|
Title: Question regarding the Initialization vector of the bitcoin protocol Post by: alesske on May 01, 2014, 03:29:51 PM Hello everyone,
I'm doing a research project regarding bitcoins for school and everything is going pretty good except for one thing. While researching the bitcoin protocol i found this image: http://www.i-programmer.info/images/stories/News/2013/Nov/B/bitcoinhash.jpg There is one problem i've run into however. I don't fully understand the Initialization vector field (IV). How is this value generated? Is it generated by the SHA-256 algorithm? Or in a different way? I assume this value needs to be fixed and public because otherwise people can't redo the calculation to check their hash. Thanks in advance. Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: telepatheic on May 01, 2014, 04:00:16 PM This image is sort of showing how to perform the SHA256 algorithm. You can read about how this works on wikipedia http://en.wikipedia.org/wiki/SHA-2#Pseudocode
The initial values are a pre-determined set of bits which are "the first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19" Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: TierNolan on May 01, 2014, 04:05:52 PM The problem is that the sha algorithm works in 64 byte "chunks". Since the header is 80 bytes, 2 chunks are needed. The hash of the first stage is used as the IV for the 2nd.
As the link shows, the hash function has a defined initialization state. In order to prove that the IV doesn't have secret properties, it uses the first 8 prime numbers. The square root of each prime is calculated and the first 4 bytes after the decimal point are extracted. That gives 8 32 bit numbers, or 256 bits for the IV. They also do the same with cubed roots of the first 64 primes to compute other parameters. Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: jonald_fyookball on May 01, 2014, 05:02:41 PM In order to prove that the IV doesn't have secret properties, it uses the first 8 prime numbers. This is informative. Useful knowledge to have whenever the security of the cryptography comes into question. Thanks. Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: telepatheic on May 01, 2014, 06:05:42 PM Quote Useful knowledge to have whenever the security of the cryptography comes into question. Note that SHA256 has never been mathematically proven to be secure. Experts have analysed SHA256 and deemed it be secure but they haven't proven that attacks on it aren't possible. Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: jonald_fyookball on May 01, 2014, 06:08:28 PM Quote Useful knowledge to have whenever the security of the cryptography comes into question. Note that SHA256 has never been mathematically proven to be secure. Experts have analysed SHA256 and deemed it be secure but they haven't proven that attacks on it aren't possible. Has any cryptographic hash function been mathematically proven to be secure? Title: Re: Question regarding the Initialization vector of the bitcoin protocol Post by: telepatheic on May 01, 2014, 06:40:18 PM Quote Has any cryptographic hash function been mathematically proven to be secure? Sort of, see http://en.wikipedia.org/wiki/Security_of_cryptographic_hash_functions#More_practical_provably_secure_hash_functions They have not been proven to be absolutely secure, but they can be proven to be at least as difficult to find collisions as certain well studied non-deterministic polynomial time problems. Unfortunately these problems haven't been proven to not be polynomial time problems. (The classic million dollar (quite literally) NP = P problem) |
