Algorithm for generating a hash function GOST R 34.11-94

A hash function is a mathematical calculation that results in a sequence of bits (digital code). With this result, it is impossible to restore the original data used for the calculation.

Hash - a sequence of bits obtained as a result of calculating the hash function.

GOST R34.11-94 is a Russian cryptographic standard for computing a hash function. It was introduced on May 23, 1994. The hash size is 256 bits. The input data block size is 256 bits. The algorithm was developed by GUBS FAPSI and VNIIS.

The standard defines an algorithm and procedure for computing a hash function for a sequence of characters. This standard is mandatory for use as a hashing algorithm in state organizations of the Russian Federation and a number of commercial organizations.

The Central Bank of the Russian Federation requires the use of GOST R 34.11-94 for electronic signature documents provided to him.

Features of GOST R 34.11-94 are:

When processing blocks, transformations are used according to the GOST 28147-89 algorithm;

A block of 256 bits is processed, and the output value is also 256 bits long;

Anti-collision search based on the incompleteness of the last block has been applied;

Blocks are processed according to the encryption algorithm GOST 28147-89, which contains transformations on S-blocks, which significantly complicates the application of the differential cryptanalysis method to the search for collisions.

The function is used when implementing digital signature systems based on an asymmetric crypto algorithm according to the GOST R 34.10-2001 standard. The community of Russian CIPF developers agreed on the GOST R 34.11-94 parameters used in the Internet:

Use of public keys in certificates;

Use to protect messages in S / MIME (Cryptographic Message Syntax, PKCS # 7);

Use to secure connections in TLS (SSL, HTTPS, WEB);

Use to secure messages in XML Signature (XML Encryption);

Protecting the integrity of Internet addresses and names (DNSSEC).

In 2008, a team of experts from Austria and Poland discovered a technical vulnerability that reduced the search for collisions by 223 times. The number of operations required to find a collision is thus 2105, which, however, is this moment practically unrealizable. Carrying out a collision attack in practice makes sense only in the case of a digital signature of documents, and if a hacker can change an unsigned original.

EDS generation algorithm GOST R 34.10-2001

Electronic digital signature (EDS) - an analogue of a handwritten signature - to give an electronic document legal force equal to a paper document signed with the handwritten signature of an authorized person and / or sealed.

An electronic digital signature, or EDS, is becoming an increasingly common way to certify a document. In some cases, the digital mark has no alternatives. For example, when conducting electronic auctions or participating in auctions held on the Internet. In this case, the presence of an EDS is regulated by law. In accordance with federal law 1-FZ of January 10, 2002 "On electronic digital signature", an EDS in an electronic document is an analogue of a handwritten signature in a paper document. Due to the presence of such, an electronic document acquires legal significance. The presence of an EDS guarantees its authenticity and protects against forgery, and also helps to identify the owner of the digital signature certificate and prevent distortion in the document.

An electronic signature is formed as a result of cryptographic data transformation and is a unique sequence of characters known only to its owner. Such properties of EDS as uniqueness and reliability make it an indispensable attribute of documents in the organization of legally significant electronic document management.

The digital signature is designed to authenticate the person who signed the electronic document. In addition, the use of a digital signature allows you to:

Integrity control of the transferred document: in case of any accidental or intentional change of the document, the signature will become invalid, because it is calculated on the basis of initial state document and corresponds only to it;

Protection against changes (forgery) of the document: the guarantee of forgery detection during integrity control makes forgery impractical in most cases;

Proof of document authorship: Since a valid signature can only be created by knowing the private key, and it should be known only to the owner, the owner of the key pair can prove his authorship of the signature under the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “timestamp”, etc. can be signed.

All these properties of the EDS allow it to be used for the following purposes:

Declaration of goods and services (customs declarations);

Registration of real estate transactions;

Use in banking systems;

E-commerce and government orders;

Control of execution of the state budget;

In systems of appeal to authorities;

For mandatory reporting to government agencies;

Organization of legally significant electronic document management;

In settlement and trading systems.

GOST R 34.10-2001 the algorithm was developed by the Main Communications Security Directorate of the Federal Agency for Government Communications and Information under the President Russian Federation with the participation of the All-Russian Research Institute of Standardization. It was developed instead of GOST R 34.10-94 to ensure greater stability of the algorithm.

GOST R 34.10-2001 is based on elliptic curves. Its strength is based on the complexity of calculating the discrete logarithm in a group of points of an elliptic curve, as well as on the strength of the hash function according to GOST R 34.11-94. The principle of signing an electronic document is to encrypt according to GOST R 34.10-2001 the received hash algorithm GOST R 34.11-94 private key on the transmitting side. Signature verification on the receiving side is carried out by obtaining a hash from the message and decrypting public key encrypted hash values transmitted along with the message, if these hashes are equal, then the signature is correct (figure 2.1).

Figure 2.1 - Signing and verification process digital signature

After signing the message, a 512-bit digital signature and a text field are appended to it. The text field can contain, for example, the date and time of sending or various information about the sender.

Analysis of a software crypto provider " CryptoPro CSP” showed its effectiveness when using cryptographic encryption algorithms, hash functions, electronic digital signatures that comply with the GOST standard and have been certified by the FSB.

The use of the application based on the crypto-provider "CryptoPro CSP" will automate the processes: encryption, digital signature of several documents from the package at once software Microsoft Office 2007-2010 Word, Excel, signature verification. This will greatly increase work efficiency and reduce the percentage of errors in the processing process. electronic documents. The use of encryption with the GOST 28147-89 algorithm allows you to transfer information containing trade secrets over open communication channels, it is also possible to hide in encrypted archives especially important information, thereby limiting access to it to a strictly defined circle of people.

GOST R ISO 3411-99

STATE STANDARD OF THE RUSSIAN FEDERATION

EARTH-MOVING MACHINES

Anthropometric data of operators
and minimum working space around the operator

GOSSTANDART OF RUSSIA

Moscow

Foreword

1 DEVELOPED AND INTRODUCED by the Technical Committee for Standardization TC 295 "Earth-moving machines"

2 ADOPTED AND INTRODUCED BY Decree of the State Standard of Russia dated November 30, 1999 No. 460-st

3 This International Standard is the complete authentic text of ISO 3411-95, Earth-moving machinery. Anthropometric data of operators and the minimum working space around the operator»

4 INTRODUCED FOR THE FIRST TIME

GOST R ISO 3411-99

STATE STANDARD OF THE RUSSIAN FEDERATION

EARTH-MOVING MACHINES

Anthropometric data of operators and minimum working space around the operator

earth moving machinery. Human physical dimensions of operators and minimum operator space envelope

Introduction date 2000-07-01

1 area of ​​use

This International Standard specifies the anthropometric data of earth-moving machine operators and the minimum working space around the operator, limited by the internal dimensions of the cabs and devices. ROPS, FOPS used on earthmoving machines.

The standard applies to earth-moving machines in accordance with GOST R ISO 6165.

The requirements of this standard are mandatory.

2 Normative references

This standard makes reference to the following standards.

GOST 27258-87 (ISO 6682-86) Earth-moving machines. Comfort and reach zones for controls

GOST 27715-88 (ISO 5353-95) Earth-moving machines, tractors and machines for agricultural work and forestry. Seat reference point

3) Head width measurements are given without ears.

4) Head dimensions:

with helmet: length » 310 mm, width » 270 mm;

with helmet: length » 280 mm, width » 230 mm.

table 2

In millimeters

4.3 Upright position

All dimensions shown in the tables are for operators in the extended position. In the normal position, the human body, as it were, gives a draft and the measurement results in this case will be somewhat underestimated: growth values ​​( 1A) and arm-raised reach ( 2 A) will be lowered by approximately 15 mm, and the sitting height ( 3A) and eye height ( 3B) in the sitting position will be lowered by about 25 mm.

Table 3

In millimeters

Table 4

In millimeters

5 Minimum working space around the operator

5.1 Minimum recommended working space around the operator in overalls, limited by the internal dimensions of the cabin and devices ROPS, FOPS , shown in the figure for the operator in the seated position and in the figure for the operator in a standing position. Dimensions refer to seat reference point (SIP) according to requirements GOST 27715.

1 ) SIP - seat reference point.

Figure 5 - Minimum working space around the operator in overalls for working in a sitting position, limited by the internal dimensions of the cabin and devices ROPS, FOPS

Notes e - Dimensions - according to the table.

Figure 6 - Minimum working space around the operator in overalls for working in a standing position, limited by the internal dimensions of the cabin and devices ROPS, FOPS

Note e - Dimensions d 1 and R 2 - according to the table. The dimensions of the working space in width and the clearance for the foot controls correspond to those shown in the figure.

The outline of the working space does not determine the shape of the cabin and devices ROPS, FOPS . Changes to the minimum working space around the operator for specific machines are allowed.

5.2 The minimum working space around the operator is indicated taking into account the anthropometric data of the tall operator shown in the figures. and , and is measured along the inner surface of the cabin and devices ROPS, FOPS without visible signs of deformation.

5.3 The minimum working space around the operator may be less than shown in the illustrations. and if it is found that reducing the working space around the operator when working on specific earth-moving machines increases the efficiency of his work.

Possible changes to the workspace around the operator are given below:

5.3.1 The minimum height of the working space around the operator, equal to 1050 mm relative toSIP, recommended to accommodate widely used seats and provide clearance for the operator's hardhat. The minimum height of the guardrail around the working area can be reduced to 1000 mm relative toSIPin cases where the operator does not use a protective helmet ( GOST 27715).

5.3.2 The working space height can be adjusted for the following types of seat designs:

for a seat without vertical suspension - reduced by 40 mm;

for a seat without vertical height adjustment - reduced by 40 mm;

for a seat with adjustable backrest - backrest adjustment by more than 15°.

5.4 The position of the operator may be offset from the center line of the working space in the direction of line of sight of the side surface of the earthmoving machine, provided that the minimum distance fromSIPto the inner side surface is at least 335 mm.

5.5 Some types of earth-moving machines may be designed to use a smaller working space than specified in this standard. For such machines, the minimum width of the internal space can be reduced to 650 mm. With a minimum width of space, the arrangement of controls should be provided, providing efficient work and operator comfort.

5.6 If the operator, when operating the steering controls or accessing the rear controls,SIP, leans forward, the minimum clearance between the back wall and the operator can be reduced to 250 mm plus 1/2 of the fore-aft adjustment of the seat.

5.7 Location of controls - by GOST 27258.

Notes e - In some parts of the world, more than 5% of operators have leg lengths below the values ​​given for short operators. This should be taken into account when adjusting the location of comfort zones and reach for foot controls in accordance with GOST 27258.

Key words: earth-moving machines, machine operators, dimensions of operators, working space

Algorithm GOST 3411 is an domestic standard for hash functions. Hash code length, 256 bits. The algorithm breaks the message into blocks, the length of which is also 256 bits. In addition, the algorithm parameter is the starting hash vector H - an arbitrary fixed value, also 256 bits long.

The message is processed in blocks of 256 bits from right to left, each block is processed according to the following algorithm.

Generation of four keys K j =1…4, 256 bits long by permutation and shift

intermediate value hash code H 256 bits long;

the current processed block of the message M with a length of 256 bits;

and some constants C 2, C 4 \u003d 0, C 3 \u003d 1 8 0 8 1 16 0 24 1 16 0 8 (0 8 1 8) 2 1 8 0 8 (0 8 1 8) 4 (1 8 0 8) 4 , where the exponent denotes the number of repetitions of 0 or 1.i = 0 with a length of 256 bits.

a) Each 256-bit value is treated as a sequence of 32 8-bit values ​​that are permutedPformulay=(x), wherex- serial number of the 8-bit value in the original sequence;y- serial number of the 8-bit value in the resulting sequence.

y=(x) = 8i + k, where i = 0 ÷ 3, k = 1 ÷ 8

b) ShiftAis determined by the formula

A (x) = (x 1 x 2) & x 4 & x 3 & x 2, where x i - corresponding 64 bits of a 256-bit valueX,

c) To define a keyK 1 are assigned the following initial values:

K 1 = P (H M)

KeysK 2 , K 3 , K 4 are calculated sequentially according to the following algorithm:

K i = R(A(H)WITH i )A(A(M)).

2. Encryption of 64-bit values ​​of the intermediate hash code H on the keys K i (i = 1, 2, 3, 4) using the GOST 28147 algorithm in the simple replacement mode.

a) Hash codeHtreated as a sequence of 64-bit valuesH=h 4 &h 3 &h 2 &h 1

b) Encryption is performed using the GOST 28147 algorithm

S j = E Ki [ h i ]

c) Resulting sequenceS j , j = 1, 2, 3, 4 256 bits long is stored in a temporary variable

S = s 1 & s 2 & s 3 & s 4

3. Mixing the encryption result.

a) A 256-bit value is treated as a sequence of sixteen 16-bit values η 16 & η 15 & ...& η 1

b) Shift is denotedΨ and is defined as follows

η 1 η 2 η 3 η 4 η 13 η 16 & η 16 & ... & η 2

c) The resulting hash code value is defined as follows:

X(M, H) = 61 (H(M 12 (S)))

whereH- the previous value of the hash code,M- current block being processed, Ψ i - i-th degree of transformationΨ .

Execution logic GOST 3411

The input parameters of the algorithm are:

initial message M of arbitrary length;

starting hash vector H, 256 bits long;

checksum Z 256 bits long and initial value =0.

variable L=M.

The message M is divided into blocks of 256 bits, each i the block is processed from right to left as follows:

The last block M" is processed as follows:

The value of the hash function is H.

What is needed

Implementation

// The function calculates the hash sum according to the GOST 34.11-94 algorithm
// Parameters
// String - String - source string.
// Return value:
// String - hash sum as a 64-character string in hexadecimal format.
Function CalculateHashSumPOGOST_3411(String) Export

CADESCOM_HASH_ALGORITHM_CP_GOST_3411 = 100;

HashedData = New COMObject("CAdESCOM.HashedData");
// Specify the hashing algorithm.
HashedData.Algorithm = CADESCOM_HASH_ALGORITHM_CP_GOST_3411;
// Transfer data, encode the string into a sequence of UTF-8 bytes.
UTF8Encoding = New COMObject("System.Text.UTF8Encoding");
HashedData.Hash(UTF8Encoding.GetBytes_4(String));

// Return the computed hash sum.
Return HashedData.Value;

EndFunction // CalculateHashSumPOGOST_3411()

The result of the function:
Processing can be downloaded here

Hash size - 256 or 512 bits; input data block size - 512 bits.

The standard defines an algorithm and procedure for computing a hash function for a sequence of characters. This standard was developed and introduced as a replacement for the outdated standard GOST R 34.11-94:

The need for development<…>caused by the need to create a hash function that meets modern requirements for cryptographic strength and the requirements of the GOST R 34.10-2012 standard for electronic digital signature.

Standard text. Introduction.

The concept of building a hash function "Stribog"

In accordance with the requirements expressed at the RusCrypto-2010 conference, in the work on the new hash function:

• the new hash function should not have properties that would allow known attacks to be applied;
• the hash function should use learned constructions and transformations;
• calculation of the hash function should be efficient, take little time;
• there should be no unnecessary transformations that complicate the design of the hash function. Moreover, each transformation used in the hash function must be responsible for certain cryptographic properties.

In the same work, "universal" requirements are introduced regarding the complexity of attacks on the hash function:

Comparison of GOST R 34.11-2012 and GOST R 34.11-94

• In GOST R 34.11-2012, the size of the message blocks and the internal state of the hash function is 512 bits versus 256 bits in GOST R 34.11-94.
• The new standard defines two hash functions with hash code lengths of 256 and 512 bits, while in the old standard the hash code length can only be 256 bits. The ability to vary the output hash can be useful in case of inline implementations with limited resources or if there are some additional requirements in the field of cryptography.
• The main difference between the modern hash function and the old one is the compression function. GOST R 34.11-2012 uses compression functions based on three transformations: non-linear bijective transformation (denoted S), byte permutation (denoted P), linear transformation (denoted L). GOST R 34.11-94 uses a compression function based on the GOST R 28147-89 symmetric block cipher, and this function also uses mixing operations.
• When calculating a new hash function, if the message size is not a multiple of the size of the processed block (for the modern standard - 512 bits, for the old standard - 256 bits), then such a block is supplemented with a vector (00 ... 01). When calculating the old hash function, the incomplete block is padded with the value (00 ... 0). Counts [by whom?] that the complement of (00...01) is better than (00...0) from a cryptographic point of view.
• Another difference is that the GOST R 34.11-94 standard did not define the value of the initialization vector, while in the GOST R 34.11-2012 standard the value of the initialization vector is fixed and defined in the standard: for a hash function with an output hash size of 512 bits it is a vector (00...0), for a hash function with output hash code size of 256 bits - (000000010...100000001) (all bytes are 1).

Compression function

In a hash function, an important element is the compression function. In GOST R 34.11-2012, the compression function is based on the Miyaguchi-Preneel design. Below is a diagram of the Miaguchi-Prenel construction: h, m - vectors of the compression function entering the input; g(h, m) - result of compression function; E is a block cipher with a block and key length of 512 bits. The XSPL cipher is taken as a block cipher in the GOST R 34.11-2012 hash function. This cipher consists of the following transformations:

• addition modulo 2;
• substitution or substitution transformation. Denoted S-transform;
• permutation transformation. Denoted P-transform;
• linear transformation. The L-transform is denoted.

The transformations used in a new hash function should be well understood. Therefore, the block cipher E uses the transformations X, S, P, L, which are well studied.

An important parameter of a block cipher is how the key is chosen to be used on each round. In the block cipher used in GOST R 34.11-2012, the keys $K\_(1)$, $K\_(2)$, … , $K\_(13)$ for each of the 13 rounds are generated using the encryption function itself.

$C\_(1)$, $C\_(2)$, … , $C\_(12)$ are iteration constants, which are 512 bit vectors. Their meanings are specified in the relevant section of the standard.

Description

The hash function is based on the iterative Merkle-Damgard construction using MD amplification. MD amplification is understood as the addition of an incomplete block when calculating the hash function to a complete one by adding a vector (0 ... 01) of such length that a complete block is obtained. From additional elements the following should be noted:

• the final transformation, which is that the compression function is applied to the checksum of all blocks of the message modulo 2 512 ;
• when calculating the hash code, different compression functions are applied at each iteration. We can say that the compression function depends on the iteration number.

The solutions described above allow you to counter many well-known attacks.

A brief description of the hash function GOST R 34.11-2012 can be presented as follows. The input of the hash function is a message of arbitrary size. Further, the message is divided into blocks of 512 bits, if the message size is not a multiple of 512, then it is supplemented with the required number of bits. Then the compression function is iteratively used, as a result of which the internal state of the hash function is updated. The block checksum and the number of processed bits are also calculated. When all blocks of the original message have been processed, two more calculations are performed that complete the calculation of the hash function:

• processing by the compression function of a block with the total length of the message.
• processing by the block compression function with a checksum.

The work of Alexander Kazimirov and Valentina Kazimirova provides a graphical illustration of the calculation of the hash function.

Analysis

Crypto resistance

Cryptanalysis of the old standard revealed some of its weaknesses from a theoretical point of view. So in one of the works devoted to the cryptanalysis of GOST R 34.11-94, it was revealed that the complexity of the algorithm for constructing a prototype is estimated at 2,192 calculations of compression functions, collisions 2,105, which is less than the "universal" estimates, which for GOST R 34.11-94 are equal to 2 256 and 2128. Although as of 2013 there are not a large number of works devoted to the cryptographic strength of the new hash function, based on the design of the new hash function, we can draw some conclusions about its cryptographic strength and assume that its cryptographic strength will be higher than that of GOST R 34.11-94:

• in the “Description” section, it can be seen from the diagram that all blocks of the message are summed modulo 2 512 and the result of the summation of all blocks is already fed to the input of the final stage (stage3). Due to the fact that here the summation is not a bitwise addition, it is protected from the following attacks:

• construction of multicollisions;
• lengthening of the prototype;
• differential cryptanalysis;

• the compression function uses the Miaguchi-Prenely construction, this provides protection against an attack based on fixed points, since no (easy) ways have been found for the Miaguchi-Prenely construction to find fixed points;
• at each iteration, different constants are used to calculate the hash code. This makes attacks based on linked and differential linked keys, slip and reflection attacks more difficult.

In 2013, the site "Cryptology ePrint Archive: Listing for 2013" published two articles on the cryptanalysis of a new hash function. The article "Rebound attack on Stribog" explores the robustness of the hash function against an attack called "The Rebound attack"; this attack is based on "rotation cryptanalysis" and differential cryptanalysis. Cryptanalysts used a method called “free-start” when looking for vulnerabilities. This means that when calculating the hash code, a certain state of the hash function is fixed, and further calculations can go both towards calculating the hash code and towards calculating the message. The cryptanalysts were able to achieve a collision in 5 rounds and a so-called "near collision" was obtained (meaning that two messages were found whose hash codes are different in a small number of bits) using 7.75 rounds. It was also found that the scheme by which the keys are chosen for each round adds stability to the compression function. However, it has been shown that collision is possible in 7.75 rounds, and "near collision" in 8.75 and 9.75, respectively.

The article "Integral Distinguishers for Reduced-round Stribog" discusses the strength of a hash function (with a reduced number of rounds) against integral cryptanalysis. The authors, when studying the compression function, managed to find the differential in 4 rounds when calculating in the forward direction and in 3.5 rounds when calculating in the opposite direction. It was also found that a differential attack on a hash function with rounds of 6 and 7 requires 264 and 2120 average rounds, respectively.

To study the cryptographic strength of a new hash function, the InfoTeKS company announced the start of a competition in November 2013; it ended in May 2015. The winner was The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function, in which the authors presented an attack to find the second preimage for the Stribog-512 hash function, requiring 2,266 compression function calls for messages longer than 2 259 blocks.

Performance

On the site dedicated to VI International Conference“Parallel Computing and Control Problems” (PACO’2012) presents an article by P. A. Lebedev “Comparison of the old and new Russian standards for a cryptographic hash function on the CPU and GPUs NVIDIA”, which compares the performance of the family of cryptographic hash functions GOST R 34.11-94 and GOST R 34.11-2012 on x86_64 architecture processors and NVIDIA video cards with CUDA technology support.

To compare performance on an x86_64 processor, 4 different implementations of hash functions were taken:

Processor used Intel Core i7-920 CPU overclocked to 2.67 GHz. Performance results:

Comparison of the speed of the old and new standards of hash functions on the GPU was carried out between the implementations of P. A. Lebedev. used NVIDIA graphics card GTX 580. Performance results (8192 x 16K data streams):

Based on these results, it is concluded that the GOST R 34.11-2012 hash function can be twice as fast as the GOST R 34.11-94 hash function on modern processors, but slower on graphics cards and systems with limited resources.

These performance results can be explained by the fact that the calculation of the new hash function uses only modulo 2 additions and data transfer instructions. The old hash function contains many shuffle instructions that do not map well to the CPU instruction set. But the increased size of states and substitution tables of the GOST R 34.11-2012 hash function makes it slower on highly parallel computing facilities such as GPUs.

Also, a study of the performance of the new hash function was carried out by its developers on a 64-bit processor. Intel Xeon E5335 2 GHz. One core was used. The performance of the GOST R 34.11-2012 hash function was 51 processor cycles per 1 byte of hashed data (approximately 40 MB/s). The result obtained is 20% better than the old hash function GOST R 34.11-94.

• At the end of the text of the standard, examples of step-by-step hash calculation for several initial values ​​are given. One of these values ​​is the hexadecimal number M 2 of length 576 bytes from example 2. On an x86 computer, the Little endian method is used, and such a number will be represented in memory in an “inverted” form. If this byte array is converted into text according to the Windows-1251 encoding rules, then it will turn out: “All the winds, Stribozh vnutsi, blow from the sea with arrows on Igor’s brave plows”, which is a slightly modified line from the Word about Igor’s regiment.

Write a review on the article "GOST R 34.11-2012"

Notes

Links

• , 2013

An excerpt characterizing GOST R 34.11-2012

From the house of Prince Shcherbatov, the prisoners were led straight down the Maiden Field, to the left of the Maiden Monastery, and led to the garden, on which stood a pillar. Behind the post was a large pit with freshly dug earth, and a large crowd of people stood in a semicircle around the pit and the post. The crowd consisted of a small number of Russians and a large number of Napoleonic troops out of order: Germans, Italians and French in heterogeneous uniforms. To the right and left of the pillar stood fronts of French troops in blue uniforms with red epaulettes, boots and shakos.
The criminals were placed in a certain order, which was on the list (Pierre was the sixth), and brought to the post. Several drums suddenly struck from both sides, and Pierre felt that with this sound, a part of his soul seemed to be torn off. He lost the ability to think and reason. He could only see and hear. And he had only one desire - the desire that something terrible be done as soon as possible, which had to be done. Pierre looked back at his comrades and examined them.
Two people from the edge were shaved guards. One is tall, thin; the other is black, furry, muscular, with a flattened nose. The third was a courtyard, about forty-five years old, with graying hair and a full, well-fed body. The fourth was a peasant, very handsome, with a bushy blond beard and black eyes. The fifth was a factory worker, yellow, thin fellow, eighteen years old, in a dressing gown.
Pierre heard that the French were discussing how to shoot - one at a time or two at a time? “Two,” the senior officer answered coldly and calmly. There was a movement in the ranks of the soldiers, and it was noticeable that everyone was in a hurry - and they were in a hurry not in the way they are in a hurry to do a task that is understandable to everyone, but in the same way as they are in a hurry to complete a necessary, but unpleasant and incomprehensible task.
A French official in a scarf approached the right side of the line of criminals and read the verdict in Russian and French.
Then two pairs of Frenchmen approached the criminals and, at the direction of the officer, took two guards who were standing on the edge. The watchmen, going up to the post, stopped and, while they brought the bags, silently looked around them, as a downed animal looks at a suitable hunter. One kept crossing himself, the other scratched his back and made a movement like a smile with his lips. The soldiers, hurrying with their hands, began to blindfold them, put on bags and tie them to a post.
Twelve men of shooters with rifles stepped out from behind the ranks with measured, firm steps and stopped eight paces from the post. Pierre turned away so as not to see what was to come. Suddenly there was a crash and a roar, which seemed to Pierre louder than the most terrible thunderclaps, and he looked around. There was smoke, and the French, with pale faces and trembling hands, were doing something by the pit. They took the other two. In the same way, with the same eyes, these two looked at everyone, in vain, with the same eyes, silently, asking for protection and, apparently, not understanding and not believing what would happen. They could not believe, because they alone knew what their life was like for them, and therefore did not understand and did not believe that it could be taken away.
Pierre wanted not to look and turned away again; but again, as if a terrible explosion struck his hearing, and together with these sounds he saw smoke, someone's blood, and the pale, frightened faces of the French, again doing something at the post, pushing each other with trembling hands. Pierre, breathing heavily, looked around him, as if asking: what is this? The same question was in all the looks that met Pierre's.
On all the faces of Russians, on the faces of French soldiers, officers, all without exception, he read the same fear, horror and struggle that were in his heart. “But who is doing this after all? They all suffer just like me. Who? Who?” - for a second flashed in Pierre's soul.
– Tirailleurs du 86 me, en avant! [Arrows of the 86th, forward!] Someone shouted. They took the fifth, who was standing next to Pierre, - one. Pierre did not understand that he was saved, that he and all the others were brought here only to be present at the execution. He looked at what was being done with ever-increasing horror, feeling neither joy nor calm. The fifth was a factory worker in a dressing gown. As soon as they touched him, he jumped back in horror and grabbed Pierre (Pierre shuddered and pulled away from him). The factory worker could not go. They dragged him under the armpits, and he shouted something. When they brought him to the post, he suddenly fell silent. He seemed to suddenly understand something. Either he realized that it was useless to shout, or that it was impossible for people to kill him, but he stood at the post, waiting for the bandage along with the others and, like a wounded animal, looking around him with shining eyes.
Pierre could no longer take it upon himself to turn away and close his eyes. The curiosity and excitement of him and the whole crowd at this fifth murder reached the highest degree. Like the others, this fifth one seemed calm: he wrapped his robe and scratched one bare foot against the other.
When they began to blindfold him, he straightened the very knot on the back of his head, which cut him; then, when they leaned him against a bloodied post, he fell back, and, as he was uncomfortable in this position, he recovered and, placing his legs evenly, leaned calmly. Pierre did not take his eyes off him, not missing the slightest movement.
A command must have been heard; after the command, shots of eight guns must have been heard. But Pierre, no matter how much he tried to remember later, did not hear the slightest sound from the shots. He only saw how, for some reason, the factory worker suddenly sank down on the ropes, how blood appeared in two places, and how the very ropes, from the weight of the hanging body, unraveled and the factory worker, unnaturally lowering his head and twisting his leg, sat down. Pierre ran up to the post. Nobody held him back. Frightened, pale people were doing something around the factory. An old, mustachioed Frenchman's jaw shook as he untied the ropes. The body went down. The soldiers awkwardly and hurriedly dragged him behind a post and began to push him into the pit.
Everyone, apparently, undoubtedly knew that they were criminals who needed to cover up the traces of their crime as soon as possible.
Pierre looked into the pit and saw that the factory worker was lying there with his knees up, close to his head, one shoulder higher than the other. And this shoulder convulsively, evenly fell and rose. But already shovels of earth were falling all over the body. One of the soldiers angrily, viciously and painfully shouted at Pierre to return. But Pierre did not understand him and stood at the post, and no one drove him away.
When the pit was already filled up, a command was heard. Pierre was taken to his place, and the French troops, standing in fronts on both sides of the pillar, made a half-turn and began to walk past the pillar with measured steps. Twenty-four men of riflemen with unloaded rifles, standing in the middle of the circle, ran up to their places, while the companies passed by them.
Pierre was now looking with meaningless eyes at these shooters, who ran out of the circle in pairs. All but one joined the companies. A young soldier with a deadly pale face, in a shako that fell back, having lowered his gun, was still standing opposite the pit in the place from which he fired. He staggered like a drunk, taking a few steps forward and then back to support his falling body. An old soldier, a non-commissioned officer, ran out of the ranks and, grabbing a young soldier by the shoulder, dragged him into the company. The crowd of Russians and French began to disperse. Everyone walked in silence, with their heads bowed.
- Ca leur apprendra a incendier, [This will teach them to set fire.] - said one of the French. Pierre looked back at the speaker and saw that he was a soldier who wanted to console himself with something in what had been done, but could not. Without finishing what he started, he waved his hand and walked away.

After the execution, Pierre was separated from the other defendants and left alone in a small, ruined and filthy church.
Before evening, the guard non-commissioned officer with two soldiers entered the church and announced to Pierre that he was forgiven and was now entering the barracks of prisoners of war. Not understanding what they told him, Pierre got up and went with the soldiers. He was led to the booths built at the top of the field from burnt boards, logs and hews and entered into one of them. In the darkness about twenty different people surrounded Pierre. Pierre looked at them, not understanding who these people were, why they were and what they wanted from him. He heard the words that were spoken to him, but did not draw any conclusion or application from them: he did not understand their meaning. He himself answered what was asked of him, but did not understand who was listening to him and how his answers would be understood. He looked at faces and figures, and they all seemed equally meaningless to him.
From the moment Pierre saw this terrible murder committed by people who did not want to do this, it was as if in his soul that spring was suddenly pulled out, on which everything was supported and seemed to be alive, and everything fell into a heap of senseless rubbish. In him, although he did not realize himself, faith was destroyed in the improvement of the world, and in the human, and in his soul, and in God. This state was experienced by Pierre before, but never with such force as now. Before, when such doubts were found on Pierre, these doubts had their source of guilt. And in the very depths of his soul, Pierre then felt that from that despair and those doubts there was salvation in himself. But now he felt that it was not his fault that the world had collapsed in his eyes and only meaningless ruins remained. He felt that it was not in his power to return to faith in life.
Around him in the darkness stood people: it is true that something interested them very much in him. They told him something, asked about something, then they took him somewhere, and he finally found himself in the corner of the booth next to some people who were talking from different sides, laughing.
“And now, my brothers ... the same prince who (with a special emphasis on the word which) ...” said a voice in the opposite corner of the booth.
Silently and motionlessly sitting against the wall on the straw, Pierre first opened and then closed his eyes. But as soon as he closed his eyes, he saw before him the same terrible, especially terrible in its simplicity, the face of a factory worker and the faces of involuntary murderers, even more terrible in their anxiety. And he opened his eyes again and stared senselessly in the darkness around him.
Sitting next to him, bent over, was a small man, whose presence Pierre noticed at first by the strong smell of sweat that separated from him with his every movement. This man was doing something in the dark with his legs, and, despite the fact that Pierre did not see his face, he felt that this man was constantly looking at him. Looking closely in the darkness, Pierre realized that this man was taking off his shoes. And the way he did it interested Pierre.
Unwinding the twine with which one leg was tied, he carefully folded the twine and immediately set to work on the other leg, looking at Pierre. While one hand was hanging the string, the other was already beginning to unwind the other leg. Thus, in neat, round, argumentative movements that followed one after another without slowing down, the man took off his shoes and hung his shoes on pegs driven in above his heads, took out a knife, cut something, folded the knife, put it under the head of the head and, having sat down better, hugged his raised knees with both hands and stared directly at Pierre. Pierre felt something pleasant, soothing and round in these contentious movements, in this well-organized household in the corner, in the smell of even this man, and he, without taking his eyes off, looked at him.
- And you saw a lot of need, master? A? said the little man suddenly. And such an expression of affection and simplicity was in the melodious voice of a man that Pierre wanted to answer, but his jaw trembled, and he felt tears. The little man at the same moment, without giving Pierre time to show his embarrassment, spoke in the same pleasant voice.