Cryptography series: NIST and SHA algorithms

Introduction

Everyone should be familiar with the SHA algorithm. It is an algorithm used to calculate the hash. The current SHA algorithm includes SHA1, SHA2 and SHA3. These three algorithms are all formulated by the United States NIST.

The full name of NIST is the National Institute of Standards and Technology of the United States, mainly to develop various standards.

This article will explain the relationship between NIST and SHA various algorithms.

SHA1

In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that accepts an input and generates a 160-bit (20-byte) hash value, called a message digest.

Let's first look at the SHA1 encryption flow chart:

<img src="https://img-blog.csdnimg.cn/20210403200253300.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_0,text_aHR0cDovL3d3dy5mbHlkZWFuLmNvbQ==,size_25,color_8F8F8F,t_70" style="zoom:67%;" />

The above A, B, C, D, and E are all 32 bits of state.

F is a non-linear function.

<<< means that the amount is a left shift operation, and the red plus sign means addition and then modulo ³²

The SHA1 algorithm is very simple. After 2005, SHA1 was considered insecure. As of 2010, many organizations recommended replacing SHA-1.

NIST formally abolished the use of SHA-1 in 2011 and did not allow it to be used for digital signatures in 2013.

All major web browser vendors stopped accepting SHA-1 SSL certificates in 2017.

SHA2

SHA-2 (Secure Hash Algorithm 2) is also a set of cryptographic hash functions designed by the National Security Agency (NSA). It was first announced in 2001. They use the Merkle-Damgård structure.

Compared with SHA-1, SHA-2 includes major changes. The SHA-2 series contains six hash functions, namely SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.

Let's look at the algorithm flow of SHA2:

<img src="https://img-blog.csdnimg.cn/20210403220300178.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_0,text_aHR0cDovL3d3dy5mbHlkZWFuLmNvbQ==,size_25,color_8F8F8F,t_70" style="zoom:67%;" />

Let's see what these functions mean:

SHA3

In 2006, NIST organized the NIST hash function competition to create a new hash standard SHA-3. SHA-3 is not intended to replace SHA-2, because there is currently no proof of a major attack on SHA-2. However, due to the successful attacks of MD5, SHA-0, and SHA-1, NIST believes that an alternative and different cryptographic hash is needed, which is SHA-3.

In this competition, the Keccak algorithm finally won and was selected as the SHA3 standard.

The SHA3 algorithm is based on the sponge structure. Let’s take a look at the working principle of the sponge structure:

This function is divided into two parts, the left part is called the absorption part, and the right part is called the output part. One sucks and the other sucks, like a sponge, so it is called a sponge function.

P represents the input string, and Z represents the output string.

A sponge function consists of three parts, namely state, function f and padding function.

The state is the r+c part of the above figure, r is called Bitrate , and c is called Capacity .

P is divided into n parts, and each part will be XORed with Bitrate. If the length of P is not an integer multiple of Bitrate, it needs to be filled with the Pad function.

In each round, the result of the XOR operation between Bitrate and P is taken as the latest Bitrate, and then a new state is generated, and then this state is replaced by f(state).

The function f is a mapping from n {0,1} to n {0,1}.

It goes on one round after another until all P's are involved in the calculation.

The output part is to perform the f operation on the final generated state, and each operation takes the Bitrate part as the output to obtain the final output.

This article has been included in http://www.flydean.com/sha1-2-3/

> most popular interpretation, the most profound dry goods, the most concise tutorial, and many tricks you don't know are waiting for you to discover!

> Welcome to pay attention to my official account: "programs and things", know technology, know you better!