Topic: Mechanical hashing - page 2. (Read 531 times)

Modulo is reversible, if you have enough context. For example:
See? Addition modulo 2^32 is perfectly reversible. It is like a clock, you can use modulo 60 to represent the current second. You can add seconds, you will get them modulo 60. But you can also subtract them, then you will get it backwards. So, addition modulo 2^32 can be reversed by using subtraction modulo 2^32, it's that simple. The same with many other bijective operations: if you have xor, you can xor it again by the same value. If you have rotation, you can rotate it back. And if you can compute Addition, Rotation and Xor backwards, then you can implement the whole ARX model backwards.

When it comes to "and", it is irreversible, but only partially (if you have "true" as your result, you know that all values were also "true"). Because it is used only internally, and is not a main operation to combine things, it can be reversed. Hash functions like SHA-1 and SHA-256 use Addition, Rotation, Xor, as their main core, functions like "and" or "or" are used only internally. Also, even if you think that "xor" alone is irreversible, then you are wrong, because having all 16 w-values is enough to xor and rotate them in any needed way, to recover all other w-values forward and backward.

I don't think hash functions need more memory than a few kilobytes at most. The bare minimum for SHA-256 is eight 32-bit values for IV, eight 32-bit values for Exit Hash, and 16 32-bit values for the message. Then, maybe a few more 32-bit values will be needed to make it convenient, so the total memory cost could be, I don't know, 256 bytes? Maybe 512 bytes? Hash functions are not that complex to require a lot of memory, I think it is possible to do below 1 kB.

Why do you think that SHA-256 is much more complex than SHA-1 in my examples? It has different k-values, and some different internal functions here and there, but the core of the whole hashing is pretty much identical. Also, when it comes to preimage attacks, it is also pretty much the same way of doing things, only some functions has to be changed here and there.

Why not? Do you think that having a mechanical device that will perform 32-bit modulo addition is also impossible? Why? It is less complex than you think, you can write some simple code in any language, or even in some mathematical tool to see, that implementing hash functions is quite easy, much easier than implementing for example ECDSA. And then, if you have some hash function, executing all of my described attacks is pretty much straightforward, you just take one formula and transform it, for example:

It actually is "reversing": if you have "a xor b = c", then you can mechanically xor "a" and "b", get your result in "c", and later use "c xor b = a" to restore "a". The same with addition modulo 2^32 that can be reversed by using subtraction modulo 2^32, and the same with rotations, that could be reversed by rotating it further: if you have rol5, you can reverse it by doing rol27, because 5+27=32, and rol32 means nothing will be changed.

I gave this idea (sha256 device) some more thought and I've realized that you can even build a web service out of it if you can't afford manufaturing units.

No I'm not talking about "input text, get SHA256 hash out". You can actually design the rounds as if they were state machines. It could provide predefined rounds for most common hashing functions such as the SHA-2 and -3 families, Keccak, HMAC, RIPEMD160, etc. etc and of course it would allow you to design your own rounds.

In this way even normal people would be able to experiment with hash functions without the need to buy hardware for them.

Not sure about that. SHA-256 uses modular arithmetic which is not reversible. it also use some compound operations involving "xor" and "and". those are not reversible either most likely.

I don't think a mechanical device could store all the needed data to be able to do it in reverse. it would have to store alot of information. think a computer. with memory.

i honestly didn't understand any of that. but sha-256 is a pretty complex thing. i don't think a mechanical device could reverse it in any meaningful way. now if you're talking about a mechanical machine that can store alot of data so that when you turn the crank backwards it spits out the intermediate outputs in reverse order, i guess it is theoretically possible but it's not really reversing it mathematically it's just spitting out stored data in a certain order.

It actually is, if you have the whole needed context. You can compute rounds backwards, if you have all data. Using IV and w-values from w[0] to w[15] is one option, but you can also go backwards, use Exit Hash, use the last 16 w-values, and compute everything backwards, you will then reach IV. I can demonstrate it further in my topic about hash functions if you cannot see that.

The only thing that is "irreversible" is getting IV and Exit Hash as your input, and getting data as your output. But if you have data, then you can go backward or forward, you can go from IV to Exit Hash, or from Exit Hash to IV, many operations are perfectly reversible.

Edit: Here you go, see this post about "irreversibility": https://bitcointalksearch.org/topic/m.60342783

SHA-256 is not reversible by rotating a crank in reverse. 

I did it with paper and pencil. And no conversion from hexadecimal to binary was needed, except rotations. But I know that mechanically it should be possible. When it comes to addition, it is possible to create "addition table", like this:
I created more such tables, for moving values during addition, multiplication (needed to validate k-values), and other things like that. After few hours, I could add hexadecimal numbers as well as decimal ones. Constructing similar tables for rotations is also possible, but it is harder. So yes, I know how to do it by hand, and I can reach a bit better hashrate than on this video, but it is still not sufficient. I think about something similar to a mechanical calculator, but it should work on SHA-256 (or even better: should also allow hashing things multiple times), should use hexadecimal (or binary, or other power-of-two-based system) keyboard, and allow quite fast calculation, by setting IV, setting data, and then it should turn Initialization Vector into Exit Hash. It could work on-the-fly, and modify w-values on-the-fly, then going backwards could be possible by rotating it mechanically in the opposite direction.

Not sure about a "mechanical" solution, but if you want to do it with paper and pencil...

http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html

https://www.youtube.com/watch?v=y3dqhixzGVo

Looking at a device like a chaotic fluid where Hashing is simply done through hydrodynamics. We could liken it to stirring a muddy fluid a sort of mechanical device just like in a microfluidic device  which can be can be used in a digital information system.

This chaotic maps can encode information about the underlying flow dynamics into the relative arrangements of advected particle which in our case study is SHA-256 hash function with arbitrary message of 512-bit
https://www.pnas.org/doi/10.1073/pnas.1721852115

Or what about a device with an LED screen that simply does one round of initialization on an input, but allows you to customize the round by choosing which states to combine with others, how they combine (XOR, right-rotate and others)?

There would be a button and keypad that lets you input a random string for hashing (the button is for starting and resetting the input), and another "Hash 1 round" button.

Would definitely resemble more like a raspberry pi with an embedded screen, or TI-85, and would make it much easier to represent 2^64 states (or a similar large number) than a mechanical device.

To explain better, how crypto works, for less-technical and less-digital people, there is a need to explain hash functions mechanically, without involving any electricity. I think it should be technically possible to make a mechanical device, where any user could set any Initialization Vector for SHA-256, set any 512-bit message, and see the result of hashing this block once by SHA-256. That could be used to better explain, how mining works. If someone will make something like that, I will buy it for Bitcoin. I saw some interesting projects here, maybe this idea could inspire someone to make something like that for some hash functions, for example SHA-256.