty of procing blocks is fixed at an average of 2016 every two weeks, about 10 minutes. Moore's law of doubling CPU speed every 18 months will not speed up the proction of block. 2. The number of rewards for block proction: at present, 50 BTC is awarded for each block proced, which is halved every four years. In 2013, 25 BTC is awarded, and in 2017, 12.5 BTC is awarded. Considering the above two factors, bitcoin's currency issuing speed is not controlled by any single node in the network. Its protocol makes the currency stock known in advance, and the maximum stock is only 21 million BTC
2. Bitcoin is a consensus network, contributing to a new payment system and a fully digital currency. It is the first decentralized peer-to-peer payment network, which is controlled by its users without a central management organization or middleman. From the user's point of view, bitcoin is much like Internet cash. Bitcoin can also be regarded as the most outstanding three style bookkeeping system
anyone can run software on specialized hardware and become a bitcoin miner. Mining software monitors transaction broadcast through P2P network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners can earn transaction fees paid by users to speed up transaction processing and additional bitcoin issued according to fixed formula
new transactions need to be included in a block with mathematical workload proof before they can be confirmed. This kind of proof is hard to generate because it can only be generated by trying billions of calculations per second. Miners need to run these calculations before their blocks are accepted and rewarded. As more people start mining, the difficulty of finding effective blocks will be automatically increased by the network to ensure that the average time to find a block remains at 10 minutes. Therefore, the competition for mining is very fierce, and no indivial miner can control the content contained in the block chain
workload proof is also designed to rely on previous blocks, which forces the time sequence of block chain. This design makes it extremely difficult to cancel previous transactions, because the workload proof of all subsequent blocks needs to be recalculated. When two blocks are found at the same time, the miner will process the first block received, and once the next block is found, it will be transferred to the longest block chain. This ensures that the mining process maintains a global consistency based on processing capacity
bitcoin miners can neither increase their rewards by cheating, nor deal with the fraulent transactions that destroy the bitcoin network, because all bitcoin nodes will reject the blocks containing invalid data that violate the bitcoin protocol rules. Therefore, even if not all bitcoin miners can be trusted, the bitcoin network is still secure
sha256 is an encryption algorithm.
anyone can run software on specialized hardware and become a bitcoin miner. Mining software monitors transaction broadcast through P2P network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners can earn transaction fees paid by users to speed up transaction processing and additional bitcoin issued according to fixed formula
new transactions need to be included in a block with mathematical workload proof before they can be confirmed. This kind of proof is hard to generate because it can only be generated by trying billions of calculations per second. Miners need to run these calculations before their blocks are accepted and rewarded. As more people start mining, the difficulty of finding effective blocks will be automatically increased by the network to ensure that the average time to find a block remains at 10 minutes. Therefore, the competition for mining is very fierce, and no indivial miner can control the content contained in the block chain
workload proof is also designed to rely on previous blocks, which forces the time sequence of block chain. This design makes it extremely difficult to cancel previous transactions, because the workload proof of all subsequent blocks needs to be recalculated. When two blocks are found at the same time, the miner will process the first block received, and once the next block is found, it will be transferred to the longest block chain. This ensures that the mining process maintains a global consistency based on processing capacity
bitcoin miners can neither increase their rewards by cheating, nor deal with the fraulent transactions that destroy the bitcoin network, because all bitcoin nodes will reject the blocks containing invalid data that violate the bitcoin protocol rules. Therefore, even if not all bitcoin miners can be trusted, the bitcoin network is still secure
sha256 is an encryption algorithm.
3. Also want to ask, if I change this machine into a miner, as long as a card for more than one exchange of fire on the line?
4. Hub75, do you buy outdoors or indoors? It's OK to use SCM to proce a few simple characters. But if you want to have grayscale or something, SCM will not be able to proce characters. If you want to have more colors and less IO ports, you can't do it. If you want to play simply, you'd better buy lingxingyu's 801 receiving card, and the Gigabit network card will be good, Otherwise, it's really troublesome. If you want to find information, you can take a look at the website of Taiwan accumulation. There are Chinese information of 5020 or 5026 chips on it. Maybe your screen is not such a chip, but they are similar things. Just look at one. The information is easy to understand at noon!
5. There are mainly two kinds of bitcoin algorithms, which are elliptic curve digital signature algorithm and sha256 hash algorithm
elliptic curve digital signature algorithm is mainly used in the generation process of bitcoin public key and private key, which is the cornerstone of bitcoin system. SHA-256 hash algorithm is mainly used in the workload proof mechanism of bitcoin
the principle of bitcoin generation is the special solution generated by complex operation, and mining is the process of finding the special solution. However, the total number of bitcoin is only 21 million, and with the continuous mining of bitcoin, the more difficult it will be to proce bitcoin, and the cost of acquiring bitcoin may be higher than the price of bitcoin itself
the bitcoin block consists of a block header and the transaction list contained in the block. The size of the block header is 80 bytes, which is composed of 4-byte version number, 32 byte hash value of the previous block, 32 byte Merkle root hash, 4-byte timestamp (current time), 4-byte current difficulty value and 4-byte random number. A block header with a fixed length of 80 bytes is the input string used to prove the workload of bitcoin. Constantly change the random number in the block header, that is, the value of nonce, and do double sha256 operation on the block header after each change, and compare the result value with the target value of the current network. If it is less than the target value, the problem is solved successfully, and the workload is proved to be complete
the essence of bitcoin is actually the unique solution of a set of equations generated by a bunch of complex algorithms. Bitcoin is the first distributed virtual currency in the world, which has no specific distribution center. The network of bitcoin is composed of all users, because there is no center to ensure the security of data.
elliptic curve digital signature algorithm is mainly used in the generation process of bitcoin public key and private key, which is the cornerstone of bitcoin system. SHA-256 hash algorithm is mainly used in the workload proof mechanism of bitcoin
the principle of bitcoin generation is the special solution generated by complex operation, and mining is the process of finding the special solution. However, the total number of bitcoin is only 21 million, and with the continuous mining of bitcoin, the more difficult it will be to proce bitcoin, and the cost of acquiring bitcoin may be higher than the price of bitcoin itself
the bitcoin block consists of a block header and the transaction list contained in the block. The size of the block header is 80 bytes, which is composed of 4-byte version number, 32 byte hash value of the previous block, 32 byte Merkle root hash, 4-byte timestamp (current time), 4-byte current difficulty value and 4-byte random number. A block header with a fixed length of 80 bytes is the input string used to prove the workload of bitcoin. Constantly change the random number in the block header, that is, the value of nonce, and do double sha256 operation on the block header after each change, and compare the result value with the target value of the current network. If it is less than the target value, the problem is solved successfully, and the workload is proved to be complete
the essence of bitcoin is actually the unique solution of a set of equations generated by a bunch of complex algorithms. Bitcoin is the first distributed virtual currency in the world, which has no specific distribution center. The network of bitcoin is composed of all users, because there is no center to ensure the security of data.
6. Sha family
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the pseudocode of SHA-1 algorithm is as follows:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & gt; 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the pseudocode of SHA-1 algorithm is as follows:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & gt; 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
7. SHA-256 is the encryption algorithm used by some columns of bitcoin digital currency. However, it uses a lot of computing power and processing time, forcing miners to set up mining pools to obtain benefits.
8. Bitcoin calculation requires the following parameters:
1. Version of block
2. Hash value of the previous block: prev_ Hash
3. The hash tree value of the transaction record to be written: Merkle_ Root
4. Update time: ntime
5. Current difficulty: nbits
the process of mining is to find x to make
sha256 (version + prev)_ hash + merkle_ root + ntime + nbits + x )) < Target
the range of X in the above formula is 0 ~ 2 ^ 32, which can be calculated according to the current difficulty. In addition to x, you can also try to change Merkle_ Root and ntime. Because of the hash feature, finding such an X can only be brute force search
once calculator a finds x, it can broadcast a new block, and other clients will verify whether the block published by calculator a is legal
if the published block is accepted, the first transaction in each block must be to send the newly generated 25 bitcoins to an address. Of course, calculator a will set this address to the address owned by calculator a to get the 25 bitcoins.
1. Version of block
2. Hash value of the previous block: prev_ Hash
3. The hash tree value of the transaction record to be written: Merkle_ Root
4. Update time: ntime
5. Current difficulty: nbits
the process of mining is to find x to make
sha256 (version + prev)_ hash + merkle_ root + ntime + nbits + x )) < Target
the range of X in the above formula is 0 ~ 2 ^ 32, which can be calculated according to the current difficulty. In addition to x, you can also try to change Merkle_ Root and ntime. Because of the hash feature, finding such an X can only be brute force search
once calculator a finds x, it can broadcast a new block, and other clients will verify whether the block published by calculator a is legal
if the published block is accepted, the first transaction in each block must be to send the newly generated 25 bitcoins to an address. Of course, calculator a will set this address to the address owned by calculator a to get the 25 bitcoins.
9. Sha family
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the following is the pseudo code of SHA-1 algorithm:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & lt; > 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
Sha (secure hash algorithm) is a series of cryptographic hash functions designed by National Security Agency (NSA) and published by National Institute of standards and Technology (NIST). The first member of the family officially named Sha was published in 1993. However, it has now been given an informal name sha-0 to avoid confusion with its successors. Two years later, SHA-1, the successor of the first Sha, was released. There are also four variants that have been released to enhance the scope of output and to change some minor designs: sha-224, SHA-256, sha-384, and sha-512 (sometimes referred to as SHA-2)<
sha-0 and SHA-1
the algorithms originally specified were published in 1993, which are called secure hash standard, FIPS pub 180. This version is now often called & quot; SHA-0" It was withdrawn by NSA soon after its release, and released in 1995 as a revised version of FIPS pub 180-1 (commonly known as & quot; SHA-1") replace. According to NSA, it fixed an error in the original algorithm that would rece password security. However, NSA does not provide any further explanation or proof that the error has been corrected. In 1998, in an attack on sha-0, it was found that this attack was not applicable to SHA-1 - we don't know if this is the error found by NSA, but it may indicate that this correction has improved the security. SHA-1 has been closely examined by the public password community, but it has not been found to be unsafe. It is now considered safe
sha-0 and SHA-1 will generate a 160 bit digest from a message with a maximum size of 2 ^ 64 bits, and then encrypt it based on the similar principle of Ronald L. Rivest, Professor of MIT who designed MD4 and MD5 message digest algorithms<
Cryptanalysis of sha-0
on crypto 98, two French researchers demonstrated an attack on sha-0 (chabaud and joux, 1998): hash collision can be found when the complexity is 2 ^ 61; Less than 2 ^ 80 is an ideal hash function of the same size
in 2004, Biham and Chen discovered the approximate collision of sha-0 - two messages can hash out the same value; In this case, 142 and 160 bits are the same. They also found that sha-0 dropped to 62 bits after 80 full collisions
on August 12, 2004, joux, carribault, lemuet and jalby announced the hash collision of the complete sha-0 algorithm. This is the result of the attack of chabaud and joux. The collision was found to be 2 ^ 51, and it took about 80000 CPU hours to work on a supercomputer with 256 Itanium 2 processors< On August 17, 2004, Wang, Feng, Lai, and Yu announced the preliminary results of attacking MD5, sha-0, and other hash functions at the rump meeting of crypto 2004. Their attack on sha-0 is as complex as 2 ^ 40, which means that their attack results are better than those of joux and others. A brief summary of the rump meeting can be found here, and their discussions in sci.crypt, for example, suggest that people planning to use SHA-1 as a new cryptosystem need to reconsider
longer variants
NIST has released three additional Sha variants, each with a longer message digest. They are named by adding their summary length (in bits) after their original name: & quot; SHA-256", & quot; SHA-384" And & quot; SHA-512" They were published in the draft of FIPS pub 180-2 in 2001, and then passed the review and comments. FIPS pub 180-2, including SHA-1, was released as an official standard in 2002. These new hash functions have not been tested in detail by the public password community like SHA-1, so their password security is not widely trusted. In February 2004, a change notice of FIPS pub 180-2 was issued, and an additional variant was added; SHA-224", The key length required for double key 3DES is defined
Gilbert and handschuh (2003) studied new varieties and found no weaknesses<
shad
shad function is a simple restatement of the same Sha function:
shad-256 (m) = SHA-256 (SHA-256 (m)). It overcomes the problem of extended length attacks
applications
SHA-1, sha-224, SHA-256, sha-384 and sha-512 are all used by the U.S. federal government, which needs secure hash algorithms. They also use other cryptographic algorithms and protocols to protect sensitive unclassified data. FIPS pub 180-1 also encourages private or commercial organizations to use SHA-1 encryption. Fritz chip will probably use SHA-1 hash function to realize digital rights management on personal computers
the first to promote the publication of secure hash algorithm is the combined digital signature standard
Sha hash function has been used as the basis of shacal block cipher algorithm<
description of SHA-1
the following is the pseudo code of SHA-1 algorithm:
(initialize variables:)
A = H0 = 0x67452301
b = H1 = 0xefcdab89
C = h2 = 0x98badcfe
d = H3 = 0x10325476
e = H4 = 0xc3d2e1f0
(pre processing:)
paddedmessage = (message) append 1
while length (paddedmessage) mod 512 & lt; > 448:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): F (B, C, d) = (b XOR C XOR d), k = 0xca62c1d6
e = d
d = C
C = B leftrotate 30
b = a
A = temp
H0 = H0 + a
H1 = H1 + B
h2 = H2 + C
H3 = H3 + d
H4 = H4 + e
digest = hash = H0 append H1 append H2 append H3 append H4
note: FIPS pub 180-1 shows the concept of, The efficiency can be improved by using the following formula:
(0 & lt= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))
Hot content