SHA256 Scheduler? - page 2. | Bitcointalksearch.org

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

k is an array of static initialization value and remains the same for all hashes. It was chosen by NIST but it is a 'nothing up my sleeve number' with a decent selection criteria. It would be difficult for those constants to affect the security of the hash. You would have to believe that there is some relationship between the fractional portion of the first 64 sequential cube roots, that NIST was aware of that weakness and nobody in the crypto community has discovered that weakness since SHA-2 was released.

w is initialized from the the current block before the 64 rounds so it varies from message to message and even block to block. The algorithm for the generation of the w array comes from SHA-2 but the input is the message to be hashed.

Both are 64 value arrays. In each round the value injected into "a" will change so it serves the purpose of preventing round collisions which could undermine the security of a hashing function. It is't exactly accurate but it might help to think of them as entropy injectors. The t is the 0-index value for the current round so only one value is used each round and each round has a different value (i.e. for round 1 w[0] and k[0] is used for round 64 w[63] and k[63] is used).

Code:

Initialize array of round constants:
(first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311):
k[0..63] :=
   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Quote

So the data from the previous round just gets shifted?

It is mostly shifted with the exception of e and a. So for each of the 64 rounds

Code:

h = g
g = f
f = e
e = d + h + Ch(e,f,g) + Sum1(e) + w[t] + k[t]
d = c
c = b
b = a
a = h + Ch(e,f,g) + Sum1(e) + w[t] + k[t] + Sum0(a) + Maj(a, b, c)

Note all addition is mod 2^32 so overflows "wrap around". There are a number of ways in which the SHA-2 algorithm can be optimized for performance but when learning it is useful to look at the reference design.

Reclaim3r

full member

Activity: 139

Merit: 100

Quote from: DeathAndTaxes on March 02, 2015, 10:10:10 PM

SHA-256 involves 64 rounds per block (512 bit input) and each block is broken into eight 32 bit words. The message schedule refers to the movement of the words through the algorithm.

Word A for round n becomes word B for round n+1 is part of the message schedule.

So the data from the previous round just gets shifted? And what exact are Wt and Kt? From what I can gather, they are where you put the initialization values the NSA supplies.