SHA1Description

SHA1standsforSecureHashingAlgorithm.Itisahashingalgorithmdesignedbythe
UnitedStatesNationalSecurityAgencyandpublishedbyNIST.Itistheimprovementuponthe
originalSHA0andwasfirstpublishedin1995.SHA1iscurrentlythemostwidelyusedSHA
hashfunction,althoughitwillsoonbereplacedbythenewerandpotentiallymoresecureSHA2
familyofhashingfunctions.Itiscurrentlyusedinawidevarietyofapplications,includingTLS,
SSL,SSHandPGP.
SHA1outputsa160bitdigestofanysizedfileorinput.Inconstructionitissimilartothe
previousMD4andMD5hashfunctions,infactsharingsomeoftheinitialhashvalues.Itusesa
512bitblocksizeandhasamaximummessagesizeof 2 4 1bits.
SHA1AlgorithmDescription
Padding
Padthemessagewithasingleonefollowedbyzeroesuntilthefinalblockhas
448bits.
Appendthesizeoftheoriginalmessageasanunsigned64bitinteger.
Initializethe5hashblocks(h0,h1,h2,h3,h4)tothespecificconstantsdefinedintheSHA1
standard.
Hash(foreach512bitBlock)
Allocatean80wordarrayforthemessageschedule
Setthefirst16wordstobethe512bitblocksplitinto16words.
Therestofthewordsaregeneratedusingthefollowingalgorithm
word[i3]XORword[i8]XORword[i14]XORword[i16]then
rotated1bittotheleft.
Loop80timesdoingthefollowing.(ShowninImage1)
CalculateSHAfunction()andtheconstantK(thesearebasedonthe
currentroundnumber.
e=d
d=c
c=b(rotatedleft30)
b=a
a=a(rotatedleft5)+SHAfunction()+e+k+word[i]
Adda,b,c,dandetothehashoutput.
Outputtheconcatenation(h0,h1,h2,h3,h4)whichisthemessagedigest.

Image1:80roundinterloop.
Source:http://en.w ikipedia.org/w iki/File:SHA1.svg

ExampleInputsandOutputs
Input(Textfile)

Output(SHA1Hash)

abcd

81fe8bfe87576c3ecb22426f8e57847382917acf

abcdefghijklmnopqrstuvwxyz

32d10c7b8cf96570ca04ce37f2a19d84240d3a89

TheQuickBrownFoxJumpsOverTheLazy
Dog

645218467886dd414ea66a09b6cceea806127fb5

2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

OriginalDesign
SeeSHA1_Original.java
TheoriginaldesignfollowedtheNISTspecificationveryclosely.Sincethespecification
containedpseudocode,theoriginaldesignsimplyconvertedthepseudocodetojava.
Itwasanalysedwiththeinputofa3megabytefileofrandomlygenerateddata.

Flatprofileof693.54secs(59852totalticks):main
Interpreted+nativeMethod
77.9%0+46651java.lang.StrictMath.pow
12.9%0+7716java.lang.Double.doubleToRawLongBits
3.0%0+1804java.lang.Double.longBitsToDouble
1.8%1073+0java.util.LinkedList.addBefore
1.5%882+0java.util.LinkedList.remove
0.8%0+477java.io.FileInputStream.read
0.7%423+0SHA1.circularLeftShift
0.3%165+0java.util.LinkedList$Entry.<init>
0.2%112+0java.lang.StrictMath.floorOrCeil
0.1%75+0java.lang.Math.pow
0.1%71+0java.util.LinkedList.removeFirst
0.1%58+0java.util.LinkedList.add
0.1%48+0java.lang.Boolean.valueOf
0.1%47+0sun.misc.FpUtils.getExponent
0.1%43+0java.lang.Object.<init>
0.1%42+0java.lang.Math.round
0.1%34+0java.lang.StrictMath.floor
0.1%33+0java.util.LinkedList.addLast
0.0%25+0java.lang.Math.getExponent
0.0%17+0java.lang.Boolean.booleanValue
0.0%11+0java.lang.Math.floor
0.0%8+0SHA1.getHash
0.0%8+0java.util.LinkedList.<init>
0.0%4+0java.math.BigInteger.mulAdd
0.0%4+0java.util.AbstractCollection.<init>
100.0%3197+56654Totalinterpreted(includingelided)
Theoriginaldesignwasveryinefficient.Nearly100%oftheticksinvolvedthecircularLeftShift
method.ThismethodwasoriginallywrittenwithaLinkedList.Thiswasthefirstcandidatefor
rewriting.

RevisedDesign
Version2:
InVersion2oftheSHA1implementationthecircularLeftShiftmethodwasrewrittentouseonly
bitwiseoperations.Theentiremethodwasboileddownto
return((numToShift<<amount) (numToShift>>>(
BITS_IN_WORDamount)))
Thisgreatlyimprovedthespeedofthehash.
Flatprofileof9.00secs(715totalticks):main
Interpreted+nativeMethod
67.4%0+482java.io.FileInputStream.read
13.8%99+0SHA1.getHash
6.6%47+0SHA1.sha1Func
4.5%32+0SHA1.k
4.1%29+0SHA1.circularLeftShift
1.1%8+0java.util.ArrayList.get
0.6%4+0java.math.BigInteger.mulAdd
0.3%0+2java.lang.System.arraycopy
0.3%2+0java.util.Arrays.copyOf
0.1%0+1java.lang.String.intern
0.1%1+0sun.security.x509.X509CertInfo.parse
0.1%1+0java.lang.Class.forName0
0.1%0+1sun.misc.Unsafe.getInt
0.1%1+0java.lang.AbstractStringBuilder.<init>
0.1%1+0sun.security.util.DerInputStream.getSequence
0.1%1+0java.util.ArrayList.RangeCheck
0.1%1+0java.util.Arrays.copyOfRange
0.1%1+0java.math.BigInteger.multiplyToLen
0.1%1+0sun.nio.cs.StreamDecoder.readBytes
100.0%229+486Totalinterpreted
Afterthemodificationthetimeittooktorunthehashwentfrom693secondsto9seconds.This
isahugeimprovement.

Version3:
Thenextversionsimplywasmodifiedtorunthehas100timesbecause,asyoucanseeinthe
aboveanalysis,theFileInputwastakingalargeamountoftimerelativetotheactualhashing.
Flatprofileof264.96secs(19721totalticks):main
Interpreted+nativeMethod
48.5%9572+0SHA1.getHash
20.2%3988+0SHA1.sha1Func
13.8%2719+0SHA1.k
11.3%2236+0SHA1.circularLeftShift
2.7%532+0java.util.ArrayList.get
2.4%0+480java.io.FileInputStream.read
0.4%74+0java.util.ArrayList.size
0.3%55+0java.lang.Integer.intValue
0.2%48+0java.util.ArrayList.RangeCheck
0.0%2+0java.math.BigInteger.mulAdd
0.0%1+0SHA1.main
0.0%1+0sun.security.pkcs.ContentInfo.<clinit>
0.0%0+1java.lang.System.arraycopy
0.0%1+0java.util.zip.Inflater.inflateBytes
0.0%1+0java.lang.String.split
0.0%1+0java.util.Arrays.copyOf
0.0%1+0java.util.Arrays.copyOf
0.0%1+0java.util.ArrayList.ensureCapacity
0.0%1+0java.math.BigInteger.addOne
0.0%1+0java.math.BigInteger.montReduce
0.0%1+0java.math.BigInteger.multiplyToLen
100.0%19236+481Totalinterpreted
Thisshowsthatroughly93%ofthetimeisspentinthehashingfunction.Ithasbeendetermined
thatsincethehashismadeupofbitwiseoperationsthatthisisasfastasitcanbemade.

Developer sManual
TheSHA1implementationcanbecompiledusingthejavacompiler.Navigatetothedirectory
thatcontainsSHA1.javaandexecutejavacSHA1.javaSHA1_Original.java
TheSHA1classcanbeusedinotherjavaprograms.Itmustbeimportedintoyourproject.
CreateanewinstanceofSHA1usingnewSHA1(message,numBits)wheremessageisan
ArrayListofthemessageandnumBitsisthenumberofbitsofthemessage.
AftertheSHA1instanceiscreatedcallgetHash()tocalculatethehash.Itisreturnedasan
int[].ThedigestistheconcatenationofArrayindex0through4.

User sManual
TheSHA1applicationisusedasfollows:
javaSHA1[input_file][bloops]
bisanoptionalargumentthatputstheprogramintobenchmarkmode.
Benchmarkmodecalculatesthehashanumberoftimesspecifiedbythecommandline
argument.Inadditiontothehash,benchmarkmodeoutputsthetimethatittook,inmilliseconds,
tocomputethehashthenumberoftimesspecified.
Toruntheorginalcopyoftheprogram(beforerevisions),usethefollowingcommand:
javaSHA1_Original[input_file][bloops]

WhatweLearned
Throughthisprojectwelearnedhowtoimplementacryptographichashfunctioninsoftware.By
implementingSHA1,welearnedhowtocompareimplementationsofcryptographicfunctions
withspecifications.Thiscouldbeusefulifweeverneedtoverifythatanexistingimplementation
ofacryptographicfunctionissecure.Wealsolearnedhowtooptimizetheperformanceofour
codeusingrunningtimeprofiles.Thisexperiencewillallowustomoreeffectivelyoptimizefuture
software,whetherthesoftwareiscryptographicorotherwise.

FutureWork
TherearemanywaysthatourSHA1implementationcouldbeextended.Firstly,thecommand
lineargumentscouldbemodifiedtoacceptstandardinputinadditiontothefileinput.Also,our
SHA1implementationcouldbeusedbyothersoftwareforavarietyofpurposes.Forexample,if
asoftwarepackageupdatesusinguntrustedmirrors,aSHA1hashdeliveredthroughatrusted
channelcouldbeusedtoverifythattheupdatewasnottamperedwith.Anotherexampleofause
forourSHA1implementationisawebapplicationthatuseshashtoorganizeuserdata.Byusing
ourSHA1implementationinplaceofanoncryptographichashfunction,wecanpreventan
attackerfromdegradingperformancebyfindinghashcollisions.

ProjectRoles
BryanRiceAnalysedoriginalrunningtime,Identifiedareasofimprovement,Implemented
speedimprovements,Firstdraftoffinalreport.
BradleyWidemanWroteoriginalsoftwareimplementationandtheWhatweLearnedand
FutureWorksectionsofthereport.Alsocreatedtheseconddraftofthereport.

References
NISTPaper

http://csrc.nist.gov/publications/fips/fips1803/fips1803_final.pdf

WikipediaArticle

http://en.wikipedia.org/wiki/SHA1