Cryptography Reference
In-Depth Information
Algorithm 8.10
The SHA-1 hash function (overview).
(
m
=
m
0
m
1
...m
s−
1
)
Construct
M
=
M
[0]
M
[1]
...M
[
N −
1]
A ←
0x67452301
B ←
0xEFCDAB89
C ←
0x98BADCFE
D ←
0x10325476
E ←
0xC3D2E1F0
for
i
=0to
N
do
Prepare the message schedule
W
A
← A
B
← B
C
← C
D
← D
E
← E
for
t
=0to 79 do
T ←
(
A ←
5) +
f
t
(
B, C, D
)+
E
+
K
t
+
W
t
E ← D
D ← C
C
←
B
←
30
B
←
A
A
←
T
A
+
A
A
←
B
+
B
C ← C
+
C
D ← D
+
D
E ← E
+
E
(
h
(
m
)=
A B C D E
)
B
←
looks more like an art than a science. For example, finding collisions in such
functions has recently become a very active area of research (e.g., [18]). Remember
from Section 8.3 that collisions were recently found for MD4, MD5, and some other
cryptographic hash functions. Also, as this topic went to press, a group of Chinese
researchers claimed to have found an attack that requires only 2
69
(instead of 2
80
)
hash operations to find a collision in SHA-1.
18
As of this writing, there are hardly any design criteria that can be used to
design and come up with new compression functions (for cryptographic hash func-
tions that follow the Merkle-Damgard construction) or entirely new cryptographic
hash functions. This lack of design criteria is somehow in contrast to the relative
importance of cryptographic hash functions in almost all cryptographic systems
and applications. Consequently, an interesting and challenging area of research and
18
http://theory.csail.mit.edu/
∼
yiqun/shanote.pdf
