Difference between revisions of "SHA-1"

From The ECRYPT Hash Function Website
(Message Expansion)
(State Update Transformation)
Line 31: Line 31:
  
 
==== State Update Transformation ====
 
==== State Update Transformation ====
 +
 +
The state update transformation starts from a fixed initial value
 +
''iv'' for 5 32-bit registers <amsmath>$A,B,\dots,E$</amsmath> (also
 +
referred to as state variables) and updates these registers in 80
 +
steps (<amsmath>$i = 0,\dots,79$</amsmath>) by using the word <amsmath>$W_i$</amsmath> and the step
 +
constant <amsmath>$K_i$</amsmath> in step <amsmath>$i$</amsmath>. One step of the state update transformation is defined as
 +
 
<amsmath>
 
<amsmath>
 
\begin{equation*}
 
\begin{equation*}
Line 41: Line 48:
 
\end{aligned}
 
\end{aligned}
 
\end{equation*}
 
\end{equation*}
 +
</amsmath>
 +
 +
The function <amsmath>$f$</amsmath> depends on the step number: steps <amsmath>$i=0,\dots,19$</amsmath> use the ''IF-function'' referred to as <amsmath>$f_{if}$</amsmath> and steps <amsmath>$i = 40,\dots,59$</amsmath> use the ''MAJ-function'' referred to as <amsmath>$f_{maj}$</amsmath>. The
 +
remaining steps, use a 3-input XOR referred to as <amsmath>$f_{xor}$</amsmath>. The Boolean functions are defined as follows:
 +
 +
<amsmath>
 +
\begin{eqnarray*}
 +
f_{if}(B,C,D) &=& (B\wedge C) \oplus (\neg B\wedge D) \\
 +
f_{maj}(B,C,D) &=& (B\wedge C) \oplus (B\wedge D) \oplus (C\wedge D)\\
 +
f_{xor}(B,C,D) &=& B \oplus C \oplus D
 +
\end{eqnarray*}
 
</amsmath>
 
</amsmath>
  

Revision as of 11:47, 12 October 2006

1 General Description

SHA-1 is an iterated hash function. It can be used to compute a 160-bit hash value for messages having a length of less than math bits, cf. FIPS 180-2 Secure Hash Standard. As most iterated hash functions, SHA-1 applies MD strengthening.


1.1 Compression Function

The compression function processes input message blocks of 512 bits and produces a 160-bit chaining value. The compression function of SHA-1 basically consists of two parts: the message expansion and the state update transformation. The chaining variable math (iv in the first iteration) is added to the output of the state update transformation (feed forward).

The SHA-1 compression function

1.1.1 Message Expansion

In SHA-1, the message expansion is defined as follows. A single 512-bit input message block block is represented by 16 32-bit words, denoted by math, with math. The message input is linearly expanded into 80 32-bit words math defined as follows:

math

1.1.2 State Update Transformation

The state update transformation starts from a fixed initial value iv for 5 32-bit registers math (also referred to as state variables) and updates these registers in 80 steps (math) by using the word math and the step constant math in step math. One step of the state update transformation is defined as

math

The function math depends on the step number: steps math use the IF-function referred to as math and steps math use the MAJ-function referred to as math. The remaining steps, use a 3-input XOR referred to as math. The Boolean functions are defined as follows:

math

1.2 Padding Method

1.3 Constantsand Initial Value

1.3.1 Constants

math

1.3.2 Initial Value

math

2 Claimed/Expected Security Margins

3 Security Anaylsis

  • Best know attack: math by Wang et.al.
  • Best known collision example: 64-step collision by De Canniere and Rechberger

something like: best know attack to date: kind of attack, which variant has been looked at (e.g. round-reduced), complexity, and reference to paper and abstract.

may be make here a new page with the other cryptanalysis results.