[hashcash] libfastsha1 vs libfastmint

  • From: Adam Back <adam@xxxxxxxxxxxxxxx>
  • To: hashcash <hashcash@xxxxxxxxxxxxx>
  • Date: Tue, 8 Jun 2004 06:45:39 -0400

I've been pondering if a more general function for the fast minting
code might be as a fast partially-precomputed SHA1 library.

There are places, eg HMAC-SHA1, which is used in IPSEC, SSL etc where
they probably in addition to having a hardcoded key (which doesn't
change between packets), and perhaps some hardcoded or more slowly
changing set of bytes at the start of the MACced data.

So I suppose this would be harder in the sense that the current code
makes assumptions about being a hashcash minter.

The "best" one could do I suppose would be to give the minter a
bit-mask of bytes in the input set which are to be pre-computed, and
have it output a sha1 context with as much of that precomputed as
possible.  Then another bitset would be stored in the state of the
SHA1 with bytes still to be hashed, vs bytes yet to supplied.  People
would then copy that state, and continue that state with different
follow on data to arrive at a final MAC output (or hash output in
general, HMAC being just a double application of HMAC with some
padding).  Doing that full set sounds a bit hairy!

As far as I know none of the other libraries attempt to do this.  What
people who are trying to be efficient do is just hash in the key part,
and copy that state.  So they are precomputing but only whole blocks.

Anyway just musings.


Other related posts: