Blockchain enthusiasts (QQ: 53016353)
Digital currency development uses the elliptic curve algorithm to generate public and private keys, and the secp256k1 curve is selected. The generated public key is a large number of 33 bytes, and the private key is a large number of 32 bytes. The public key and private key are directly stored in the wallet file wallet.dat. The bitcoin address we use when receiving and sending bitcoin is obtained after the public key is processed by the algorithm. The specific process is that the public key is processed by the SHA-256 algorithm to obtain a 32-byte hash result, and then processed by the RIPEMED algorithm. After getting a 20-byte summary result, and then going through the character conversion process to get the address we see. This character conversion process is the same as the character conversion process of the private key. The steps are to first add the version number to the input content (for the public key, it is a 20-byte digest result, and for the private key, it is a large number of 32 bytes). SHA-256 algorithm twice, take the first 4 bytes of the hash result of the second time as the check code and attach it to the back of the input content, and then encode it with Base58 to obtain a string.
Digital currency development What needs to be mentioned here is that Base58 encoding is to make the output string easy to identify, so 4 characters are deliberately excluded from encoding: '0', 'I', 'l', 'O', if you want to generate a For addresses with special affixes, do not include these 4 characters. For example, my ID (walker) cannot be generated.
SHA (Secure Hash Algorithm) is a series of cryptographic hash functions designed by the National Security Agency (NSA) and released by the National Institute of Standards and Technology (NIST), including SHA-1, SHA-224, SHA- 256, SHA-384, and SHA-512 variants. It is mainly applicable to the Digital Signature Algorithm DSA defined in the Digital Signature Standard (DSS). The following takes SHA-1 as an example to introduce the principle of the algorithm for calculating the message digest.
For messages less than 2^64 bits in length, SHA1 produces a 160-bit message digest. When a message is received, this message digest can be used to verify the integrity of the data. During the transmission process, the data is likely to change, so different message digests will be generated at this time.
SHA1 has the following characteristics: information cannot be recovered from message digests; two different messages do not produce the same message digest.
1. Terms and Concepts
(1) Bit, Byte and Word
SHA1 always treats the message as a bit string. In this article, a "word" (Word) is 32 bits, and a "byte" (Byte) is 8 bits. For example, the string "abc" can be converted to a bit string: 01100001 01100010 01100011. It can also be represented as a hexadecimal string: 0x616263.
(2) Operators and Symbols
The following logical operators are applied to "word" (Word)
X^Y = X, Y logical and
X \/ Y = X, Y logical OR
X XOR Y= X, Y logical exclusive OR
~X = X logical inversion
X+Y is defined as follows:
The words X and Y represent two integers x and y, where 0 <= x < 2^32 and 0 <= y < 2^32. Let integer z= (x + y) mod 2^32. Then 0 <= z < 2^32. Convert z to word Z, then Z = X + Y.
Circular left shift operator Sn(X). X is a word, n is an integer, 0<=n<=32. Sn(X)= (X<>32-n)
X< is defined as follows: discard the leftmost n-bit number, move each bit to the left by n bits in turn, and then fill the right n-bit with 0 (the final result is still 32 bits ). X>>n is to discard the n bits on the right, move each bit to the right by n bits in turn, and then fill the n bits on the left with 0. Therefore, it can be called Sn(X) bit cyclic shift operation
. Second, SHA1 algorithm description
In the SHA1 algorithm, we must convert the original message (string, file, etc.) into a bit string. The SHA1 algorithm only accepts bits as input. Suppose we produce a message digest for the string "abc". First, we convert it to a bit string as follows:
01100001 0110001001100011
――――――――――――――
'a'=97 'b'=98'c'=99
The length of this bit string is 24 . Below we need 5 steps to calculate MD5.
(1) Padding The
message must be padding so that the remainder of its length after modulo 512 is 448. That is, (message length after padded) %512 = 448. Even if the length has been satisfied that the remainder after modulo 512 is 448, the fill must be performed.
The filling is done in this way: first add a 1, then add a 0, until the length satisfies the remainder after modulo 512 is 448. All in all, the fill is at least one fill and a maximum of 512 fills. Or take the previous "abc" as an example to show the process of filling.
Original information: 01100001 01100010 01100011
Fill the first step: 0110000101100010 01100011 1
First fill with a "1"
fill the second step: 0110000101100010 01100011 10....0
and then fill in 423 "0"
we can complete the last fill The data is written as the following sample
61626380 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Now , the length of the data is 448, we can perform the next step. (2) Complement length The so-called supplement length is to supplement the length of the original data to the back of the message that has been supplemented. Usually a 64-bit data is used to represent the length of the original message. If the message length is not greater than 2^64, then the first word is 0. After the operation of the replenishment, the entire message becomes the following (16-way format ) 61626380 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000018
If the original message length exceeds 512, we need to make it a multiple of 512. Then we divide the entire message into 512-bit chunks and process each chunk separately to get the message digest.
(3) Constants used A
series of constant words K(0), K(1), ... , K(79), if given in hexadecimal. They are as follows:
Kt = 0x5A827999 (0<= t <= 19)
Kt = 0x6ED9EBA1 (20<= t <= 39)
Kt = 0x8F1BBCDC (40<= t <= 59)
Kt = 0xCA62C1D6 (60<= t <= 79 ).
(4) Functions to be used
We need a series of functions in SHA1. Each function ft (0 <= t <= 79) operates on 32-bit words B, C, D and produces a 32-bit word as output. ft(B,C,D) can be defined as
ft(B,C,D) = (B ANDC) or ((NOT B) AND D) ( 0 <= t <= 19)
ft(B,C,D) = B XOR CXOR D (20 <= t <= 39)
ft(B,C,D) = (B ANDC) or (B AND D) or (C AND D) (40 <= t <= 59)
ft( B,C,D) = B XOR CXOR D (60 <= t <= 79).
(5) Calculate the message digest
The message digest must be computed using the padded and length padded message. The computation requires two buffers, each consisting of 5 32-bit words, and a buffer of 80 32-bit words. The first 5-word buffer is identified as A, B, C, D, E. The second 5-word buffer is identified as H0, H1, H2, H3, H4. The 80-word buffer is identified as W0, W1,..., W79
and a one-word TEMP buffer is required .
To generate the message digest, the 16-word data blocks M1, M2,..., Mn defined in Section 4 are
processed in sequence, and the processing of each data block Mi consists of 80 steps.
Before processing each data block, the buffer {Hi} is initialized to the following values (hex)
H0 = 0x67452301
H1 = 0xEFCDAB89
H2 = 0x98BADCFE
H3 = 0x10325476
H4 = 0xC3D2E1F0.
Now start processing M1, M2,... , Mn. To process Mi, the following steps
(1) are required. Divide Mi into 16 words W0, W1, ... , W15, W0 are the leftmost words
(2). For t = 16 to 79 let Wt = S1( Wt-3 XOR Wt-8XOR Wt- 14 XOR Wt-16).
(3). Let A = H0, B = H1, C = H2, D = H3, E = H4.
(4) For t = 0 to 79 , execute the following loop
TEMP = S5(A) +ft(B,C,D) + E + Wt + Kt;
E = D; D = C; C =S30(B); B = A; A = TEMP;
(5). Let H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4 + E.
After processing all Mn, the message digest is a 160-bit string identifying
H0 H1 H2 H3 H4 in the following order.
For SHA256, SHA384, SHA512. You can also compute message digests in a similar way. The algorithm for padding the message is exactly the same.
3. Has the SHA algorithm been cracked?
On September 10, 2013, Matthew Green, a computer science professor at Johns Hopkins University and a well-known encryption algorithm expert, was asked by the NSA to delete his NSA-related blog about cracking encryption algorithms. At the same time, the blog mirror on the Johns Hopkins University server was also requested to be deleted.
Matt-green
encryption algorithm expert, Johns Hopkins University professor Matthew Green,
but when the reporter asked the university for confirmation, the school said that it had never received a request from the NSA to delete the blog or mirrored material, but the reporter could not URL to find the blog. Fortunately, the blog can be found from Google's cache. The blog mentions that the NSA spends $250 million a year to gain an advantage in deciphering information for itself, and cites a series of shady practices by the NSA.
On-the-nsa
on BitcoinTalk has set off a round of debate: Is SHA-2 safe?
Some of the views that are considered unsafe include: The
NSA made sha-2, we don't trust the NSA, they couldn't have left a back door.
The Prism incident has clearly told us that the government will use all possible means to monitor and decrypt.
While many people will be looking into SHA-2, there is currently no public evidence of a vulnerability. But no disclosure doesn't mean it doesn't, because the person who discovered the vulnerability must be more inclined to keep the secret for their own use, rather than publish it.
Some of the safe points include:
SHA-2 is a widely used algorithm and should have been tested in practice.
America's foes, China and Russia, have many brilliant mathematicians, and if there is a problem, they must have found it.
If it's really not safe, there are too few things in the world that are safe, and I can't live in fear, so I choose to believe in safety.
security