Pages:
Author

Topic: Down to Earth explanation of SHA256? (Read 2810 times)

hero member
Activity: 784
Merit: 500
August 11, 2014, 12:24:56 PM
#23
To be honest, I have no idea why it is a secure hash algorithm. I just know what is done to calculate a hash.
legendary
Activity: 996
Merit: 1013
August 11, 2014, 06:32:43 AM
#22
Thank you for the great, accessible dissection.
Now the next step is to understand why it is put together
like that... I suppose that the governing principle in the
arrangement of these operations is to enable the trapdoor property:
easy to verify,
hard to invert.
hero member
Activity: 784
Merit: 500
August 10, 2014, 04:04:43 PM
#21
k is just a constant array that is defined as the first 32 bits of the fractional parts of the cube roots of the first 64 primes from 2 to 311:

Code:
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

W is dynamically modified as follows:

1) W starts as an array or 64 32-bit words. Each chunk is copied into the first 16 words of this array. The rest of it doesn't matter, as it will get filled in the next step.
2) Elements 0-15 of w are filled. Let's fill in elements 16-63:
2a) Let's say we're filling in the i-th element. We calculate s0 as
Code:
(w[i-15]>>>7) xor (w[i-15]>>>18) xor (w[i-15] >>3)
2b) We calculate s1 as
Code:
(w[i-2]>>>17) xor (w[i-2]>>>19) xor (w[i-2]>>10)
2c) We set the i-th element to be
Code:
w[i-16] + s0 + w[i-7] + s1

>>> is a right rotation (elements pushed off the right are reinserted at the left)
>> is a right shift (no reinsertion at the left)
legendary
Activity: 996
Merit: 1013
August 10, 2014, 03:51:16 PM
#20

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.

Can you give also a dumbed-down explanation of W(t) and K(t) for me?
I looked at the wiki article, and there it says that they have something
to do with a "message schedule" but I didn't get what it means.
legendary
Activity: 1176
Merit: 1020
August 09, 2014, 12:21:35 PM
#19
SHA256 = A deterministic food processor
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
August 08, 2014, 09:36:39 AM
#18
Here's my "down to earth" explanation:

SHA256 is a way of turning a really long message and DIGESTING it so it comes out much shorter. This process is one way.

In other words, you can get the SHA256 of a very long email message, and compress it to 32 bytes (or 64 hexadecimal characters) that will not change.

As a simplified example, if I use this formula: 3 + 5 + 1 = 9. But if you just say 9, how do you know what the original formula was? Was it 2 + 4 + 3?

SHA256 is also considered "cryptographically secure" unlike other hash methods such as your credit card number check digit, or even CRC32.

For every exact message, there is only one SHA256 digest possible. For all practical purposes, for every SHA256 result you see published, there is only one real original message. Theoretically there are an infinite number of messages (known as collisions) that can result in that particular SHA256 result, but the odds make it unlikely.
newbie
Activity: 48
Merit: 0
August 06, 2014, 08:28:20 PM
#17
Most operations in SHA-256 are bitwise operations--xor, rotation, etc. I'll be referencing Wikipedia in my descriptions.

In a rotation, all bits are shifted around a certain number of spaces. For example, rotating
Code:
abcdefghij
right 3 bits yields
Code:
hijabcdefg

where a,b,c,d,e,f,g,h,i,j are bits. Basically, each bit is moved over some spaces, and bits on the end are moved around to the beginning after being "shifted off".

The ">>>" symbols used in crypto to describe Σ-zero and Σ-one steps of SHA are these rotations exactly.

Simiarly, bitwise operations such as XOR exist. They handle each bit separately using the following tables:

Code:
A | B | A AND B | A OR B | A XOR B
==================================
0 | 0 |    0    |    0   |     0
0 | 1 |    0    |    1   |     1
1 | 0 |    0    |    1   |     1
1 | 1 |    1    |    1   |     0

For example, (E∧F)⊕(⌐E∧G) means:

(E AND F) XOR ((NOT E) AND G)

which means to take NOT E, AND it with G, and then XOR that with the result of ANDing E and F.

Addition modulo 2^32, shown as red boxes on the diagram on Wikipedia, means that the two inputs are added (carrying as with regular addition), just in binary. If the result overflows 32 bits, then we ignore the overflow. For example:

Code:
 *                                (see note)
 1111    1111111                  (carry)
  10110100110110111101110001011000
+ 11011010101101100000000000000001
----------------------------------
= 10001111100100011101110001011001(result)

While usually the leftmost 1 in the carry (marked with a *) would be brought down, it is considered overflow in this case and ignored, since it falls as the 33rd digit. Only 32 bits are retained, since the compression function works with 32-bit-length data. Our result is thus 10001111100100011101110001011001 and not 110001111100100011101110001011001.

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.

You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue
Kid, if you're following this at 14, you're doing better than 99% of the people out there.  I don't think "extremely dim" comes anywhere near the picture, never mind into it.
There are probably people with advanced degrees that would not be able to follow this explanation.
hero member
Activity: 784
Merit: 500
August 06, 2014, 07:54:40 PM
#16
I remember seeing a post somewhere on the Darkcoin forums where they were collaborating to find a way but the performance just wasn't worth it. I'll try and dig around. I hope you don't mind if I PM you the rest of the details ( unless you prefer to post it all here ).

Thanks for the optimization and FPGA tips! I'm still trying to finish learning C coding before my Dad's gonna get me my own FPGA. But afterwards, I can probably convince him to get me one of the more high-end FPGA's.

Of course, PM is welcome at any time. I have access to about 15 lower-end Spartan 3e FPGAs occasionally, as well as one at home, so I could do testing of at least single algos from X11.
member
Activity: 87
Merit: 10
August 06, 2014, 07:45:06 PM
#15
This is an interesting read here  Smiley
full member
Activity: 139
Merit: 100
August 06, 2014, 07:24:56 PM
#14
X11/X13 are basically combinations of other hash algorithms (blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, echo). It would take a much larger bitstream, much larger netlist, and more blocks/gates/macrocells than SHA-256, and possibly not fit (especially at place-and-route) into small and medium-sized FPGAs. What model are you targeting with X11?

Edit: I'm not sure there's functionality to see parts of posts, but you can see a list of topics that you've posted in, that have new replies at the updated topics page.

Edit 2: In terms of FPGAs, you'll be happy to know that there's support for all of the basic functions performed within an FPGA, at a schematic/logic, or a VHDL level. Shifts and rotations are simply cross-connecting of wires in a diagonal stripe pattern, addition modulo 2^32 is done with 1 half adder, and 32 full adders, of which the top one discards its carry out. And/or/xor/not are simply on-silicon gates that are made available to you. You could try optimizations such as (in some cases) boolean algebra might reduce the number of gates by letting you combine some operations on some lines. Also, knowing the compression function (for SHA-2 at least), you can also not waste buffers on shifting blocks B,C,D,F,G,H around, as they'll get shifted a few times before being used in functions.

I remember seeing a post somewhere on the Darkcoin forums where they were collaborating to find a way but the performance just wasn't worth it. I'll try and dig around. I hope you don't mind if I PM you the rest of the details ( unless you prefer to post it all here ).

Thanks for the optimization and FPGA tips! I'm still trying to finish learning C coding before my Dad's gonna get me my own FPGA. But afterwards, I can probably convince him to get me one of the more high-end FPGA's.
hero member
Activity: 784
Merit: 500
August 06, 2014, 07:09:40 PM
#13
X11/X13 are basically combinations of other hash algorithms (blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, echo). It would take a much larger bitstream, much larger netlist, and more blocks/gates/macrocells than SHA-256, and possibly not fit (especially at place-and-route) into small and medium-sized FPGAs. What model are you targeting with X11?

Edit: I'm not sure there's functionality to see parts of posts, but you can see a list of topics that you've posted in, that have new replies at the updated topics page.

Edit 2: In terms of FPGAs, you'll be happy to know that there's support for all of the basic functions performed within an FPGA, at a schematic/logic, or a VHDL level. Shifts and rotations are simply cross-connecting of wires in a diagonal stripe pattern, addition modulo 2^32 is done with 1 half adder, and 32 full adders, of which the top one discards its carry out. And/or/xor/not are simply on-silicon gates that are made available to you. You could try optimizations such as (in some cases) boolean algebra might reduce the number of gates by letting you combine some operations on some lines. Also, knowing the compression function (for SHA-2 at least), you can also not waste buffers on shifting blocks B,C,D,F,G,H around, as they'll get shifted a few times before being used in functions.
full member
Activity: 139
Merit: 100
August 06, 2014, 06:52:38 PM
#12
If you're on Bitcointalk in the summer, you're like most of us here, myself included.

That's good news  Smiley
Silly question, but is there anyway to just show the start of a post?
I hate being able to see all my stuff in one place, I just want the head of the topics and the ensuing posts.
Might complain about this Meta.

So, any other down to earth explanations for all the X11 algos  Cheesy ?

I might ask around, try to see if I can piece everything together.
I've wanted to make an X11 FPGA and if it successfully outperforms a GPU miner, maybe gain some basic capital for batch samples and some more for the final thing.
But that's a LONG way off. I still have to learn Verilog/VHDL!
hero member
Activity: 784
Merit: 500
August 06, 2014, 06:34:19 PM
#11
If you have a Bitshares account, I'd be willing to give you a few.

I don't use BitShares, but thanks for the offer!
hero member
Activity: 784
Merit: 500
August 06, 2014, 06:19:43 PM
#10
If you're on Bitcointalk in the summer, you're like most of us here, myself included.
full member
Activity: 139
Merit: 100
August 06, 2014, 06:00:09 PM
#9
Most operations in SHA-256 are bitwise operations--xor, rotation, etc. I'll be referencing Wikipedia in my descriptions.

In a rotation, all bits are shifted around a certain number of spaces. For example, rotating
Code:
abcdefghij
right 3 bits yields
Code:
hijabcdefg

where a,b,c,d,e,f,g,h,i,j are bits. Basically, each bit is moved over some spaces, and bits on the end are moved around to the beginning after being "shifted off".

The ">>>" symbols used in crypto to describe Σ-zero and Σ-one steps of SHA are these rotations exactly.

Simiarly, bitwise operations such as XOR exist. They handle each bit separately using the following tables:

Code:
A | B | A AND B | A OR B | A XOR B
==================================
0 | 0 |    0    |    0   |     0
0 | 1 |    0    |    1   |     1
1 | 0 |    0    |    1   |     1
1 | 1 |    1    |    1   |     0

For example, (E∧F)⊕(⌐E∧G) means:

(E AND F) XOR ((NOT E) AND G)

which means to take NOT E, AND it with G, and then XOR that with the result of ANDing E and F.

Addition modulo 2^32, shown as red boxes on the diagram on Wikipedia, means that the two inputs are added (carrying as with regular addition), just in binary. If the result overflows 32 bits, then we ignore the overflow. For example:

Code:
 *                                (see note)
 1111    1111111                  (carry)
  10110100110110111101110001011000
+ 11011010101101100000000000000001
----------------------------------
= 10001111100100011101110001011001(result)

While usually the leftmost 1 in the carry (marked with a *) would be brought down, it is considered overflow in this case and ignored, since it falls as the 33rd digit. Only 32 bits are retained, since the compression function works with 32-bit-length data. Our result is thus 10001111100100011101110001011001 and not 110001111100100011101110001011001.

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.

You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue
Kid, if you're following this at 14, you're doing better than 99% of the people out there.  I don't think "extremely dim" comes anywhere near the picture, never mind into it.

Well, never underestimate any individuals ability to accomplish his/her goal  Wink
I'm not exactly your typical 14 year old. I don't spend my summers like most teens do.
full member
Activity: 139
Merit: 100
August 06, 2014, 05:55:46 PM
#8
You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue

Sorry for the slow reply.

The sigma, ch, and ma are defined at the bottom of my first post here:

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

They are just fairly complex functions of some of the subblocks (for example you calculate ch by taking blocks E,F, and G and using them in the formula (E∧F)⊕(⌐E∧G). The ∧ is AND taken one bit at a time (so separate bits do not affect each other), the ⌐ is not taken one bit at a time (flip all bits, basically), and ⊕ is XOR, bit by bit, as I described it at the top of my post.

That being said, I'm extremely happy that someone around my age is interested in this, and is managing to go into such depth.

Slow? That has to be one of the fastest replies I've seen!
Ah, thank you very much for clarifying that! Makes so much sense.
You won't believe how many days of my summer vacation I've burned trying to understand how SHA256 works so thanks for the help  Grin
If you have a Bitshares account, I'd be willing to give you a few.
hero member
Activity: 784
Merit: 500
August 06, 2014, 04:53:25 PM
#7
You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue

Sorry for the slow reply.

The sigma, ch, and ma are defined at the bottom of my first post here:

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

They are just fairly complex functions of some of the subblocks (for example you calculate ch by taking blocks E,F, and G and using them in the formula (E∧F)⊕(⌐E∧G). The ∧ is AND taken one bit at a time (so separate bits do not affect each other), the ⌐ is not taken one bit at a time (flip all bits, basically), and ⊕ is XOR, bit by bit, as I described it at the top of my post.

That being said, I'm extremely happy that someone around my age is interested in this, and is managing to go into such depth.
legendary
Activity: 1344
Merit: 1024
Mine at Jonny's Pool
August 06, 2014, 04:28:12 PM
#6
Most operations in SHA-256 are bitwise operations--xor, rotation, etc. I'll be referencing Wikipedia in my descriptions.

In a rotation, all bits are shifted around a certain number of spaces. For example, rotating
Code:
abcdefghij
right 3 bits yields
Code:
hijabcdefg

where a,b,c,d,e,f,g,h,i,j are bits. Basically, each bit is moved over some spaces, and bits on the end are moved around to the beginning after being "shifted off".

The ">>>" symbols used in crypto to describe Σ-zero and Σ-one steps of SHA are these rotations exactly.

Simiarly, bitwise operations such as XOR exist. They handle each bit separately using the following tables:

Code:
A | B | A AND B | A OR B | A XOR B
==================================
0 | 0 |    0    |    0   |     0
0 | 1 |    0    |    1   |     1
1 | 0 |    0    |    1   |     1
1 | 1 |    1    |    1   |     0

For example, (E∧F)⊕(⌐E∧G) means:

(E AND F) XOR ((NOT E) AND G)

which means to take NOT E, AND it with G, and then XOR that with the result of ANDing E and F.

Addition modulo 2^32, shown as red boxes on the diagram on Wikipedia, means that the two inputs are added (carrying as with regular addition), just in binary. If the result overflows 32 bits, then we ignore the overflow. For example:

Code:
 *                                (see note)
 1111    1111111                  (carry)
  10110100110110111101110001011000
+ 11011010101101100000000000000001
----------------------------------
= 10001111100100011101110001011001(result)

While usually the leftmost 1 in the carry (marked with a *) would be brought down, it is considered overflow in this case and ignored, since it falls as the 33rd digit. Only 32 bits are retained, since the compression function works with 32-bit-length data. Our result is thus 10001111100100011101110001011001 and not 110001111100100011101110001011001.

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.

You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue
Kid, if you're following this at 14, you're doing better than 99% of the people out there.  I don't think "extremely dim" comes anywhere near the picture, never mind into it.
full member
Activity: 139
Merit: 100
August 06, 2014, 04:15:08 PM
#5
Most operations in SHA-256 are bitwise operations--xor, rotation, etc. I'll be referencing Wikipedia in my descriptions.

In a rotation, all bits are shifted around a certain number of spaces. For example, rotating
Code:
abcdefghij
right 3 bits yields
Code:
hijabcdefg

where a,b,c,d,e,f,g,h,i,j are bits. Basically, each bit is moved over some spaces, and bits on the end are moved around to the beginning after being "shifted off".

The ">>>" symbols used in crypto to describe Σ-zero and Σ-one steps of SHA are these rotations exactly.

Simiarly, bitwise operations such as XOR exist. They handle each bit separately using the following tables:

Code:
A | B | A AND B | A OR B | A XOR B
==================================
0 | 0 |    0    |    0   |     0
0 | 1 |    0    |    1   |     1
1 | 0 |    0    |    1   |     1
1 | 1 |    1    |    1   |     0

For example, (E∧F)⊕(⌐E∧G) means:

(E AND F) XOR ((NOT E) AND G)

which means to take NOT E, AND it with G, and then XOR that with the result of ANDing E and F.

Addition modulo 2^32, shown as red boxes on the diagram on Wikipedia, means that the two inputs are added (carrying as with regular addition), just in binary. If the result overflows 32 bits, then we ignore the overflow. For example:

Code:
 *                                (see note)
 1111    1111111                  (carry)
  10110100110110111101110001011000
+ 11011010101101100000000000000001
----------------------------------
= 10001111100100011101110001011001(result)

While usually the leftmost 1 in the carry (marked with a *) would be brought down, it is considered overflow in this case and ignored, since it falls as the 33rd digit. Only 32 bits are retained, since the compression function works with 32-bit-length data. Our result is thus 10001111100100011101110001011001 and not 110001111100100011101110001011001.

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.

You are a godsend  Grin!!
Thank you so much! I would have loved to give you some BTC but I'm broke as of now  Sad

I did have a few quick questions.
1.) I'm familiar with the fancy E ( Sigma, I should say ) but how exactly does it apply?
2.)What exact is the "ch" and "ma"?

I'd like to state that I'm only 14. I'm attempting to digest this. Your explanation would probably make a great deal of sense to someone with a higher understanding.
I'll make sure to save your BTC address and this post so I can donate to you when I get my hands on some moolah  Grin
So I'd also like to apologize beforehand if I seem extremely dim  Tongue
hero member
Activity: 784
Merit: 500
August 06, 2014, 03:06:14 PM
#4
Most operations in SHA-256 are bitwise operations--xor, rotation, etc. I'll be referencing Wikipedia in my descriptions.

In a rotation, all bits are shifted around a certain number of spaces. For example, rotating
Code:
abcdefghij
right 3 bits yields
Code:
hijabcdefg

where a,b,c,d,e,f,g,h,i,j are bits. Basically, each bit is moved over some spaces, and bits on the end are moved around to the beginning after being "shifted off".

The ">>>" symbols used in crypto to describe Σ-zero and Σ-one steps of SHA are these rotations exactly.

Simiarly, bitwise operations such as XOR exist. They handle each bit separately using the following tables:

Code:
A | B | A AND B | A OR B | A XOR B
==================================
0 | 0 |    0    |    0   |     0
0 | 1 |    0    |    1   |     1
1 | 0 |    0    |    1   |     1
1 | 1 |    1    |    1   |     0

For example, (E∧F)⊕(⌐E∧G) means:

(E AND F) XOR ((NOT E) AND G)

which means to take NOT E, AND it with G, and then XOR that with the result of ANDing E and F.

Addition modulo 2^32, shown as red boxes on the diagram on Wikipedia, means that the two inputs are added (carrying as with regular addition), just in binary. If the result overflows 32 bits, then we ignore the overflow. For example:

Code:
 *                                (see note)
 1111    1111111                  (carry)
  10110100110110111101110001011000
+ 11011010101101100000000000000001
----------------------------------
= 10001111100100011101110001011001(result)

While usually the leftmost 1 in the carry (marked with a *) would be brought down, it is considered overflow in this case and ignored, since it falls as the 33rd digit. Only 32 bits are retained, since the compression function works with 32-bit-length data. Our result is thus 10001111100100011101110001011001 and not 110001111100100011101110001011001.

As a summary, SHA-2 (SHA256 being a member of the SHA-2 family) compresses a 256-bit length of data by first splitting it into 8 blocks, and then performing the following operations (where A-H are input blocks and A' through H' are output blocks):

A'= W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+ma(A,B,C)+Σ0(A)
B' = A
C' = B
D' = C
E' = W(t)+K(t)+H+ch(E,F,G)+Σ1(E)+D
F' = E
G' = F
H' = G

ch(E,F,G) is (E∧F)⊕(⌐E∧G)
ma(A,B,C) is (A∧B)⊕(A∧C)⊕(B∧C)
Σ0(A) is (A>>>2) ⊕ (A>>>13) ⊕ (A>>>25)
Σ1(E) is (E>>>6) ⊕ (E>>>11) ⊕ (E>>>25)

Hopefully this makes sense. If not, feel free to ask and I'll try to clarify.
Pages:
Jump to: