SHA-256, SHA-384, and SHA-512 hash functions
SHA-256, SHA-384, and SHA-512 are hash algorithms from the Secure Hash Algorithm-2 (SHA-2) family. The algorithms are defined in FIPS 180-4, Secure Hash Standard (SHS) [129], the standard specifying NIST-approved hash algorithms for generating message digests, and are based on the Merkle-Damgard construction.
The suffix of the SHA-2 algorithms denotes the length of the message digest in bits [140]. As an example, the message digest of SHA-256 has a length of 256 bits. Table 11.1 summarizes the message size, block size, and digest size of all SHA-2 hash family algorithms.
| Algorithm. | Message size (bits) | Block size (bits) | Digest size (bits) |
| SHA-1 | < 264 | 512 | 160 |
| SHA-224 | < 264 | 512 | 224 |
| SHA-256 | < 264 | 512 | 256 |
| SHA-384 | < 2128 | 1024 | 384 |
| SHA-512 | < 2128 | 1024 | 512 |
| SHA-512/224 | < 2128 | 1024 | 224 |
| SHA-512/256 | < 2128 | 1024 | 256 |
Table 11.1: Basic properties of SHA-2 hash family algorithms
All SHA-2 hash algorithms use a set of similar basic functions, only with different lengths of input and output. Every SHA-2 algorithm uses the following functions where x,y, and z are either 32-bit or 64-bit values, ⊕ denotes exclusive-OR, and ∧ denotes bitwise AND:
- Ch(x,y,z) = (x ∧ y) ⊕ (¬x ∧ z)
- Maj(x,y,z) = (x ∧ y) ⊕ (x ∧ z) ⊕ (y ∧ z)
SHA-256 functions
In addition to the preceding functions, SHA-256 uses four logical functions. Each function is applied to a 32-bit value x and outputs a 32-bit result:
∑ 0256(x) = ROTR2(x) ⊕ ROTR13(x) ⊕ ROTR22(x)
∑ 1256(x) = ROTR6(x) ⊕ ROTR11(x) ⊕ ROTR25(x)
σ0256(x) = ROTR7(x) ⊕ ROTR18(x) ⊕ SHR3(x)
σ1256(x) = ROTR17(x) ⊕ ROTR19(x) ⊕ SHR10(x)
In the preceding functions, ROTRn(x) denotes a circular right-shift operation applied to a w-bit word x, using an integer 0 ≤ n < w, defined as (x ≫ n) ∨ (x ≪ w −n), and SHRn(x) denotes a right-shift operation applied to a w-bit word x, using an integer 0 ≤ n < w, defined as x ≫ n.
SHA-512 functions
Similar to SHA-256, SHA-384 and SHA-512 also use four logical functions. However, the functions are applied to a 64-bit value x and output a 64-bit result:
∑ 0512(x) = ROTR28(x) ⊕ ROTR34(x) ⊕ ROTR39(x)
∑ 1512(x) = ROTR14(x) ⊕ ROTR18(x) ⊕ ROTR41(x)
σ0512(x) = ROTR1(x) ⊕ ROTR8(x) ⊕ SHR7(x)
σ1512(x) = ROTR19(x) ⊕ ROTR61(x) ⊕ SHR6(x)
SHA-256 constants
SHA-256 uses 64 32-bit constants K0256,K1256,…,K63256 that are the first 32 bits of the fractional parts of cube roots of the first 64 prime numbers.
SHA-384 and SHA-512 constants
SHA-384 and SHA-512 use 80 64-bit constants K0512,K1512,…,K79512 that are the first 64 bits of the fractional parts of cube roots of the first 80 prime numbers.
Preprocessing the message
All hash functions in the SHA-2 family preprocess the message before performing the actual computation. The preprocessing consists of three steps:
- Padding the plaintext message to obtain a padded message that is a multiple of 512 bits for SHA-256 and a multiple of 1,024 bits for SHA-384 and SHA-512.
- Parsing the message into blocks.
- Setting the initial hash value H(0).
For SHA-256, the padded message is parsed into N 512-bit blocks M1,M2,…,MN. Because every 512-bit input block can be divided into 16 32-bit words, the input block i can be expressed as M0i,M1i,…,M1i5 where every Mji has the length of 32 bits.
Similarly, for SHA-384 and SHA-512, the padded message is parsed into N 1,024-bit blocks M1,M2,…MN. Because a 1024-bit input block can be divided into 16 64-bit words, the input block i can be expressed as M0i,M1i,…,M1i5 where every Mji has the length of 64 bits.
Leave a Reply