Is it bad that I don't know these off by heart?
We're talking about magic numbers today.
In many cryptographic algorithms—hash functions,
encryption suites, and so on—
you have the seemingly random constants that appear
because they're necessary for various tasks
and, um...
The question is, where did they come from?
Who thought up these numbers?
And why are they important?
There are a lot of cases
where you want to start off with some noughts and ones
jumbled up, in some sense
before you then apply your encryption
to do it further. That's the idea.
So in SHA-1, for example,
we have, actually, some seemingly random
magic numbers that are in there.
INTERVIEWER: Are they things people know? You could look it up...
Yep, you could look it up.
It's buried in the source code for any of these implementations
and it's in the specification.
They're not secret. That's the idea.
They're not like a secret key. They're just public knowledge.
So, these numbers here are the initial internal state variables for SHA-1.
And—I should add—in the wrong order by mistake.
So, if you're gonna implement SHA-1,
don't use my Computerphile video as your reference, please.
These two are in the wrong order. But anyway...
The internal state starts with these values
and then it proceeds by taking in the message and jumbling itself up
and then it outputs a hash.
Now the very question is, who came up with these numbers?
And do we trust them? Right?
Is there any way that these numbers could be used to actually make the algorithm weaker?
This is a concept of "nothing up my sleeve" numbers.
So, think about a magician,
if they're about to pull something out of their sleeve,
they just show you at the beginning there's nothing in there
as a kind of way of sort of going,
"Look, there wasn't anything in my sleeve originally, so it's not a trick."
In the case of SHA-1, these numbers were produced by the NSA.
Alright?
But they've taken steps to try and demonstrate that they are actually
just random nonsense or
predictable numbers from life
rather than very carefully-crafted mathematical numbers
which allows us some kind of backdoor.
So, for example, this one here
is, you can see, is 0-1-2-3-4-5-6-7
Reversed. Right?
This one—8-9-A-B-C-D-E-F.
So you can see they're just counting up and counting back down.
So they're basically counting.
Now, this introduces some seemingly random noughts and ones to the initial state
but what it doesn't do is introduce strange numbers that we don't trust,
which is a very important thing in cryptography.
The same is true of some other numbers used in SHA during the compression function
which are these ones here. So these numbers are
two to the thirty times by root two, root three, root five, and root ten.
Why we chose them, in some ways, you know, we don't know,
but you can imagine that it would be quite hard to
produce some kind of clever mathematical backdoor
when you're just using the square root of two, right? Because it's just one number that everyone knows.
You know?
If you had picked these numbers at random, so they were in a sense
is was unclear what their origin was,
you maybe wouldn't trust them as much.
So this actually has precedent. So...
The Data Encryption Standard was released many years ago now.
Developed by IBM and, shall we say, adjusted slightly by the NSA.
Now at the time, there were some constants used in certain internals inside DES
which looked a bit suspicious.
Certainly, it wasn't so much that they were suspicious as that no one knew where they had come from.
They'd just been defined by one of the developers and just left there.
Now as it turns out, they actually were left there with a very good purpose.
They actually made the algorithm stronger, because it was resistant to something called differential cryptanalysis.
But at the time, when it seems random or contrived
you can't tell whether it's because it's made it stronger or weaker
or it genuinely was random.
So, in general, the cryptographic community is
very suspicious of numbers that don't have an obvious reason they're there
like, "I just counted from one to ten". Right? Because, you can't
produce a mathematical backdoor based on counting, because it's too contrived.
If I was on stage—
I don't do magic, right?
—but, if I was on stage and I said to you,
"Let's pick a number at random—I don't know, 24"
and did some trick with it, you'd think, well that's great, but clearly 24 wasn't random.
You know, it's that kind of principle.
You want to have some way of demonstrating
that it was a truly random number
or indeed that in essence the
the choice of your number is important, because everyone has to use the same one
if it's going to be a standard
but in some ways, what exact number it was
wasn't important.
That's what you're trying to demonstrate.
So in the case of SHA, they've just done some counting
they've just produced a simple mathematical formula that produces the numbers
such that people maybe have a little bit more trust
that it's used. It's quite common to use
3-1-4-1-5-9-2-6-5-8-9-7-9
Right? Because those are the initial digits of pi.
But the point is that, if you use those numbers,
then you can add some kind of, you know, initialisation vector for whatever algorithm your writing,
but I can't say, "Well, you've changed that number to put a backdoor in",
because that number's pi.
Right? I can't change that number.
You know, I don't have that much power. So...
But if I picked, let's say, the
the a millionth and second digit of pi
and the one after that, and the one after that, you'd say, "Well, where did you get a million and two from?"
You know, "Why have you chosen that part of pi?" So...
The point is that I've got to have a due process
and a clear reason for picking this number
where I've tried to be very open and said, look
it's not about the number, I've just used it. Okay? That's the idea.
So I haven't got anything up my sleeve.
INTERVIEWER: How far can you go with pi?
Well, I can do better than that, because that's wrong!
Yeah, it's 3.14159265358979
So I've missed some out.
Some people will have spotted that, and they'll be
they'll be thinking worse of me.
[LAUGHTER]
Nevermind.
