Join Log in
Score:1
Josh avatar Crypto

Understanding intermediate values - SHA2 - 512

fr flag
Josh

I am trying to understand SHA2 - 512 algorithm, so I am following this document which has the intermediate values for the string "abc". At t=0, the values for f, h and g are straightforward. But I am not getting the same value for e, which suggests that I am doing something wrong when I am computing $T_1 = h + \Sigma_1(e) + \text{Ch}(e,f,g) + K_i + W_i$. I am almost sure that I have implemented $\text{Ch( )}$ and $\Sigma_1 ( )$ correctly. I guess my issue might be with the addition over $\pmod {2^{64}}$. I understand each term in summation of $T_1$ is a 64-bit number. So I assume we can convert these numbers to integers and add them up over $\pmod {2^{64}}$. Now the resulting number may not be 64-bit long in binary. Do we add $0$'s in front of behind the binary representation to make it 64-bit long?

I am not sure if this is helpful, but here are a few values I am getting in binary for t=0 (for now I am adding zeros to the left of the most significant bit):

#Sigma_1(e)
0101000100001110010100100111111110101101111001101000001011010001

#Ch(e,f,g)
0001111110000101110010011000110001111011001001110011110100111011

#T_1
0110100101100101001100111001100011001110110101111110100010100000

#e <- T_1 + d
0000111010110101001010001101001100101101111101010001111110010001

whereas according to the document, e in binary is 1100001111010100111010111111110101001000011001010000111111111010.

If you can provide a resource that includes the intermediate values for these other functions, I hope I can figure it out. Otherwise, it would be much appreciated if you could give a detailed explanation for how to get the correct value. Please let me know if you would like me to include more information.

63
0 + 0
poncho avatar
my flag
poncho
Do you mean SHA3-512 or SHA2-512 (also known as SHA512)? The document you cited and the particulars of your question are for SHA2-512.
1
Reply
Josh avatar
fr flag
Josh
Thanks for pointing this out. I assumed SHA-512 means SHA3-512, so I was wrong about it. I will edit the question.
0
Reply
Score:2
poncho avatar Crypto
my flag
poncho

Assuming that you really mean SHA2-512:

#Sigma_1(e) 0101000100001110010100100111111110101101111001101000001011010001

The value of 'Sigma_1' is incorrect; I just instrumented a known-good implementation and got for the first round:

$$sigma1 = 9427e33bb5c9dbca$$

Maybe you had the $ROTR$ operations as shifts, not rotates...

Now, as for your musings:

I understand each term in summation of $T1$ is a 64-bit number. So I assume we can convert these numbers to integers and add them up over $\pmod {2^{64}}$. Now the resulting number may not be 64-bit long in binary.

Actually, the most natural way to represent values within SHA-512 would be as always using 64 bits; these bits are interpreted as a value within the range $[0, 2^{64}-1]$; often, the msbit may happen to be zero; we still treat it as a 64 bit value (and so never need to add 0's at the beginning or the end - the values are always the correct length).

Yes, this is not the way we count bits in RSA - SHA-512 is not RSA.

0 + 0
Josh avatar
fr flag
Josh
If I am not mistaken, `d` in hex is `A54FF53A5F1D36F1`, which in binary is `1010010101001111111101010011101001011111000111010011011011110001`. So the 4 lsbits are `0001`. The other point is that the summation is not XOR. According to the description, it is over `mod 2^64`.
0
Reply
poncho avatar
my flag
poncho
I misread the test vector; you are correct in the initial value of $d$; it's the value of $T1$ that's wrong (and BTW, I am quite aware that addition is $\bmod 2^{64}$...)
0
Reply
Josh avatar
fr flag
Josh
Thank you for computing sigma_1. Now am I getting the same value. The issue was when I converted hex to int to binary in Python, I only got as many bits that was necessary for that integer value, not 64-bits necessarily. I added 0's to the left of the binary representation, and it works fine right now!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.