Difference between revisions of "SHA-1"

From The ECRYPT Hash Function Website
(General Description)
(Compression Function)
Line 12: Line 12:
 
SHA-1 basically consists of two parts: the message expansion and
 
SHA-1 basically consists of two parts: the message expansion and
 
the state update transformation. The chaining variable <amsmath>$h_{i-1}$</amsmath> (''iv'' in the first iteration) is added to the output of the state update transformation (feed forward). This is graphically
 
the state update transformation. The chaining variable <amsmath>$h_{i-1}$</amsmath> (''iv'' in the first iteration) is added to the output of the state update transformation (feed forward). This is graphically
illustrated in <!-- \nh{Figure}~\ref{fig:SHA1CompressionFunction}--!>.  
+
illustrated in.  
  
 
[[image:SHA1CompressionFunction.png|right|thumb|250px|The SHA-1 compression function]]
 
[[image:SHA1CompressionFunction.png|right|thumb|250px|The SHA-1 compression function]]

Revision as of 09:30, 12 October 2006

1 General Description

SHA-1 is an iterated hash function. It can be used to compute a 160-bit hash value for messages having a length of less than math bits, cf. FIPS 180-2 Secure Hash Standard. As most iterated hash functions, SHA-1 applies MD strengthening.


1.1 Compression Function

The compression function processes input message blocks of 512 bits and produces a 160-bit chaining value. The compression function of SHA-1 basically consists of two parts: the message expansion and the state update transformation. The chaining variable math (iv in the first iteration) is added to the output of the state update transformation (feed forward). This is graphically illustrated in.

File:SHA1CompressionFunction.png
The SHA-1 compression function

1.1.1 Message Expansion

The message expansion is defined as follows:

math


1.1.2 State Update Transformation

math

1.2 Padding Method

1.3 Constantsand Initial Value

1.3.1 Constants

math

1.3.2 Initial Value

math

2 Claimed/Expected Security Margins

3 Security Anaylsis

  • Best know attack: math by Wang et.al.
  • Best known collision example: 64-step collision by De Canniere and Rechberger

something like: best know attack to date: kind of attack, which variant has been looked at (e.g. round-reduced), complexity, and reference to paper and abstract.

may be make here a new page with the other cryptanalysis results.