Java 學習之路
比特幣挖礦的背後 -- SHA 與雜湊現金
比特幣的技術最近筆者想瞭解比特幣的運作原理,於是找來比特幣的發明人「中本聰」的 Bitcoin 論文,研讀了一番,該論文可在「比特幣的官方網站」上看到,網址如下: 研讀了該論文之後,筆者寫了一篇「介紹比特幣運作原理」的文章,打算放在 2014 年 1 月 1 日出刊的「程式人雜誌」當中,目前該文暫時還在筆者的 dropbox 帳號內公開,連結如下: 雜湊現金寫完「比特幣 (Bit Coin) 的運作原理」這篇文章之後,筆者發現比特幣裏最關鍵的技術是一種稱為「雜湊現金」(hashcash) 的技術,這種技術其實與金錢沒什麼關係,而是與 CPU 計算出某個雜湊值所需要花的時間有關係。1997 年,Adam Back 提出了雜湊現金的技術,後來這個技術逐漸展現強大的用途,於是 Adam Back 於 2002 年又寫了一篇介紹「雜湊現金與其應用」的論文如下: 要瞭解這種雜湊現金技術,必須先瞭解「單向雜湊函數」的概念,所謂的單向雜湊函數 (One Way Hash Function),就像是一般資料結構中建立雜湊表 (Hash Table) 時,用來計算雜湊值 (Hash Value) 的那種函數。只是該雜湊函數還具有很難逆向破解的特性,也就是給定雜湊值時很難反向計算出原文的特性,因此稱為「(單向) 雜湊函數」。 雜湊現金的機制,不只被用在「比特幣的挖礦」上面,也可以用來進行「垃圾郵件過濾」,以下文章就說明了如何用「雜湊現金」的機制來打擊垃圾郵件。 想要瞭解「雜湊現金」機制是如何運作的,比需先瞭解一個密碼學上的技術,那就是「單向雜湊函數」。 單向雜湊函數在密碼學領域,最常被使用的「單向雜湊函數」有 MD5, SHA-1, SHA-2 等函數,MD5 的雜湊值長度為 128 位元,雖然廣為使用,但長度不夠,而且比較容易破解,因此現在已經不夠安全了。SHA-1 的摘要長度為 160位元,比 MD5 更安全一些,但最近也有些方法可以在大約在 2 的 60 次方計算後破解,因此美國國家安全局(NSA)與美國國家標準與技術研究院(NIST)又設計出了一些更複雜的 SHA-2 家族算法,SHA-2 包含 224, 256, 384, 512 等四種長度的雜湊值算法,SHA-2 會比 SHA-1 更安全一些。 在本文中,我們將示範如何用 SHA-1 函數來實現雜湊現金的機制,因此我們尋找到了一個開放原始碼的 C 語言 SHA-1 程式,其網址與內容如下: 網址: http://oauth.googlecode.com/svn../code/c/liboauth/src/sha1.c 檔案:sha1.c /* This code is public-domain - it is based on libcrypt
* placed in the public domain by Wei Dai and other contributors.
*/
// gcc -Wall -DSHA1TEST -o sha1test sha1.c && ./sha1test
#include <stdint.h>
#include <string.h>
#include <stdio.h>
/* header */
#define HASH_LENGTH 20
#define BLOCK_LENGTH 64
union _buffer {
uint8_t b[BLOCK_LENGTH];
uint32_t w[BLOCK_LENGTH/4];
};
union _state {
uint8_t b[HASH_LENGTH];
uint32_t w[HASH_LENGTH/4];
};
typedef struct sha1nfo {
union _buffer buffer;
uint8_t bufferOffset;
union _state state;
uint32_t byteCount;
uint8_t keyBuffer[BLOCK_LENGTH];
uint8_t innerHash[HASH_LENGTH];
} sha1nfo;
/* public API - prototypes - TODO: doxygen*/
void sha1_init(sha1nfo *s);
void sha1_writebyte(sha1nfo *s, uint8_t data);
void sha1_write(sha1nfo *s, const char *data, size_t len);
uint8_t* sha1_result(sha1nfo *s);
void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength);
uint8_t* sha1_resultHmac(sha1nfo *s);
/* code */
#define SHA1_K0 0x5a827999
#define SHA1_K20 0x6ed9eba1
#define SHA1_K40 0x8f1bbcdc
#define SHA1_K60 0xca62c1d6
const uint8_t sha1InitState[] = {
0x01,0x23,0x45,0x67, // H0
0x89,0xab,0xcd,0xef, // H1
0xfe,0xdc,0xba,0x98, // H2
0x76,0x54,0x32,0x10, // H3
0xf0,0xe1,0xd2,0xc3 // H4
};
void sha1_init(sha1nfo *s) {
memcpy(s->state.b,sha1InitState,HASH_LENGTH);
s->byteCount = 0;
s->bufferOffset = 0;
}
uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
return ((number << bits) | (number >> (32-bits)));
}
void sha1_hashBlock(sha1nfo *s) {
uint8_t i;
uint32_t a,b,c,d,e,t;
a=s->state.w[0];
b=s->state.w[1];
c=s->state.w[2];
d=s->state.w[3];
e=s->state.w[4];
for (i=0; i<80; i++) {
if (i>=16) {
t = s->buffer.w[(i+13)&15] ^ s->buffer.w[(i+8)&15] ^ s->buffer.w[(i+2)&15] ^ s->buffer.w[i&15];
s->buffer.w[i&15] = sha1_rol32(t,1);
}
if (i<20) {
t = (d ^ (b & (c ^ d))) + SHA1_K0;
} else if (i<40) {
t = (b ^ c ^ d) + SHA1_K20;
} else if (i<60) {
t = ((b & c) | (d & (b | c))) + SHA1_K40;
} else {
t = (b ^ c ^ d) + SHA1_K60;
}
t+=sha1_rol32(a,5) + e + s->buffer.w[i&15];
e=d;
d=c;
c=sha1_rol32(b,30);
b=a;
a=t;
}
s->state.w[0] += a;
s->state.w[1] += b;
s->state.w[2] += c;
s->state.w[3] += d;
s->state.w[4] += e;
}
void sha1_addUncounted(sha1nfo *s, uint8_t data) {
s->buffer.b[s->bufferOffset ^ 3] = data;
s->bufferOffset++;
if (s->bufferOffset == BLOCK_LENGTH) {
sha1_hashBlock(s);
s->bufferOffset = 0;
}
}
void sha1_writebyte(sha1nfo *s, uint8_t data) {
++s->byteCount;
sha1_addUncounted(s, data);
}
void sha1_write(sha1nfo *s, const char *data, size_t len) {
for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
}
void sha1_pad(sha1nfo *s) {
// Implement SHA-1 padding (fips180-2, 5.1.1)
// Pad with 0x80 followed by 0x00 until the end of the block
sha1_addUncounted(s, 0x80);
while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);
// Append length in the last 8 bytes
sha1_addUncounted(s, 0); // We're only using 32 bit lengths
sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
sha1_addUncounted(s, 0); // So zero pad the top bits
sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
sha1_addUncounted(s, s->byteCount >> 13); // byte.
sha1_addUncounted(s, s->byteCount >> 5);
sha1_addUncounted(s, s->byteCount << 3);
}
uint8_t* sha1_result(sha1nfo *s) {
int i;
// Pad to complete the last block
sha1_pad(s);
// Swap byte order back
for (i=0; i<5; i++) {
uint32_t a,b;
a=s->state.w[i];
b=a<<24;
b|=(a<<8) & 0x00ff0000;
b|=(a>>8) & 0x0000ff00;
b|=a>>24;
s->state.w[i]=b;
}
// Return pointer to hash (20 characters)
return s->state.b;
}
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength) {
uint8_t i;
memset(s->keyBuffer, 0, BLOCK_LENGTH);
if (keyLength > BLOCK_LENGTH) {
// Hash long keys
sha1_init(s);
for (;keyLength--;) sha1_writebyte(s, *key++);
memcpy(s->keyBuffer, sha1_result(s), HASH_LENGTH);
} else {
// Block length keys are used as is
memcpy(s->keyBuffer, key, keyLength);
}
// Start inner hash
sha1_init(s);
for (i=0; i<BLOCK_LENGTH; i++) {
sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_IPAD);
}
}
uint8_t* sha1_resultHmac(sha1nfo *s) {
uint8_t i;
// Complete inner hash
memcpy(s->innerHash,sha1_result(s),HASH_LENGTH);
// Calculate outer hash
sha1_init(s);
for (i=0; i<BLOCK_LENGTH; i++) sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_OPAD);
for (i=0; i<HASH_LENGTH; i++) sha1_writebyte(s, s->innerHash[i]);
return sha1_result(s);
}
void printHash(uint8_t* hash) {
int i;
for (i=0; i<20; i++) {
printf("%02x", hash[i]);
}
printf("\n");
}
/* self-test */
#if SHA1TEST
uint8_t hmacKey1[]={
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,
0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f
};
uint8_t hmacKey2[]={
0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f,
0x40,0x41,0x42,0x43
};
uint8_t hmacKey3[]={
0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,
0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,
0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
0xb0,0xb1,0xb2,0xb3
};
uint8_t hmacKey4[]={
0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,
0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0
};
int main (int argc, char **argv) {
uint32_t a;
sha1nfo s;
// SHA tests
printf("Test: FIPS 180-2 C.1 and RFC3174 7.3 TEST1\n");
printf("Expect:a9993e364706816aba3e25717850c26c9cd0d89d\n");
printf("Result:");
sha1_init(&s);
sha1_write(&s, "abc", 3);
printHash(sha1_result(&s));
printf("\n\n");
printf("Test: FIPS 180-2 C.2 and RFC3174 7.3 TEST2\n");
printf("Expect:84983e441c3bd26ebaae4aa1f95129e5e54670f1\n");
printf("Result:");
sha1_init(&s);
sha1_write(&s, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56);
printHash(sha1_result(&s));
printf("\n\n");
printf("Test: RFC3174 7.3 TEST4\n");
printf("Expect:dea356a2cddd90c7a7ecedc5ebb563934f460452\n");
printf("Result:");
sha1_init(&s);
for (a=0; a<80; a++) sha1_write(&s, "01234567", 8);
printHash(sha1_result(&s));
printf("\n\n");
// HMAC tests
printf("Test: FIPS 198a A.1\n");
printf("Expect:4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a\n");
printf("Result:");
sha1_initHmac(&s, hmacKey1, 64);
sha1_write(&s, "Sample #1",9);
printHash(sha1_resultHmac(&s));
printf("\n\n");
printf("Test: FIPS 198a A.2\n");
printf("Expect:0922d3405faa3d194f82a45830737d5cc6c75d24\n");
printf("Result:");
sha1_initHmac(&s, hmacKey2, 20);
sha1_write(&s, "Sample #2", 9);
printHash(sha1_resultHmac(&s));
printf("\n\n");
printf("Test: FIPS 198a A.3\n");
printf("Expect:bcf41eab8bb2d802f3d05caf7cb092ecf8d1a3aa\n");
printf("Result:");
sha1_initHmac(&s, hmacKey3,100);
sha1_write(&s, "Sample #3", 9);
printHash(sha1_resultHmac(&s));
printf("\n\n");
printf("Test: FIPS 198a A.4\n");
printf("Expect:9ea886efe268dbecce420c7524df32e0751a2a26\n");
printf("Result:");
sha1_initHmac(&s, hmacKey4,49);
sha1_write(&s, "Sample #4", 9);
printHash(sha1_resultHmac(&s));
printf("\n\n");
// Long tests
printf("Test: FIPS 180-2 C.3 and RFC3174 7.3 TEST3\n");
printf("Expect:34aa973cd4c4daa4f61eeb2bdbad27316534016f\n");
printf("Result:");
sha1_init(&s);
for (a=0; a<1000000; a++) sha1_writebyte(&s, 'a');
printHash(sha1_result(&s));
return 0;
}
#endif /* self-test */
上述程式有個測試主程式,若你定義 SHA1TEST 這個符號時,就會連同主程式一起編譯,該主程式顯然是在測試一些 「SHA-1標準」所提供的測試案例,以下是該測試主程式的執行結果: D:\Dropbox\Public\web\codedata\code\sha1>gcc -Wall -DSHA1TEST -o sha1test sha1.c D:\Dropbox\Public\web\codedata\code\sha1>sha1test Test: FIPS 180-2 C.1 and RFC3174 7.3 TEST1 Expect:a9993e364706816aba3e25717850c26c9cd0d89d Result:a9993e364706816aba3e25717850c26c9cd0d89d Test: FIPS 180-2 C.2 and RFC3174 7.3 TEST2 Expect:84983e441c3bd26ebaae4aa1f95129e5e54670f1 Result:84983e441c3bd26ebaae4aa1f95129e5e54670f1 Test: RFC3174 7.3 TEST4 Expect:dea356a2cddd90c7a7ecedc5ebb563934f460452 Result:dea356a2cddd90c7a7ecedc5ebb563934f460452 Test: FIPS 198a A.1 Expect:4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a Result:4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a Test: FIPS 198a A.2 Expect:0922d3405faa3d194f82a45830737d5cc6c75d24 Result:0922d3405faa3d194f82a45830737d5cc6c75d24 Test: FIPS 198a A.3 Expect:bcf41eab8bb2d802f3d05caf7cb092ecf8d1a3aa Result:bcf41eab8bb2d802f3d05caf7cb092ecf8d1a3aa Test: FIPS 198a A.4 Expect:9ea886efe268dbecce420c7524df32e0751a2a26 Result:9ea886efe268dbecce420c7524df32e0751a2a26 Test: FIPS 180-2 C.3 and RFC3174 7.3 TEST3 Expect:34aa973cd4c4daa4f61eeb2bdbad27316534016f Result:34aa973cd4c4daa4f61eeb2bdbad27316534016f 使用 SHA-1 實做雜湊現金機制有了上述的 SHA-1 雜湊函數程式之後,我們就可以來實作「雜湊現金」(hashcash) 系統了。 在以下程式中,主程式會從零開始一直向上調整 nonce 的值,直到找到一個 nonce 可以產生 24 bit (或說 3 個 byte 或 6 個十六進位值) 以上的前導零,才會停止程式並輸出該包含 nonce 的文件與雜湊摘要值。 檔案:hashcash.c #include <stdio.h>
#include <limits.h>
#include "sha1.c"
void printNow() { // 印出目前時間
time_t now = time(NULL);
struct tm *tmNow = (struct tm*) localtime(&now);
printf ("Current local time and date: %s", asctime(tmNow));
}
int main (int argc, char **argv) {
sha1nfo s; // 呼叫 SHA-1 函數所需要的資料結構。
char msg[1000]; // 需經 SHA-1 進行 hashcash 認證的郵件。
char *head = "from:[email protected] to:[email protected] title=hello! nonce=%d"; // 郵件樣式
unsigned int nonce = 0; // 可嵌入在郵件中並通過認證的值,稱為 nonce。
printNow(); // 印出起始時間
for (nonce = 0; nonce < UINT_MAX; nonce++) { // 從零開始一直往上找 nonce 值
sprintf(msg, head, nonce); // 將 nonce 嵌入樣版文件中,取得此次測試的郵件訊息。
sha1_init(&s); // 準備開始進行 SHA-1 雜湊。
sha1_write(&s, msg, strlen(msg)); // 將訊息加入,以便進行 SHA-1 雜湊。
uint8_t* hash = sha1_result(&s); // 開始進行 SHA-1 雜湊,計算出雜湊值 hash。
if (hash[0] == 0 && hash[1]==0 && hash[2]==0) { // 如果雜湊值的前 24bit (3 個 byte) 都是零,那麼就符合了。
printf("msg=%s\n", msg); // 印出訊息內容。
printf("hash="); // 印出雜湊欄位名稱。
printHash(hash); // 印出雜湊欄位內容。
break;
}
}
printNow(); // 印出完成時間
return 0;
}
執行結果: D:\Dropbox\Public\web\codedata\code\sha1>gcc hashcash.c -o hashcash D:\Dropbox\Public\web\codedata\code\sha1>hashcash Current local time and date: Mon Dec 16 19:33:03 2013 msg=from:[email protected] to:[email protected] title=hello! nonce=13973878 hash=00000016aa26951d1653fe515f112fe41d8ebd45 Current local time and date: Mon Dec 16 19:34:27 2013 您可以看到上述程式花了「1 分 24 秒」,從 nonce=0 開始向上不斷測試,直到 nonce=13973878 才找到了第一個符合有24 bit 前導零 nonce ,也就是總共測試了一千三百多萬次才發現符合條件的含 nonce 文件,這也就是雜湊現金(hashcash) 機制的實務用法。 一但找到符合這個條件的文件之後,就可以通過測試,假如這種雜湊現金是用來過濾垃圾郵件用的,那麼接收端就可以檢查這封郵件 “from:[email protected] to:[email protected] title=hello! nonce=13973878″ 的接收者是否為自己,然後再檢查其雜湊值是否真的有 24 bit 的前導零,如果有的話就代表對方已經花了足夠的 CPU 時間 (換句話說就是已經付了「雜湊現金」,有付的人其信件就可以被接受了)。 同樣的,比特幣也是如此,如果一個人花 CPU 時間幫「比特幣網路」計算出符合條件的 nonce 值,那麼他就可以得到對應的代價,也就是一些「比特幣」,這也就是所謂的「挖掘比特幣」了。 參考文獻
|
相關文章
關於作者
職務:國立金門大學 / 資訊工程系 / 助理教授 首頁:http://ccckmit.wikidot.com/
wu yan
07/12nice...
thx and god bless...
^___^