Table of contents

# Introduction

In order to resist password cracking, scientists have come up with many methods, such as obfuscation and salting passwords, and pattern transformation and combination of passwords. But these algorithms are gradually being defeated by some special ASIC processors, which do nothing else but crack your passwords or perform hash operations.

The most famous one is of course Bitcoin. It uses the criticized POW algorithm. Whoever has high computing power can mine. This has led to the creation of a large number of meaningless mining machines that can do nothing. Just do it, even if it is used to calculate the hash value. As a result, a lot of electricity is wasted.

Ordinary people don’t want to join this track that only giants can own. If you want to use an ordinary PC to mine, then I estimate that your chance of mining may be about the same as being hit by a meteorite.

In order to resist this CPU-based password encryption method, scientists have invented many other algorithms, such as algorithms that require a lot of memory. Because memory is not as fast as the CPU, which can be crazy, it limits many brute force cracking scenarios. Today we will The scrypt algorithm is one of them. This algorithm is applied to many new cryptocurrency mining systems to represent the fairness of their mining procedures.

# scrypt algorithm

scrypt is a cryptographic derivation algorithm created by Colin Percival. Using the scrypt algorithm to generate derived keys requires a large amount of memory. The scrypt algorithm was released as the RFC 7914 standard in 2016.

The main function of the password derivation algorithm is to generate a series of derived passwords based on the initialized master password. This algorithm is mainly used to resist brute force attacks. By increasing the complexity of password generation, it also increases the difficulty of brute force cracking.

But for the same reasons mentioned above, although previous password-based KDFs, such as PBKDF2, increase the number of passthroughs for password generation, they use very little memory space. So it is easily broken by simple ASIC machines. The scrypt algorithm was developed to solve this problem.

# Detailed explanation of scrypt algorithm

The scrypt algorithm will generate a very large pseudo-random number sequence. This random number sequence will be used in the subsequent key generation process, so generally a RAM is required for storage. This is why the scrypt algorithm requires large memory.

Next, let’s analyze the scrypt algorithm in detail. The standard Scrypt algorithm requires input of 8 parameters, as shown below:

- Passphrase: Enter the password to be hashed
- Salt: Salt for password protection to prevent rainbow table attacks
- CostFactor (N): CPU/memory cost parameter, must be an exponent of 2 (for example: 1024)
- BlockSizeFactor (r): blocksize parameter
- ParallelizationFactor (p): Parallelization parameter
- DesiredKeyLen (dkLen): The length of the output derived key
- hLen: output length of hash function
- MFlen: output length of Mix function

The output of this function is DerivedKey.

First we need to generate an expensiveSalt. First get blockSize:

```
blockSize = 128*BlockSizeFactor
```

Then use PBKDF2 to generate p blockSizes, and combine these p blocks into an array:

```
[B0...Bp−1] = PBKDF2HMAC-SHA256(Passphrase, Salt, 1, blockSize*ParallelizationFactor)
```

Use ROMix to mix the resulting blocks:

```
for i ← 0 to p-1 do
Bi ← ROMix(Bi, CostFactor)
```

Combine B into a new expensiveSalt:

```
expensiveSalt ← B0∥B1∥B2∥ ... ∥Bp-1
```

Next use PBKDF2 and the new salt to generate the final derived key:

```
return PBKDF2HMAC-SHA256(Passphrase, expensiveSalt, 1, DesiredKeyLen);
```

The following is the pseudocode of the ROMix function:

```
Function ROMix(Block, Iterations)
Create Iterations copies of X
X ← Block
for i ← 0 to Iterations−1 do
Vi ← X
X ← BlockMix(X)
for i ← 0 to Iterations−1 do
j ← Integerify(X) mod Iterations
X ← BlockMix(X xor Vj)
return X
```

The pseudo code of BlockMix is as follows:

```
Function BlockMix(B):
The block B is r 128-byte chunks (which is equivalent of 2r 64-byte chunks)
r ← Length(B) / 128;
Treat B as an array of 2r 64-byte chunks
[B0...B2r-1] ← B
X ← B2r−1
for i ← 0 to 2r−1 do
X ← Salsa20/8(X xor Bi) // Salsa20/8 hashes from 64-bytes to 64-bytes
Yi ← X
return ← Y0∥Y2∥...∥Y2r−2 ∥ Y1∥Y3∥...∥Y2r−1
```

# Use of scrypt

Scrypt is used in many new POW virtual currencies, such as Tenebrix, Litecoin and Dogecoin. Interested friends can look at.

## + There are no comments

Add yours