She cracked the hash function algorithm: stick to 10 years to do one thing, you can success

On September 7th this year, the 2019 Future Science Awards were announced, and the four-year-old award was held to welcome the first female winner, cryptographer Wang Xiaoyun. In the information age, financial services, network security and so on are inseparable from the password system “guard.” In the eyes of the public, the password with the mysterious color, Wang Xiaoyun cracking and designing the password experience is even more legendary.

The MD5 and SHA-1 were once the most advanced international lying codes, and experts believe it will take a million years to crack. In 2004 and 2005, these two “solid gold soup” algorithms were cracked by Wang Xiaoyun, causing a strong “earthquake” in the international cryptography community.

In 2005, Wang Xiaoyun and domestic experts designed The first hash function algorithm standard SM3 in China. Today, SM3 has been a number of industries in China escort.

On the evening of November 16th, Wang Xiaoyun, who had his short hair and a typical scholar’ style, appeared at the 2019 Future Science Awards Week. Asked how she felt about the award, the low-key scientist said she was very grateful for everyone’s support and love for her and hoped that you would pay more attention to and support the business of cryptography and young talents in the field.

She cracked the hash function algorithm: stick to 10 years to do one thing can be done

Wang Xiaoyun gives an interview to the media during the future Science Awards week. Xinhua News Agency reporter Zhang Wei

Strong interest in mathematical ariology from a young age

In 1966, Wang Xiaoyun was born into a family of teachers in Zhucheng, Shandong Province. Her father graduated from Zhucheng Normal School in mathematics and chemistry class, under the influence of his father, Wang Xiaoyun from an early age on the mathematical chemistry showed a strong interest.

Because of her excellent math scores in the college entrance examination, she enrolled in the Department of Mathematics of Shanda. At that time, the Faculty of Mathematics of Shanda was strong, and the teaching was taught by well-known mathematician Pan Chengdong and other professional very good professors.

In 1987, Wang Xiaoyun was admitted to Shandong University as a graduate student, and Pan Chengdong studied parsing number theory. More than a year later, at the suggestion of his tutor, Wang Xiaoyun transferred to cryptography. The decision was a turning point in her research career.

After receiving his Ph.D. in Basic Mathematics from Shandong University, Wang Xiaoyun stayed on to teach. Without research funding, she started her password study on the only small desk she had ever had.

Breaking through two of the world’s biggest crypto-castles

In August 2004, at the International Crypto Congress in Santa Barbara, California, The study by Wang Xiaoyun, a Chinese cryptographer, caused applause. The “loopholes” she and her team found allowed the indestructible bastion of the code algorithm to collapse in an instant.

For many years, the hash functions MD5 and SHA-1 have been recognized as two of the most advanced and widely used algorithms. Widely used in finance, securities and other e-commerce fields. As a rule, even advanced computers would take 1 million years to crack.

At the International Cryptographic Conference, Wang Xiaoyun announced for the first time the results of her and her research team’s research on the cracking of four famous cryptographic algorithms, such as MD5. After marveling at the scene, the scholars gave a round of applause, and some even excitedly stood up to pay their respects, causing the report to be interrupted for a time.

In 2005, Wang Xiaoyun again announced the news of the hack of SHA-1. SHA-1 has more widespread applications in the United States and other countries, the password algorithm was cracked the news once again caused a strong response.

“Password is an offensive and defensive process, why is the international and domestic password design level so high now?” This depends on the continuous progress of password analysis, and the constant discovery of vulnerabilities in the password system to know where to guard against. Designed to be able to defend against all the likelihood of an attack, think of future attacks as much as possible, and design a better password system. ”

Wang Xiaoyun cracked five international common hash function algorithms, so what is her successful password? Wang Xiaoyun attributed to “persistence”, “a person can insist on doing one thing for 10 years, can certainly be done.” ”

Wang Xiaoyun admits that she has been doing hash function analysis for almost 10 years. “At first I didn’t have a big idea, and now it seems that hash functions are the basic technology of blockchain; The two major hash function algorithms, MD5 and SHA-1, are supported by the cipher system. I thought I had to analyze the security of these algorithms. ”

Password in many people’s eyes is boring and difficult, Wang Xiaoyun said, because she is learning basic mathematics, the mathematical feeling is better, in the analysis process, she saw these algorithms as a special mathematical function, with feeling found a lot of laws. With the increase of the difficulty of the cryptographic algorithm analysis, a complete set of cryptographic analysis system has been built.

Design ingesting the standard SM3 of the first hash function algorithm in China

After the two pillar algorithms of hash functions were hit hard, the National Institute of Standards and Technology solicited new international standard hash function algorithms from global cryptographers, and Wang Xiaoyun abandoned his participation in the design of the new international standard cryptography algorithm and instead designed the domestic hash function algorithm standard.

In 2005, Wang Xiaoyun and other domestic experts designed China’s first hash function algorithm standard SM3, its security has been highly recognized at home and abroad. SM3-approved password products such as financial social security cards, new generation bank chip cards and smart meters have been widely used throughout the country.

After the release of SM3, dozens of password-related areas of industry standards, the national network security issues are becoming more and more clear.

Wang Xiaoyun said that over the years, China’s science and technology incentive spending policy is good, the state’s investment in science and technology funds is very strong. “From my personal experience, I used my own money to do scientific research, to slowly start to have scientific research funding support, now the state support spending our major projects and projects, support can be said to be dozens of times increased. ”

“We should use our research capabilities to do a good job of national password protection, so that our network is more secure and the interests of the people.” “When it comes to the future of scientific research dreams, Wang Xiaoyun said.

She cracked the hash function algorithm: stick to 10 years to do one thing can be done

Wang Xiaoyun is an academic student at Tsinghua University. Future Forum For Pictures

Female scientistwho who loves to raise flowers and collect stamps

In the public imagination, female scientists are rigorous, intelligent and focused. What is Wang Xiaoyun in life? In CCTV’s “Speaking” program, the cheerful character of Wang Xiaoyun has said that despite the heavy research tasks, but she will still raise flowers, housework, visit the philatelic market as a way to relax.

As the first female winner of the Future Science Awards, her status has also come to the fore. Low-key and humble Wang Xiaoyun admitted that she can feel everyone’s enthusiasm, thank you for their support and love. “I feel like I’ve been over-watched, and I hope you can pay more attention to the business of cryptography, to young people in the field of cryptography, and to hope that they will be supported.”


Internet of Things, Artificial Intelligence and other areas need cryptography to protect privacy

Beijing News: What problems may the development of Internet of Things, artificial intelligence, big data and so on bring to privacy? How to solve with cryptographic technology?

Wang Xiaoyun: The privacy protection problem in these areas is very serious, at present, the promotion of password technology in these areas of our country is in its infancy, and it does not completely solve the security problem.

The internet of Things is complex and requires the combing of communication systems in these areas to cover password protection technologies. We need to integrate cryptographic systems and IoT communication systems to ensure their security. From the perspective of technical research and industrial application, this problem can be solved together.

In the field of artificial intelligence, one is face recognition, biometric recognition, personal privacy is easy to disclose, personal privacy protection needs to use cryptography. Second, machine deep learning, if an attacker changes a small amount of data in machine learning, there will be a very wide gap in the results, is a terrible result. This security also requires a cryptographic technology. But the solution of cryptography technology is just beginning, still need to be studied in depth.

Artificial intelligence has other applications that require understanding the working mechanism and further determining how cryptography is applied.

At present, data in many industries is stored in the form of big data, some of them are clouded, and the protection of personal information is more severe. Once big data is leaked, it can even reveal the information of hundreds of millions of people. From the point of view of encryption alone, password technology protection can be achieved, but it may affect the processing power of big data, which requires long-term research and protection of new cryptography technology. There are also some security issues that need to be scientificandly developed and ultimately improved.

Beijing News: What do you think is the highlight of the just-passed Code Law?

Wang Xiaoyun: “Password Law” has many bright spots, such as putting forward the password work adhere to the overall national security view, adhere to the leadership of the Communist Party of China on the work of password, put forward the state to encourage and support the password science and technology research and personnel training, which is more than before the support, there is a law to provide.

The Password Law defines the classification of passwords and divides passwords into core passwords, ordinary passwords and commercial passwords. For our academic research field, the focus is on the academic research and technology application of commercial passwords.

There are also many highlights in this chapter of “Commercial Password”, such as the proposal to improve a unified, open, competitive and orderly commercial password market system, and treat commercial password research, production, sales, services, import and export units, including foreign-invested enterprises, equal treatment in accordance with the law. I think this part is very important and provides very good legal protection for China, especially the expansion of the field of password, diplomacy of major countries with Chinese characteristics and the Belt and Road Initiative. If commercial passwords do not go abroad, many information communications and international connectivity cannot be made.

The Code Law also proposes that the State promote participation in international standardization activities for commercial passwords and participate in the development of international standards for commercial passwords. I think this can play a positive role in promoting the intellectual and program of china’s password, but also promote china’s password scientific and technological innovation research. At the same time, “the state to promote the construction of commercial password testing and certification system” is very important to regulate the market.

Beijing News: The Ministry of Science and Technology and other four departments issued the “Work Programme on Strengthening Mathematical Science Research”, which to the development of cryptography to bring about what benefits?

Wang Xiaoyun: I am also involved in this process, but also the beneficiary. I am very pleased to include cryptography in the field of mathematics. Password is the field of application mathematics, the application of mathematics and the combination of basic mathematics. The application of password is very special and very wide area in the application of mathematics. Password research is an area of cross-support, China encourages support for national defense security and other fields, basic passwords play a role in these areas, which is also an unprecedented opportunity for cryptography.


Wang Xiaoyun, Professor of “Yang Zhenning Lecture” at Tsinghua University Institute of Advanced Studies, Fellow of the Chinese Academy of Sciences, member of the International Code Association. The collision attack theory of password hash function is proposed, five international common hash function algorithms, including MD5 and SHA-1 are solved, and the standard SM3 of hash function in China is designed, which officially becomes the International Standard of ISO/IEC in October 2018. Representative papers more than 50, 3 by the European Union, the United States of America’s best papers. Has won the second prize of national natural science, the national outstanding scientific and technological workers, network security outstanding talent award.

Zhang Wei, reporter for the Beijing News

Add a Comment

Your email address will not be published. Required fields are marked *