Cryptography series: scrypt algorithm in cryptocurrency

Introduction

In order to resist password cracking, scientists have come up with many methods, such as obfuscation and salting of passwords, and mode transformation and combination of passwords. But these algorithms are gradually defeated by some special-made ASIC processors. These ASIC processors do nothing but specialize in cracking your passwords or performing hash calculations.

The most famous is of course Bitcoin. It uses the criticized POW algorithm. Whoever has high computing power can mine. This has led to the production of a large number of meaningless mining machines. These mining machines can’t do anything. Do it, even if it is used to calculate the hash value. As a result, a lot of electricity was wasted.

Ordinary people don't even want to join this track that only giants can own. If you want to use an ordinary PC to mine, then I guess your chances of mining may be similar to being hit by a meteorite.

In order to resist this CPU-based password encryption method, scientists have invented many other algorithms, such as algorithms that take up a lot of memory. Because memory is not like a CPU that can speed up crazy, it limits many brute-force cracking scenarios. The scrypt algorithm is one of them. This algorithm is applied to many new cryptocurrency mining systems to express the fairness of their mining procedures.

scrypt algorithm

Scrypt is a cryptographic derivation algorithm, which was created by Colin Percival. Using the scrypt algorithm to generate derived keys requires a lot of memory. The scrypt algorithm was released as the RFC 7914 standard in 2016.

The main function of the password derivative algorithm is to generate a series of derivative passwords based on the initialized master password. This algorithm is mainly to resist brute force attacks. By increasing the complexity of password generation, it also increases the difficulty of brute force cracking.

But for the same reason as mentioned above, the previous password-based KDF, such as PBKDF2, although increased the number of traversal of password generation, it uses very little memory space. So it can be easily cracked by a simple ASIC machine. The scrypt algorithm is designed to solve this problem.

Detailed explanation of scrypt algorithm

The scrypt algorithm generates a very large pseudo-random number sequence. This random number sequence will be used in the subsequent key generation process, so generally a RAM is required for storage. This is why the scrypt algorithm requires large memory.

Next, we will analyze the scrypt algorithm in detail. The standard Scrypt algorithm needs to enter 8 parameters, as shown below:

• Passphrase: the input password to be hashed
• Salt: Password-protected salt to prevent rainbow table attacks
• CostFactor (N): CPU/memory cost parameter, must be an exponent of 2 (for example: 1024)
• BlockSizeFactor (r): blocksize parameter
• ParallelizationFactor (p): Parallel parameters
• DesiredKeyLen (dkLen): The length of the output derived key
• hLen: the output length of the hash function
• MFlen: The output length of the Mix function

The output of this function is DerivedKey.

First we need to generate an expensiveSalt. First get the blockSize:

blockSize = 128*BlockSizeFactor 

Then use PBKDF2 to generate p blockSizes, and combine these p blocks into an array:

[B0...Bp−1] = PBKDF2HMAC-SHA256(Passphrase, Salt, 1, blockSize*ParallelizationFactor)

Use ROMix to mix the resulting block:

   for i ← 0 to p-1 do
      Bi ← ROMix(Bi, CostFactor)

Combine B into a new expensiveSalt:

expensiveSalt ← B0∥B1∥B2∥ ... ∥Bp-1

Next, use PBKDF2 and the new salt to generate the final derived key:

return PBKDF2HMAC-SHA256(Passphrase, expensiveSalt, 1, DesiredKeyLen);

The following is the pseudo code of the ROMix function:

Function ROMix(Block, Iterations)

   Create Iterations copies of X
   X ← Block
   for i ← 0 to Iterations−1 do
      Vi ← X
      X ← BlockMix(X)

   for i ← 0 to Iterations−1 do
      j ← Integerify(X) mod Iterations 
      X ← BlockMix(X xor Vj)

   return X

The pseudo code of BlockMix is as follows:

Function BlockMix(B):

    The block B is r 128-byte chunks (which is equivalent of 2r 64-byte chunks)
    r ← Length(B) / 128;

    Treat B as an array of 2r 64-byte chunks
    [B0...B2r-1] ← B

    X ← B2r−1
    for i ← 0 to 2r−1 do
        X ← Salsa20/8(X xor Bi)  // Salsa20/8 hashes from 64-bytes to 64-bytes
        Yi ← X

    return ← Y0∥Y2∥...∥Y2r−2 ∥ Y1∥Y3∥...∥Y2r−1

Use of scrypt

Scrypt is used in many new POW virtual currencies, such as Tenebrix, Litecoin and Dogecoin. Interested friends can look at.

This article has been included in http://www.flydean.com/42-scrypt/

The most popular interpretation, the most profound dry goods, the most concise tutorial, and many tips you don't know are waiting for you to discover!

Welcome to pay attention to my official account: "Program those things", know the technology, know you better!