Cryptography Reference
In-Depth Information
The operation within round
j
in stage
t
is given by
A
,
B
,
C
,
D
,
E
=(
E
+
f
t
(
B
,
C
,
D
)+(
A
)
≪
5
+
W
j
+
K
t
)
,
A
,
(
B
)
≪
30
,
C
,
D
and is depicted in Figure 11.12. The internal functions
f
t
and constants
K
t
change
AB C D E
f
t
<<<
5
<<<
30
W
j
K
t
AB C D E
Fig. 11.12
Round
j
in stage
t
of SHA-1
depending on the stage according to Table 11.3, i.e., every 20 rounds a new function
and a new constant are being used. The function only uses bitwise Boolean opera-
tions, namely logical AND (
), NOT (top bar) and XOR. These operation
are applied to 32-bit variables and are very fast to implement on modern PCs.
A SHA-1 round as shown in Figure 11.12 has some resemblance to the round of
a Feistel network. Such structures are sometimes referred to as generalized Feistel
networks. Feistel networks are generally characterized by the fact the first part of
the input is copied directly to the output. The second part of the input is encrypted
using the first part, where the first part is sent through some function, e.g., the
f
-
function in the case of DES. In the SHA-1 round, the inputs
A
,
B
,
C
and
D
are
passed to the output with no change (
A
,
C
,
D
), or only minimal change (rotation of
B
). However, the input word
E
is “encrypted” by adding values derived from the
other four input words. The message-derived value
W
i
and the round constant play
the role of subkeys.
∧
), OR (
∨
Table 11.3
Round functions and round constants for the SHA rounds
Stage
t
Round
j
Constant
K
t
Function
f
t
(
B
1
0
...
19
K
1
=
5A827999
f
1
(
B
,
C
,
D
)=(
B
∧
C
)
∨
∧
D
)
2
20
...
39
K
2
=
6ED9EBA1
f
2
(
B
,
C
,
D
)=
B
⊕
C
⊕
D
3
40
...
59
K
3
=
8F1BBCDC
f
3
(
B
,
C
,
D
)=(
B
∧
C
)
∨
(
B
∧
D
)
∨
(
C
∧
D
)
4
60
...
79
K
4
=
CA62C1D6
f
4
(
B
,
C
,
D
)=
B
⊕
C
⊕
D
