Interview with cryptographer Wang Xiaoyun: cracking the hash function algorithm, she insisted on 10 years

Author: Zhang Lu, Beijing News reporter

Source: Beijing News

On September 7 this year, the 2019 Future Science Awards were announced. This four-year award ushered in the first female winner, the cryptographer Wang Xiaoyun. In the information age, financial services, network security, and so on are inseparable from the "escort" of the cryptosystem. In the eyes of the public, the password is mysterious, and Wang Xiaoyun’s experience of cracking and designing passwords is even more legendary.

MD5 and SHA-1 were the most advanced international passwords, and it is considered by experts that they need to be operated for 1 million years. In 2004 and 2005, the two "fixed gold soup" algorithms were cracked by Wang Xiaoyun, causing a strong "earthquake" in the international cryptography community.

In 2005, Wang Xiaoyun and domestic experts designed China's first hash function algorithm standard SM3. Today, SM3 has escorted many industries in China.

On the evening of November 16th, Wang Xiaoyun, who was dressed in short hair and with a typical scholarly style, appeared in the 2019 Future Science Awards Week. Asked about the feeling of the award, the low-key scientist said that she is very grateful to everyone for her support and care, I hope everyone pays more attention to and support the password technology business and young talents in this field.

Wang Xiaoyun was interviewed by the media in the Future Science Awards Week. Photo by Xinjing News reporter Zhang Wei

Strong interest in physics and chemistry from small logarithm

In 1966, Wang Xiaoyun was born in a teacher family in Zhucheng, Shandong. Her father graduated from the mathematics and chemistry class of Zhucheng Normal School. Influenced by his father, Wang Xiaoyun showed strong interest in mathematics and physics from an early age.

Due to her excellent mathematics in the college entrance examination, she applied for the Department of Mathematics at Shanda University. At that time, the Faculty of Mathematics at Shanda University was strong, and the professors were very well-known professors such as the famous mathematician Pan Chengdong.

In 1987, Wang Xiaoyun was admitted to the graduate school of Shandong University and studied analytic number theory with Pan Chengdong. More than a year later, under the advice of the instructor, Wang Xiaoyun transferred to cryptography. This decision became a major turning point in her research career.

After receiving a doctorate in basic mathematics from Shandong University, Wang Xiaoyun stayed on as a teacher. Without research funding, she started her password research on the only small desk.

Break through the two international password castles

In August 2004, at the International Cryptography Conference held in Santa Barbara, California, the research report of Chinese cryptographer Wang Xiaoyun triggered the applause of the venue. She and the research team identified the "vulnerabilities" that caused the indestructible cryptographic algorithm bastion to collapse instantly.

Over the years, the hash functions MD5 and SHA-1 have been recognized as the most advanced and widely used two important algorithms in the world. Widely used in e-commerce fields such as finance and securities. According to the conventional method, even an advanced computer needs to be operated for 1 million years to be cracked.

At the International Cryptography Conference, Wang Xiaoyun first announced the research results of her and the research team – the results of cracking four famous cryptographic algorithms such as MD5. After the field scholars were amazed, they reported warm applause. Some scholars even stood up to pay tribute and made the report interrupted.

In 2005, Wang Xiaoyun announced another news of cracking SHA-1. SHA-1 has a wider application in countries such as the United States, and the cryptographic algorithm has been cracked again, causing strong repercussions.

"Password is a process of attack and defense. Why is the international and domestic password design level so high? It depends on the continuous improvement of cryptanalysis, and constantly discovers the loopholes in the cryptosystem, so as to know where to guard against it. It must be designed to defend against all attacks. Sex, think of future attacks as much as possible, and design a better password system."

Wang Xiaoyun cracked five international general hash function algorithms. What is her successful password? Wang Xiaoyun is attributed to "persistence". "A person who can persist in doing something for 10 years can certainly do it."

Wang Xiaoyun admits that her analysis of the hash function has been done for almost 10 years. "In the beginning, I didn't have a big ideal. Now, the hash function is the basic technology of the blockchain. At the time, it was the key technology that many passwords could not be separated. The two major hash functions supported by the cryptosystem. Algorithms, MD5 and SHA-1. I wanted to analyze the security of these algorithms."

The password is boring and difficult in many people's eyes. Wang Xiaoyun said that because she is a basic mathematics student, she feels better about mathematics. In the process of analysis, she regards these algorithms as special mathematical functions, and found many rules based on her feelings. . As the difficulty of cryptographic algorithm analysis increases, a complete set of cryptanalysis systems is built.

Design China's first hash function algorithm standard SM3

After the two pillar algorithms of the hash function were hit hard, the National Institute of Standards and Technology collected a new international standard hash function algorithm from global cryptographers. Wang Xiaoyun abandoned the design of the new international standard cryptographic algorithm and turned to the domestic hash. Function algorithm standard.

In 2005, Wang Xiaoyun and other domestic experts designed China's first hash function algorithm standard SM3, and its security has been highly recognized at home and abroad. SM3-containing cryptographic products approved by the National Cryptographic Authority, such as financial social security cards, new generation bank chip cards and smart meters, have been widely used throughout the country.

After the release of SM3, dozens of industry standards in the field of password-related fields were released, and the country's understanding of cyber security issues became clearer and deeper.

Wang Xiaoyun said that in the past few years, China’s science and technology incentive policies have been good, and the state has invested heavily in science and technology funds. "From my personal experience, I used my own money to do scientific research, and I began to support research funding. Now the state supports our major projects and projects. The support can be said to increase by several times."

"We must use our research capabilities to do a good job of national password protection to make our network safer and protect the interests of the people." Wang Xiaoyun said this in terms of future research dreams.

Wang Xiaoyun made an academic report at Tsinghua University. Future forum

Female scientist who loves to raise flowers and loves collecting stamps

In the imagination of the public, female scientists are rigorous, intelligent, and focused. What is Wang Xiaoyun in life? In CCTV's "Opening a Lecture" program, Wang Xiaoyun, who has a good personality, said that although the research task is heavy, she still uses flowers, housework, and the philatelic market as a way to relax.

As the first female winner of the Future Science Award, her identity has also received much attention. The low-key and humble Wang Xiaoyun said frankly that she can feel the enthusiasm of everyone and thank everyone for their support and care for her.

"I feel that I am personally over-focused. I hope that everyone can pay more attention to the cryptography technology industry and pay attention to the young talents in the password field. I hope they will get support."

Dialogue: Internet of Things, Artificial Intelligence, etc. require password technology to protect privacy

Beijing News: What problems may the privacy development of Internet of Things, artificial intelligence, big data, etc. bring? How to solve with password technology?

Wang Xiaoyun: The privacy protection issues in these areas are very serious. At present, the promotion of cryptography in these areas in China is in its infancy and does not completely solve the security problem.

The Internet of Things is complex, and it is necessary to sort out the communication systems in these areas and cover the password protection technology. The cryptosystem and the IoT communication system should be integrated to ensure their security. Promote the solution of this problem from the perspective of technical research and industrial application.

In the field of artificial intelligence, one is face recognition and biometrics. Personal privacy is easy to leak, and personal privacy protection requires the use of cryptography. Second, in terms of machine deep learning, if an attacker changes a small amount of data during the machine learning process, it will produce a very large result, which is a terrible result. Security in this area also requires cryptographic techniques. However, the solution of cryptography has just started, and further research is needed.

There are other applications for artificial intelligence that need to understand the working mechanism and further determine how cryptography is applied.

At present, data in many industries is stored in the form of big data, and some are on the cloud, and personal information protection is more severe. Once big data leaks, even hundreds of millions of people will be leaked. From the perspective of encryption, cryptographic protection can be achieved, but it may affect the processing power of big data. It takes a long time to research and protect new cryptography. There are still some security issues that need to be technologically innovative and ultimately lead to sound solutions.

Beijing News: What do you think is the biggest highlight of the Code Law that you just passed?

Wang Xiaoyun: There are many highlights in the Cryptography Law. For example, the cryptographic work adheres to the overall national security concept, adheres to the leadership of the Communist Party of China on cryptography, and proposes that the state encourages and supports cryptographic science and technology research and personnel training, which is more supportive than before. , with the law to stipulate.

The Cryptography Act clarifies the classification of passwords and divides them into core passwords, ordinary passwords, and commercial passwords. For our academic research field, we mainly focus on the academic research and technical application of commercial passwords.

The chapter "Commercial Password" also has many highlights, such as proposing a sound, unified, open, competitive and orderly commercial password market system, and treating commercial password research, production, sales, service, import and export, including foreign-invested enterprises. And other units. I think this part is very important. It provides a very good legal guarantee for China's opening up of the cryptography field, the diplomacy of China's major powers and the Belt and Road Initiative. If commercial passwords do not go abroad, many information communication and international communication cannot be interconnected.

The Cryptography Law also states that the state promotes participation in commercial cryptography international standardization activities and participates in the development of international standards for commercial ciphers. I think this can play an active role in promoting the wisdom and solutions of China's passwords, and it can also promote the scientific and technological innovation research of China's passwords. At the same time, the "national promotion of commercial password testing and certification system construction" is very important to regulate the market.

The Beijing News: The Ministry of Science and Technology and other four departments issued the "Working Plan on Strengthening Mathematical Sciences Research". What benefits does this bring to the development of cryptography?

Wang Xiaoyun: I also participated in this process and I am also a beneficiary. I am very pleased that the field of mathematics has incorporated cryptography into the field of mathematical support. The password is the field of application mathematics, mathematics application, and basic mathematics. The application of passwords is a very distinctive and very broad field in the application of mathematics. Password research is an area of ​​cross-support. China encourages support in areas such as national defense security. Basic passwords play a role in these fields. This is an unprecedented opportunity for cryptography.


Wang Xiaoyun, Professor of Yang Zhenning Lecture, Institute of Advanced Studies, Tsinghua University, Fellow of the Chinese Academy of Sciences, Fellow of the International Cryptography Association. The collision attack theory of password hash function is proposed, and five international general hash function algorithms including MD5 and SHA-1 are solved. The hash function standard SM3 of China is designed and officially becomes ISO/ in October 2018. IEC international standard. More than 50 representative papers, 3 papers won the best papers of Omi and Mei Mi. He has won the second prize of the National Natural Science Award, the National Excellent Science and Technology Worker, and the Network Security Excellent Talent Award.