Is it bad that I don’t know these off by heart? We’re talking about magic numbers today. In many cryptographic algorithms—hash functions, encryption suites, and so on— you have the seemingly random constants that appear because they’re necessary for various tasks and, um… The question is, where did they come from? Who thought up these numbers? And why are they important? There are a lot of cases where you want to start off with some noughts and ones jumbled up, in some sense before you then apply your encryption to do it further. That’s the idea. So in SHA-1, for example, we have, actually, some seemingly random magic numbers that are in there. INTERVIEWER: Are they things people know? You could look it up… Yep, you could look it up. It’s buried in the source code for any of these implementations and it’s in the specification. They’re not secret. That’s the idea. They’re not like a secret key. They’re just public knowledge. So, these numbers here are the initial internal state variables for SHA-1. And—I should add—in the wrong order by mistake. So, if you’re gonna implement SHA-1, don’t use my Computerphile video as your reference, please. These two are in the wrong order. But anyway… The internal state starts with these values and then it proceeds by taking in the message and jumbling itself up and then it outputs a hash. Now the very question is, who came up with these numbers? And do we trust them? Right? Is there any way that these numbers could be used to actually make the algorithm weaker? This is a concept of “nothing up my sleeve” numbers. So, think about a magician, if they’re about to pull something out of their sleeve, they just show you at the beginning there’s nothing in there as a kind of way of sort of going, “Look, there wasn’t anything in my sleeve originally, so it’s not a trick.” In the case of SHA-1, these numbers were produced by the NSA. Alright? But they’ve taken steps to try and demonstrate that they are actually just random nonsense or predictable numbers from life rather than very carefully-crafted mathematical numbers which allows us some kind of backdoor. So, for example, this one here is, you can see, is 0-1-2-3-4-5-6-7 Reversed. Right? This one—8-9-A-B-C-D-E-F. So you can see they’re just counting up and counting back down. So they’re basically counting. Now, this introduces some seemingly random noughts and ones to the initial state but what it doesn’t do is introduce strange numbers that we don’t trust, which is a very important thing in cryptography. The same is true of some other numbers used in SHA during the compression function which are these ones here. So these numbers are two to the thirty times by root two, root three, root five, and root ten. Why we chose them, in some ways, you know, we don’t know, but you can imagine that it would be quite hard to produce some kind of clever mathematical backdoor when you’re just using the square root of two, right? Because it’s just one number that everyone knows. You know? If you had picked these numbers at random, so they were in a sense is was unclear what their origin was, you maybe wouldn’t trust them as much. So this actually has precedent. So… The Data Encryption Standard was released many years ago now. Developed by IBM and, shall we say, adjusted slightly by the NSA. Now at the time, there were some constants used in certain internals inside DES which looked a bit suspicious. Certainly, it wasn’t so much that they were suspicious as that no one knew where they had come from. They’d just been defined by one of the developers and just left there. Now as it turns out, they actually were left there with a very good purpose. They actually made the algorithm stronger, because it was resistant to something called differential cryptanalysis. But at the time, when it seems random or contrived you can’t tell whether it’s because it’s made it stronger or weaker or it genuinely was random. So, in general, the cryptographic community is very suspicious of numbers that don’t have an obvious reason they’re there like, “I just counted from one to ten”. Right? Because, you can’t produce a mathematical backdoor based on counting, because it’s too contrived. If I was on stage— I don’t do magic, right? —but, if I was on stage and I said to you, “Let’s pick a number at random—I don’t know, 24” and did some trick with it, you’d think, well that’s great, but clearly 24 wasn’t random. You know, it’s that kind of principle. You want to have some way of demonstrating that it was a truly random number or indeed that in essence the the choice of your number is important, because everyone has to use the same one if it’s going to be a standard but in some ways, what exact number it was wasn’t important. That’s what you’re trying to demonstrate. So in the case of SHA, they’ve just done some counting they’ve just produced a simple mathematical formula that produces the numbers such that people maybe have a little bit more trust that it’s used. It’s quite common to use 3-1-4-1-5-9-2-6-5-8-9-7-9 Right? Because those are the initial digits of pi. But the point is that, if you use those numbers, then you can add some kind of, you know, initialisation vector for whatever algorithm your writing, but I can’t say, “Well, you’ve changed that number to put a backdoor in”, because that number’s pi. Right? I can’t change that number. You know, I don’t have that much power. So… But if I picked, let’s say, the the a millionth and second digit of pi and the one after that, and the one after that, you’d say, “Well, where did you get a million and two from?” You know, “Why have you chosen that part of pi?” So… The point is that I’ve got to have a due process and a clear reason for picking this number where I’ve tried to be very open and said, look it’s not about the number, I’ve just used it. Okay? That’s the idea. So I haven’t got anything up my sleeve. INTERVIEWER: How far can you go with pi? Well, I can do better than that, because that’s wrong! Yeah, it’s 3.14159265358979 So I’ve missed some out. Some people will have spotted that, and they’ll be they’ll be thinking worse of me. [LAUGHTER] Nevermind.