Download
sha 1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
SHA-1 PowerPoint Presentation

SHA-1

221 Vues Download Presentation
Télécharger la présentation

SHA-1

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SHA-1 Team TDB Members: Anthony Knopp Zach Langley

  2. Overview • SHA-1 is a cryptographic hash function designed by the NSA and published by the NIST as a U.S Federal standard. • It is a Merkle-Damgard construction, 160 bit digest size hash that performs 80 rounds. • The spec was first published in 1995, two years after SHA-0. • In 2005 SHA-1 was proven to be “broken” and various weaknesses were found in the hash function. No collisions were found but the running time to find one was proven to be much smaller than brute force.

  3. Padding • SHA-1 pads data in the following way: • 1) Append the bitstring 10000…000 to the message (the amount of 0’s depends on the original message length) • 2) The last two words in the message are set to be the amount of bits in the original message • E.g., “hello” after padding becomes:68656c6c 6f800000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000 00000000 00000028

  4. Round Function Constants: A0= 67452301 B0= EFCDAB89 C0= 98BADCFE D0= 10325476 E0= C3D2E1F0 K0..19= 5A827999 K20..39= 6ED9EBA1 K40..59= 8F1BBCDC K60..79= CA62C1D6

  5. Original Design • Original Algorithm: We originally stored the words to hash as a circular queue of sixteen 32-bit words, and used bitwise operations to compute hash • Took advantage of Merkle-Damgård construction by using an append(byte) method, which would hash the data as it filled up

  6. Original Runtime Measurements time java –XintSHATest test.txt time java –XintSHATestBulk 500000

  7. Original Profile(File)

  8. Original Profile(Bulk Encryptions)

  9. Original Analysis • Offending lines: • data = new int[16]; • inttemp = circularShift(a, 5) + f(t, b, c, d) + e + data[s] + k[t/20]; • if (t < 20) • for (intt = 0; t <= 79; t++) { • c= circularShift(b, 30); • data[s] = circularShift(data[s], 1); • return (x << n) | (x >>> (32 - n)); • if (bytes >= 4 * data.length)

  10. Revised Design • Unrolled loop • Operated on an array of 80 words, instead of masking with 16 • In-lined all functions and constants • Used 5 chaining values instead of an array

  11. Revised Design Runtime time java –XintSHATestOptimized test.txt time java –XintSHATestBulkOptimized 1000000

  12. Revised Design Profile (file)

  13. Revised Design Profile(Bulk Encryptions)

  14. Revised Analysis • Offending lines: • String ret = Hex.toString(chain0) + Hex.toString(chain1)+ Hex.toString(chain2) + Hex.toString(chain3) + Hex.toString(chain4); • data[bytes >> 2] = (data[bytes >> 2] << 8) | (b & 0xff);

  15. What We Learned • We learned that the government spec for SHA-1 is very thorough in its description and implementation of SHA-1. The implementation didn’t pose much trouble. • We learned that really trying to trim down run time can be a pain and requires a lot of trial and error. • You can have an idea of what will reduce runtime but it turns out it doesn’t really help at all and sometimes makes it worse.

  16. Possible Future Work • There’s not much future work when it comes to implementing the algorithm. It would be interesting to implement the algorithm in another language and compare the running times between Java and the other language. • Future work could also include attempting to implement some of the attacks against SHA-1 and see if we can find some collisions on smaller amounts of rounds.