在密碼學中，scrypt(念作“ess crypt”)是Colin Percival于2009年所發明的金鑰推衍函數，當初設計用在他所創立的Tarsnap服務上。設計時考慮到大規模的客制硬件攻擊而刻意設計需要大量內存運算。2016年，scrypt算法發布在RFC?7914。scrypt的簡化版被用在數個密碼貨幣的工作量證明(Proof-of-Work)上。

Scrypt不僅計算所需時間長，而且占用的內存也多，使得并行計算多個摘要異常困難，因此利用rainbow table進行暴力攻擊更加困難。Scrypt 沒有在生產環境中大規模應用，并且缺乏仔細的審察和廣泛的函數庫支持。但是，Scrypt 在算法層面只要沒有破綻，它的安全性應該高于PBKDF2和bcrypt。

Scrypt 算法 Java 的實現

/**

* Pure Java implementation of the scrypt.

*

* @param password

* Password.

* @param salt

* Salt.

* @param cost

* Overall CPU/MEM cost parameter. 2^15 for testing, but 2^20 recommended.

* @param blocksize

* Block size for each mixing loop (memory usage).

* @param parallel

* Parallelization to control the number of independent mixing loops.

* @param length

* Intended length of the derived key.

*

* @return The derived key.

*

* @throws NoSuchAlgorithmException

* when HMAC_SHA256 is not available.

* @throws IllegalArgumentException

* when parameters invalid

*/

protected static byte[] scrypt(byte[] password, byte[] salt, int cost, int blocksize, int parallel, int length)

throws GeneralSecurityException {

if (cost < 2 || (cost & (cost - 1)) != 0) throw new IllegalArgumentException("Cost must be a power of 2 greater than 1");

if (cost > Integer.MAX_VALUE / 128 / blocksize) throw new IllegalArgumentException("Parameter cost is too large");

if (blocksize > Integer.MAX_VALUE / 128 / parallel) throw new IllegalArgumentException("Parameter blocksize is too large");

Mac mac = Mac.getInstance("HmacSHA256");

mac.init(new SecretKeySpec(password, "HmacSHA256"));

byte[] key = new byte[length];

byte[] b1 = new byte[128 * blocksize * parallel];

byte[] xy = new byte[256 * blocksize];

byte[] v1 = new byte[128 * blocksize * cost];

pbkdf2(mac, salt, 1, b1, parallel * 128 * blocksize);

for (int i = 0; i < parallel; i++) {

smix(b1, i * 128 * blocksize, blocksize, cost, v1, xy);

}

pbkdf2(mac, b1, 1, key, length);

return key;

}

private static void smix(byte[] b1, int bi, int round, int cpu, byte[] v1, byte[] xy) {

int xi = 0;

int yi = 128 * round;

System.arraycopy(b1, bi, xy, xi, 128 * round);

for (int i = 0; i < cpu; i++) {

System.arraycopy(xy, xi, v1, i * (128 * round), 128 * round);

blockMixSalsa8(xy, xi, yi, round);

}

for (int i = 0; i < cpu; i++) {

int j = integerify(xy, xi, round) & (cpu - 1);

blockxor(v1, j * (128 * round), xy, xi, 128 * round);

blockMixSalsa8(xy, xi, yi, round);

}

System.arraycopy(xy, xi, b1, bi, 128 * round);

}

private static void blockMixSalsa8(byte[] by, int bi, int yi, int round) {

byte[] x1 = new byte[64];

System.arraycopy(by, bi + (2 * round - 1) * 64, x1, 0, 64);

for (int i = 0; i < 2 * round; i++) {

blockxor(by, i * 64, x1, 0, 64);

salsa(x1);

System.arraycopy(x1, 0, by, yi + (i * 64), 64);

}

for (int i = 0; i < round; i++) {

System.arraycopy(by, yi + (i * 2) * 64, by, bi + (i * 64), 64);

}

for (int i = 0; i < round; i++) {

System.arraycopy(by, yi + (i * 2 + 1) * 64, by, bi + (i + round) * 64, 64);

}

}

private static int r1(int left, int right) {

return (left << right) | (left >>> (32 - right));

}

private static void salsa(byte[] b1) {

int[] base32 = new int[16];

for (int i = 0; i < 16; i++) {

base32[i] = (b1[i * 4 + 0] & 0xff) << 0;

base32[i] |= (b1[i * 4 + 1] & 0xff) << 8;

base32[i] |= (b1[i * 4 + 2] & 0xff) << 16;

base32[i] |= (b1[i * 4 + 3] & 0xff) << 24;

}

int[] x1 = new int[16];

System.arraycopy(base32, 0, x1, 0, 16);

for (int i = 8; i > 0; i -= 2) {

x1[4] ^= r1(x1[0] + x1[12], 7);

x1[8] ^= r1(x1[4] + x1[0], 9);

x1[12] ^= r1(x1[8] + x1[4], 13);

x1[0] ^= r1(x1[12] + x1[8], 18);

x1[9] ^= r1(x1[5] + x1[1], 7);

x1[13] ^= r1(x1[9] + x1[5], 9);

x1[1] ^= r1(x1[13] + x1[9], 13);

x1[5] ^= r1(x1[1] + x1[13], 18);

x1[14] ^= r1(x1[10] + x1[6], 7);

x1[2] ^= r1(x1[14] + x1[10], 9);

x1[6] ^= r1(x1[2] + x1[14], 13);

x1[10] ^= r1(x1[6] + x1[2], 18);

x1[3] ^= r1(x1[15] + x1[11], 7);

x1[7] ^= r1(x1[3] + x1[15], 9);

x1[11] ^= r1(x1[7] + x1[3], 13);

x1[15] ^= r1(x1[11] + x1[7], 18);

x1[1] ^= r1(x1[0] + x1[3], 7);

x1[2] ^= r1(x1[1] + x1[0], 9);

x1[3] ^= r1(x1[2] + x1[1], 13);

x1[0] ^= r1(x1[3] + x1[2], 18);

x1[6] ^= r1(x1[5] + x1[4], 7);

x1[7] ^= r1(x1[6] + x1[5], 9);

x1[4] ^= r1(x1[7] + x1[6], 13);

x1[5] ^= r1(x1[4] + x1[7], 18);

x1[11] ^= r1(x1[10] + x1[9], 7);

x1[8] ^= r1(x1[11] + x1[10], 9);

x1[9] ^= r1(x1[8] + x1[11], 13);

x1[10] ^= r1(x1[9] + x1[8], 18);

x1[12] ^= r1(x1[15] + x1[14], 7);

x1[13] ^= r1(x1[12] + x1[15], 9);

x1[14] ^= r1(x1[13] + x1[12], 13);

x1[15] ^= r1(x1[14] + x1[13], 18);

}

for (int i = 0; i < 16; ++i) {

base32[i] = x1[i] + base32[i];

}

for (int i = 0; i < 16; i++) {

b1[i * 4 + 0] = (byte) (base32[i] >> 0 & 0xff);

b1[i * 4 + 1] = (byte) (base32[i] >> 8 & 0xff);

b1[i * 4 + 2] = (byte) (base32[i] >> 16 & 0xff);

b1[i * 4 + 3] = (byte) (base32[i] >> 24 & 0xff);

}

}

private static void blockxor(byte[] s1, int si, byte[] d1, int di, int length) {

for (int i = 0; i < length; i++) {

d1[di + i] ^= s1[si + i];

}

}

private static int integerify(byte[] b1, int bi, int round) {

bi += (2 * round - 1) * 64;

int n = (b1[bi + 0] & 0xff) << 0;

n |= (b1[bi + 1] & 0xff) << 8;

n |= (b1[bi + 2] & 0xff) << 16;

n |= (b1[bi + 3] & 0xff) << 24;

return n;

}

/**

* Implementation of PBKDF2 (RFC2898).

*

* @param mac

* Pre-initialized {@link Mac} instance to use.

* @param salt

* Salt.

* @param iterations

* Iteration count.

* @param key

* Byte array that derived key will be placed in.

* @param length

* Intended length, in octets, of the derived key.

*

* @throws GeneralSecurityException

* If key length is too long

*/

protected static void pbkdf2(Mac mac, byte[] salt, int iterations, byte[] key, int length) throws GeneralSecurityException {

int len = mac.getMacLength();

byte[] u1 = new byte[len];

byte[] t1 = new byte[len];

byte[] block = new byte[salt.length + 4];

int limit = (int) Math.ceil((double) length / len);

int r = length - (limit - 1) * len;

System.arraycopy(salt, 0, block, 0, salt.length);

for (int i = 1; i <= limit; i++) {

block[salt.length + 0] = (byte) (i >> 24 & 0xff);

block[salt.length + 1] = (byte) (i >> 16 & 0xff);

block[salt.length + 2] = (byte) (i >> 8 & 0xff);

block[salt.length + 3] = (byte) (i >> 0 & 0xff);

mac.update(block);

mac.doFinal(u1, 0);

System.arraycopy(u1, 0, t1, 0, len);

for (int j = 1; j < iterations; j++) {

mac.update(u1);

mac.doFinal(u1, 0);

for (int k = 0; k < len; k++) {

t1[k] ^= u1[k];

}

}

System.arraycopy(t1, 0, key, (i - 1) * len, (i == limit ? r : len));

}

}

下面是 Scrypt 算法的調用。

package com.cv4j.blockchain.study.scrypt;

import java.io.UnsupportedEncodingException;

import java.security.GeneralSecurityException;

/**

* Created by tony on 2018/8/5.

*/

public class Test {

public static void main(String[] args) {

byte[] password = new byte[0];

try {

password = "123456".getBytes("UTF-8");

} catch (UnsupportedEncodingException e) {

e.printStackTrace();

}

byte[] salt = new byte[0];

try {

salt = "abcdefg".getBytes("UTF-8");

} catch (UnsupportedEncodingException e) {

e.printStackTrace();

}

long start = System.currentTimeMillis();

byte[] scrypt = new byte[0];

try {

scrypt = Scrypt.scrypt(password,salt,131072,8,1,32);

} catch (GeneralSecurityException e) {

e.printStackTrace();

}

String str = HashUtils.encodeBase64(scrypt);

long end = System.currentTimeMillis();

System.out.println("加密后的值:"+str);

System.out.println("花費時間:"+(end-start)+" ms");

}

}

下面的代碼實現了真正的加密

scrypt = Scrypt.scrypt(password,salt,131072,8,1,32);

加密后的字節數組還需要使用 Base64 進行 encode。

Scrypt 算法 C 的實現

#include

#include

#include

#include

#include "crypto_scrypt.h"

jbyteArray JNICALL Java_io_merculet_scrypt_util_SignUtils_scryptN(JNIEnv *env, jclass cls, jbyteArray passwd, jbyteArray salt,

jint N, jint r, jint p, jint dkLen)

{

jint Plen = (*env)->GetArrayLength(env, passwd);

jint Slen = (*env)->GetArrayLength(env, salt);

jbyte *P = (*env)->GetByteArrayElements(env, passwd, NULL);

jbyte *S = (*env)->GetByteArrayElements(env, salt, NULL);

uint8_t *buf = malloc(sizeof(uint8_t) * dkLen);

jbyteArray DK = NULL;

if (P == NULL || S == NULL || buf == NULL) goto cleanup;

if (crypto_scrypt((uint8_t *) P, Plen, (uint8_t *) S, Slen, N, r, p, buf, dkLen)) {

jclass e = (*env)->FindClass(env, "java/lang/IllegalArgumentException");

char *msg;

switch (errno) {

case EINVAL:

msg = "N must be a power of 2 greater than 1";

break;

case EFBIG:

case ENOMEM:

msg = "Insufficient memory available";

break;

default:

msg = "Memory allocation failed";

}

(*env)->ThrowNew(env, e, msg);

goto cleanup;

}

DK = (*env)->NewByteArray(env, dkLen);

if (DK == NULL) goto cleanup;

(*env)->SetByteArrayRegion(env, DK, 0, dkLen, (jbyte *) buf);

cleanup:

if (P) (*env)->ReleaseByteArrayElements(env, passwd, P, JNI_ABORT);

if (S) (*env)->ReleaseByteArrayElements(env, salt, S, JNI_ABORT);

if (buf) free(buf);

return DK;

}

在 Android 中調用 Scrypt 算法。

byte[] password = new byte[0];

try {

password = "123456".getBytes("UTF-8");

} catch (UnsupportedEncodingException e) {

e.printStackTrace();

}

byte[] salt = new byte[0];

try {

salt = "abcdefg".getBytes("UTF-8");

} catch (UnsupportedEncodingException e) {

e.printStackTrace();

}

byte[] scrypt = SignUtils.scryptN(password,salt,131072,8,1,32);

String str = HashUtils.encodeBase64(scrypt);

其中，SignUtils 是通過 JNI 來調用 C 的代碼。

public class SignUtils {

// Used to load the 'native-lib' library on application startup.

static {

System.loadLibrary("scrypt");

}

public static native byte[] scryptN(byte[] password, byte[] salt, int cost, int blocksize, int parallel, int length);

}

另外，需要注意的是在 Android 中，Base64 的工具類略有不同。

import android.util.Base64;

/**

* Created by tony on 2018/8/1.

*/

public final class HashUtils {

/**

* Decodes a Base64 string to a byte array.

*

* @param string

* (in Base64)

* @return Base64 decoded byte array

* @see https://en.wikipedia.org/wiki/Base64

*/

public static byte[] decodeBase64(String string) {

return Base64.decode(string.getBytes(), Base64.DEFAULT);

}

/**

* Encodes a byte array into a Base64 string.

*

* @param array

* (byte array)

* @return Base64 encoded string

* @see https://en.wikipedia.org/wiki/Base64

*/

public static String encodeBase64(byte[] array) {

return new String(Base64.encode(array, Base64.DEFAULT));

}

}

完整的 Scrypt C 版本已經放到github上，方便在 App 中進行調用。

github地址：https://github.com/fengzhizi715/Scrypt_jni

總結

上面整理了 Scrypt 的兩種實現方式，如果對于安全性要求很高的密碼，可以采用 Scrypt 算法。該算法唯一的缺點就是慢。

總結

以上是生活随笔為你收集整理的java挖矿算法_Scrypt 不止是加密算法，也是莱特币的挖矿算法的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。