Cryptography Reference
In-Depth Information
.
011
0
000
1
011
00
01
0
0
11
00
01
1
a
c
b
We append a “1” followed by
k
= 423 zero bits, where
k
is determined by
k
≡
448
−
(
l
+ 1)=448
−
25 = 423 mod 512
.
Finally, we append the 64-bit value which contains the binary representation of
the length
l
= 24
10
= 11000
2
. The padded message is then given by
1
..
.
0
00
...
0
1
1000
.
0
11
00
00
1
0
11
00
01
0
0
11
0
001
1
423 zeros
a
b
c
l
=24
Dividing the padded message
Prior to applying the compression function, we
need to divide the message into 512-bit blocks
x
1
,
x
2
, ... ,
x
n
. Each 512-bit block
can be subdivided into 16 words of size of 32 bits. For instance, the
i
th block of
the message
x
is split into:
x
i
=(
x
(0)
x
(1)
i
...
x
(15)
i
)
i
where
x
(
k
i
are words of size of 32 bits.
Initial value
H
0
A 160-bit buffer is used to hold the initial hash value for the first
iteration. The five 32-bit words are fixed and given in hexadecimal notation as:
A
=
H
(0)
0
=
67452301
B
=
H
(1)
0
=
EFCDAB89
C
=
H
(2)
0
=
98BADCFE
D
=
H
(3)
0
=
10325476
E
=
H
(4)
0
=
C3D2E1F0
.
11.4.2 Hash Computation
Each message block
x
i
is processed in four stages with 20 rounds each as shown in
Figure 11.11. The algorithm uses
a message schedule which computes a 32-bit word
W
0
,
W
1
, ...,
W
79
for each of the
80 rounds. The words
W
j
are derived from the 512-bit message block as follows:
W
j
=
x
(
j
)
0
≤
j
≤
15
i
(
W
j
−
16
⊕
W
j
−
14
⊕
W
j
−
8
⊕
W
j
−
3
)
16
≤
j
≤
79
,
≪
1
where
X
≪
n
indicates a circular left shift of the word
X
by
n
bit positions.