Cryptography Reference
In-Depth Information
Algorithm 5.3. Compression function of SHA-256
.
Input
: An initial 256-bit hash value
H
and a 512-bit message block
M
.
Output
: A new 256-bit hash value.
Parse
H
=
H
0
||
H
1
||
...
||
H
7
and
M
=
M
0
||
M
1
||
...
||
M
15
into 32-bit words.
Initialize
64 constant 32-bit words
K
{
256
}
0
K
{
256
}
63
representing the first 32 bits
of the fractional parts of the cube roots of the first sixty-four prime numbers.
Prepare the message schedule
consisting of sixty-four 32-bit words, as follows:
,...,
M
t
0
≤
t
≤
15
,
W
t
=
{
256
}
{
256
}
σ
(
W
t
−
2
)
+
W
t
−
7
+
σ
(
W
t
−
15
)
+
W
t
−
16
16
≤
t
≤
63
.
1
1
Initialize
eight variables with the initial hash value:
a
:=
H
0
;
b
:=
H
1
;
c
:=
H
2
;
d
:=
H
3
;
e
:=
H
4
;
f
:=
H
5
;
g
:=
H
6
;
h
:=
H
7
.
for
t
from
0
to
63
do
T
1
{
256
}
K
{
256
}
t
:=
h
+
(
e
)
+
Ch
(
e
,
f
,
g
)
+
+
W
t
1
:=
{
256
}
0
T
2
(
a
)
+
Maj
(
a
,
b
,
c
)
h
:=
g
g
:=
f
f
:=
e
e
:=
d
+
T
1
d
:=
c
c
:=
b
b
:=
a
a
:=
T
1
+
T
2
end do;
return
C
(
H
,
M
)
:=
a
+
H
0
||
b
+
H
1
||
c
+
H
2
||
d
+
H
3
||
e
+
H
4
||
f
+
H
5
||
g
+
H
6
||
h
+
H
7
.
Now, SHA-256 is obtained by applying the Merkle-Damgård construction to the
compression function with the following preprocessing:
•
Padding
. If the message has a length of
l
bits then append a 1bit to the end of the
message, followed by
j
zero bits, where
j
is the smallest, non-negative solution
to the equation
l
+
+
≡
(
)
1
j
448
mod 512
. Then append the 64-bit block that is
equal to the binary representation of
l
.
•
Set the initial hash value
. The IV is the 256-bit vector formed by the eight 32-bit
words obtained by taking the first 32 bits of the fractional parts of the square roots
of the first eight prime numbers.
5.6.4 SHA-
256
in Maple
In this section we build a Maple implementation of SHA-256 following the previous
discussion and the specification in [74]. We will use some conversion functions
from Appendix A, in particular
messagetobytes
and some functions on which
it depends. We start by giving some more conversion functions that will be useful.
The first of them is the inverse of the function
integer2bits
, which converts a
