Cryptography Reference
In-Depth Information
> bitXor := proc()
add(args[i], i=1..nargs) mod 2
end proc:
> bitNot := proc(l)
[seq(1-l[i], i=1..nops(l))]
end proc:
The next function implements the sum of 32-bit words modulo 2 32 . The function
is capable of adding more than two 32-bit lists, as will be done on some occasions:
> Summod2e32 := proc()
local l;
l := map(bits2integer, [args]);
integer2bits(add(i, i = l) mod 2ˆ32, 32)
end proc:
We next define the ROTR n and SHR n operations on words:
> Rotr := (l, n) -> ListTools:-Rotate(l, -n):
> Shr := (l, n) -> [0$n, op(Rotr(l, n)[1+n .. nops(l)])]:
Now we give the six SHA-256 'logical functions' of [74, 4.1.2]. We use names
similar to those in [74] (where some of these names are given by Greek letters which
here we represent by the letters' names).
> Ch := (x,y,z) -> bitXor(bitAnd(x,y), bitAnd(bitNot(x),z)):
> Maj := (x,y,z) -> bitXor(bitAnd(x,y),bitAnd(x,z), bitAnd(y,z)):
> Sigma0 := x -> bitXor(Rotr(x,2), Rotr(x,13), Rotr(x,22)):
> Sigma1 := x -> bitXor(Rotr(x,6), Rotr(x,11), Rotr(x,25)):
> sigma0 := x -> bitXor(Rotr(x,7), Rotr(x,18), Shr(x,3)):
> sigma1 := x -> bitXor(Rotr(x,17), Rotr(x,19), Shr(x,10)):
We are now ready to deal with the SHA-256 preprocessing. Padding is carried out
by the next function. The input is the message given as a list of bits and the output
is the padded list.
> shapad := proc (message::list)
local l, j, bl;
l := nops(message);
bl := integer2bits(l, 64);
j := 447-l mod 512;
[op(message), 1, 0$j, op(bl)]
end proc:
The padded message must be partitioned into 512-bit blocks and each of these
blocks, in turn, into sixteen 32-bit words. This is accomplished by the next couple
of functions:
> partition := (lis,long) ->
[seq(lis[1+(i-1)*long..i*long],i=1..iquo(nops(lis),long))]:
> preprocess := lis -> map(x -> partition(x, 32), partition(lis, 512)):
Next we define the initial hash value Hinit used by the compression function of
SHA-256. It consists of eight 32-bit words which are obtained as the first 32bits of
the fractional part of the square roots of the first eight primes. We use the previously
defined function frac32bin to compute these fractional parts:
> Hinit := map(x -> frac32bin(x, 1/2), map(ithprime, [$1 .. 8])):
 
Search WWH ::




Custom Search