SHA1 algorithm principle

A SHA1 and MD5 differences

SHA1 the process of preprocessing and MD5 of arbitrary length plaintext is the same, that is, after the completion of the clear text length is 512-bit integer multiples, but there is a difference, that is SHA1 the original message length can not exceed 2 64, and then SHA1 generate 160-bit message digest. The SHA1 algorithm is simple and compact and easy to implement on the computer.

Table 8-2-1 lists the differences between the MD5 and the SHA1. Let's give a brief description of the differences according to the characteristics.

Table 8-2-1 Comparison of MD5 and SHA1

Difference Place	MD5	SHA1
Summary length	128 Guests	160 guests
Number of operation steps	64	80
Number of basic logical functions	4	4
Number of constants	64	4

Security: SHA1 produces a digest that is 32 bits longer than the MD5. If there are no structural problems with the two hashing functions, SHA1 is more secure than MD5.

Speed: Both methods are primarily concerned with the 32-bit processor-based system architecture. But SHA1 's operation steps are 16 steps more than MD5, and the length of the SHA1 record unit is 32 more than MD5. So if you implement SHA1 with hardware, it's about 25% slower than MD5.

Simplicity: Both methods are fairly simple and do not require very complex programs or large amounts of storage space for implementation. Overall, however, SHA1 's description of each step is simpler than MD5.

Two SHA1 Hashing Algorithm Flow

For arbitrary-length plaintext, SHA1 first groups them so that each group has a length of 512 bits, and then repeats the text packets over and over again.

The summary generation process for each clear text group is as follows:

(1) The 512-bit clear text grouping is divided into 16 sub-plaintext groupings, each of which is grouped into 32 bits.

(2) Apply for 5 32-bit link variables, recorded as a, B, C, D, E.

(3) 16 copies of the sub-plaintext group expanded to 80 copies.

(4) 80 copies of the sub-plaintext groupings for 4-round operations.

(5) The link variable is summed with the initial link variable.

(6) The link variable is repeated as input to the next plaintext group.

(7) Finally, the data inside the 5 link variables is the SHA1 digest.

Three SHA1 The grouping process

For arbitrary-length plaintext, SHA1 's clear-text grouping process is similar to MD5, where you first need to add a number of bits to the clear text, making the total length of the plaintext 448 (mod512) bits. The way to add bits after clear text is that the first add bit is L and the rest is 0. Then the length of the true clear text (without adding a bit of the previous clear text length) is represented by 64 bits, appended to the previously added bit of plaintext, at which time the clear text length is exactly a multiple of 512 bits. Unlike the MD5, the SHA1 's original message length cannot exceed 2 64, and the plaintext length of the SHA1 is filled from the low.

After the addition of the number of bits processed by the plaintext, its length is exactly 512-bit integer times, and then by 512 bits of the length of grouping (block), can be divided into the L-part of the plaintext group, we use Y0,y1, ... YL-1 represents these plaintext groupings. For each clear-text grouping, repeat the repeated processing, which is the same as MD5.

For 512-bit clear text groupings, SHA1 divides it into 16 sub-plaintext groupings (Sub-block), each with a 32-bit plaintext group, and we use M[k] (k= 0, 1,...... 15) to represent these 16 sub-plaintext groupings. We will then expand the 16 sub-plaintext groupings to 80 sub-plaintext groupings, which we remember as W[k] (k= 0, 1,...... 79), the method of expansion is as follows.

W t = M T, when 0≤t≤15

W t = (w t-3⊕w t-8⊕w t-14⊕w t-16) <<< 1, when 16≤t≤79

The SHA1 has a 4-round operation, each of which consists of 20 steps (80 steps), and a 160-bit summary is generated, which is stored in 160 5-bit link variables labeled A, B, C, D, E, respectively. The initial values of these 5 link variables are expressed as 16 binary bits as follows.

a=0x67452301

B=0xefcdab89

C=0x98badcfe

d=0x10325476

E=0xc3d2e1f0

Four SHA1 4-round operation

SHA1 has 4 rounds of operations, each of which consists of 20 steps, a total of 80 step, when the 1th step in the 1th round operation begins processing, the values in a, B, C, D, E Five link variables are first assigned to another 5 record unit a′,b′,c′,d′,e′. These 5 values are reserved for summing with the link variable a,b,c,d,e after the last step of the 4th round is complete.

SHA1 4-round operation, a total of 80 steps use the same operating procedure, as follows:

a,b,c,d,e←[(a<<<5) + ft (b,c,d) +e+wt+kt],a, (b<<<30), c,d

where ft (b,c,d) is a logical function and WT is a sub-plaintext group w[t],kt is a fixed constant. The meaning of this operating procedure is:

Assigns the result of [(a<<<5) + ft (b,c,d) +e+wt+kt] to the link variable A;

Assigns the link variable a initial value to the link variable B;

The link variable b initial value loop left 30 bits assigned to the link variable C;

Assigns the link variable c initial value to the link variable D;

Assigns the link variable D initial value to the link variable E.

SHA1 specifies that the logical function of the 4-round operation is shown in table 8-2-2.

Table 8-2-2 logical functions of SHA1

steps

ft (b,c,d) =b⊕c⊕d

TD width= ">

wheel	step	function definition	round	function definition
1	0≤t≤19	ft (b,c,d) = (B. C) V (~b D)	3	40≤t≤59	< P class= "a" >ft (b,c,d) = (B. C) V (b. D) V (C. D)
2	20≤t≤39	4	60≤t≤79	ft (b,c,d) =b⊕c⊕d

You need to use the fixed constant Ki (i= 0,1,2, ...) in the operating procedure. ), the value of Ki is shown in table 8-2-3:

Table 8-2-3 SHA1 constant k table of values

steps

TD width= ">

wheel	step	function definition	round	function definition
1	0≤t≤19	K t= 5a827999	3	40≤t≤59	K t=8f188cdc
2	20≤t≤39	K t=6ed9eba1	4	60≤t≤79	K T=ca62c1d6

We also give an example of how each step of the SHA1 hashing algorithm is carried out, compared to the MD5 algorithm, SHA1 is relatively simple, assuming w[1]=0x12345678, at this time the value of the link variable is a=0x67452301, b=0xefcdab89, c= 0x98badcfe, d=0x10325476, e=0xc3d2e1f0, then the 1th round of the 1th step is the following operation process.

(1) The link variable A is cycled to the left 5 bits, resulting in: 0xe8a4602c.

(2) Pass the B,C,D through the corresponding logical function:

(b&c) | (~b&d) = (0XEFCDAB89&0X98BADCFE) | (~0xefcdab89&0x10325476) =0x98badcfe

(3) Add the results of step (1), Step (2) to e,w[1], and k[1]:

0xe8a4602c+0x98badcfe+0xc3d2e1f0+0x12345678+0x5a827999=0xb1e8ef2b

(4) Move the B-loop to the left 30: (b<<<30) =0x7bf36ae2.

(5) The 3rd step result is assigned to A,a (here is the original value of a) assigned to B, the result of step 4 is assigned to the original value of C,c assigned to the original value of D,d assigned to E.

(6) Finally, the results of the 1th round 1th step were obtained:

A = 0xb1e8ef2b

B = 0x67452301

C = 0x7bf36ae2

D = 0x98badcfe

E = 0x10325476

In this way, the 80 steps are completed.

The a,b,c,d,e output of the last step of the fourth round will be summed with the values in the a′,b′,c′,d′,e′ of the recording unit respectively. The result will be as input the next 512-bit clear-text grouping of the link variable a,b,c,d,e, when the last clear text grouping calculation is completed, the data in A,b,c,d,e is the last hash function value.

SHA1 algorithm principle