Information Security

Lecture 17
SHA-56 and SHA-512
Dr. Hafiz Ishfaq Ahmad

1
Secure Hash Algorithm
• The most widely used hash function has been the Secure Hash
Algorithm (SHA)
• Family of cryptographic that works by transforming the data using
a hash function: an algorithm that consists of bitwise
operations, modular additions, and compression functions.
• The hash function then produces a fixed-size string that looks nothing
like the original.
• These algorithms are designed to be one-way functions
• Meaning that once they’re transformed into their respective hash values, it’s
virtually impossible to transform them back into the original data.
Secure Hash Algorithm
• Due to its weakness (Collision Vulnerability), the now known as SHA-0
was revised and was referred to as SHA-1
• SHA-1 produces a hash value of 160 bits
• New versions of SHA-1 produced called the SHA-256, SHA-384, and
SHA-512 where they produce 256-, 384- and 512-bits hash value,
respectively
• Collectively, these new versions are called the SHA-2
Secure Hash Algorithm
• A common application of SHA is to encrypt passwords, as the server side
only needs to keep track of a specific user’s hash value, rather than the
actual password.
• If an attacker hacks the database, as they will only find the hashed functions and not
the actual passwords
• Additionally, SHAs exhibit the avalanche effect.
• This effect causes hash values to not give any information regarding the input string,
such as its original length.
• In addition, SHAs are also used to detect the tampering of data by
attackers,
• If a text file is slightly changed and barely noticeable, the modified file’s hash value
will be different than the original file’s hash value
Secure Hash Algorithm
SHA-256
• The significance of the 256 in the name stands for the final hash
digest value, i.e., irrespective of the size of plaintext/cleartext, the
hash value will always be 256 bits.
• Features of SHA-256
• Message Length: The length of the cleartext should be less than 264 bits.
• Digest Length: The length of the hash digest should be 256 bits in SHA 256
algorithm,
• Irreversible: You should neither get a plaintext when you have the digest
beforehand nor should the digest provide its original value when you pass it
through the hash function again
SHA-256
• Steps involved in SHA-256
1. Padding Bits
2. Padding Length
3. Initializing Buffer
4. Compression Function
SHA-256
• Step 1: Padding Bits
• The process of padding bits is similar to the padding process in MD5

Message Bahria University

ASCII 66 97 104 114 105 97 32 85 110 105 118 101 114 115 105 116 121
Binary 01000010 01100001 01101000 01110010 01101001 01100001 01110101 01101110
01101001 01110110 01100101 01110010 01110011 01101001 01110100 01111001
Size 128 Bits
Padding 512 – 64 = 448 – 128 = 320 bits to be padded
SHA-256
• Step 1: Padding Bits
• Adding 320 bits where only the first bit will be a 1 and the remaining
319 bits will be 0s. The total length now will be 448 bits
• 01000010 01100001 01101000 01110010 01101001 01100001
01110101 01101110 01101001 01110110 01100101 01110010
01110011 01101001 01110100 01111001 10000000 00000000
…
…
• 00000000 00000000 00000000 00000000 00000000 00000000
SHA-256
• Step 2: Padding Length
• The binary value of the original length of the message before the
padding bits were added is appended to the result of the previous
step
• The length in the example is 128 bits and it is represented as
10000000 in binary (these 9 bits will be added as the last bits of the
64 bits and the remaining 55 bits will be 0s).
SHA-256
• Next, the message (M) should be divided into N 512-bit blocks
• We only have 512 bits so the message should have only one block
(N=1)
• Divide each block into 32-bit words. The total number of words in
512
each block will be 16 i.e.,
32
• Each word is represented as 𝑀0 , 𝑀1 , … , 𝑀16
SHA-256
• Step 3: Initializing Buffer
• For SHA-256 the initial buffer values (also 𝐻0 = 6𝑎09𝑒667
called the hash values) shall consist of the 𝐻1 = 𝑏𝑏67𝑎𝑒85
following eight 32-bit words 𝐻2 = 3𝑐6𝑒𝑓372
𝐻3 = 𝑎54𝑓𝑓53𝑎
• These words are obtained by taking the first 𝐻4 = 510𝑒527𝑓
thirty-two bits of the fractional part of the 𝐻5 = 9𝑏05688𝑐
square root of the first eight prime numbers 𝐻6 = 1𝑓83𝑑9𝑎𝑏
𝐻7 = 5𝑏𝑒0𝑐𝑑19
SHA-256
• 64 different constants are used here, that are 𝐾0 , 𝐾1 , … , 𝐾63
• These constants are derived by the same method where each word
represent the first thirty-two bits of the fractional part of the cube
root of the first sixty-four prime numbers
SHA-256
• Message Schedule
• We prepare a message schedule called the 𝑊𝑡 where we should have the
values of 𝑊0 , 𝑊1 , … , 𝑊63 .
• Each of the 𝑊𝑡 is of 32-bit and we already have the first 16 value for 𝑊𝑡
(i.e., 𝑀0 = 𝑊0 , … , 𝑀15 = 𝑊15 )
• The remaining are calculated using the following formula
• 𝑊𝑡 = 𝜎1 𝑊𝑡−2 + 𝑊𝑡−7 + 𝜎0 𝑊𝑡−15 + 𝑊𝑡−16
• Where,
{256}
• 𝜎0 = 𝑅𝑂𝑇𝑅7 𝑥 ۩ 𝑅𝑂𝑇𝑅18 𝑥 ۩ 𝑆𝐻𝑅3 (𝑥)
{256}
• 𝜎1 = 𝑅𝑂𝑇𝑅17 𝑥 ۩ 𝑅𝑂𝑇𝑅19 𝑥 ۩ 𝑆𝐻𝑅10 (𝑥)
SHA-256
• Message Schedule
{256}
•𝜎0 = 𝑅𝑂𝑇𝑅7 𝑥 ۩ 𝑅𝑂𝑇𝑅18 𝑥 ۩ 𝑆𝐻𝑅3 (𝑥)
• 𝑅𝑂𝑇𝑅7 and 𝑅𝑂𝑇𝑅18 perform a right circular shift on the 𝑥
• 𝑆𝐻𝑅3 perform the right-hand shift of 3 bits and the circular bits are
converted to 0s.
• For example: let 𝑥 is a 32-bit binary value
𝒙 11001010 11000010 01101011 10110101
𝑅𝑂𝑇𝑅7 (𝑥) 11101001 01100110 00110010 11101011
𝑅𝑂𝑇𝑅18 (𝑥) 10111010 11011011 11010111 11001100
𝑆𝐻𝑅3 𝑥 00010111 01011011 01101111 11110011
SHA-256
• Message Schedule
{256}
• 𝜎1 = 𝑅𝑂𝑇𝑅17 𝑥 ۩ 𝑅𝑂𝑇𝑅19 𝑥 ۩ 𝑆𝐻𝑅10 (𝑥)
• 𝜎1 is calculate as 𝜎0
• Then, 𝑊𝑡 will be calculated using the formula for 𝑡 = 16
• 𝑊𝑡 = 𝜎1 𝑊𝑡−2 + 𝑊𝑡−7 + 𝜎0 𝑊𝑡−15 + 𝑊𝑡−16
• The
32
addition in the above formula will be performed as Addition Modula
2
• If you add two values and the sum is greater than 232 , the 232 should be subtracted
from the sum to get a value less than 232
• This will ensure that the calculated value of 𝑊 is always a 32-bit value
• This process will calculate the values from 𝑊16 − W63
SHA-256
• Initializing the 8 working variables
• 𝑎 = 𝐻0 = 6𝑎09𝑒667 = 01101010 00001001 11100110 01100111
• 𝑏 = 𝐻1 = 𝑏𝑏67𝑎𝑒85 = 10111011 01100111 10101110 10000101
• 𝑐 = 𝐻2 = 3𝑐6𝑒𝑓372 = 00111100 01101110 11110011 01110010
• 𝑑 = 𝐻3 = 𝑎54𝑓𝑓53𝑎 = 10100101 01001111 11110101 00111010
• 𝑒 = 𝐻4 = 510𝑒527𝑓 = 01010001 00001110 01010010 01111111
• 𝑓 = 𝐻5 = 9𝑏05688𝑐 = 10011011 00000101 01101000 10001100
• 𝑔 = 𝐻6 = 1𝑓83𝑑9𝑎𝑏 = 00011111 10000011 11011001 10101011
• ℎ = 𝐻7 = 5𝑏𝑒0𝑐𝑑19 = 01011011 11100000 11001101 00011001
SHA-256
• Calculate 𝑇1 − 𝑇64 by using the following formulas
• 𝑇1 = ℎ + σ1(𝑒) + 𝐶ℎ 𝑒, 𝑓, 𝑔 + 𝐾0 + 𝑊0
{256}
• 𝑇2 = σ0 𝑎 + 𝑀𝑎𝑗(𝑎, 𝑏, 𝑐)
• ℎ=𝑔
• 𝑔=𝑓
• 𝑓=𝑒
• 𝑒 = 𝑑 + 𝑇1
• 𝑑=𝑐
• 𝑐=𝑏
• 𝑏=𝑎
• 𝑎 = 𝑇1 + 𝑇2
SHA-256
• 𝑇1 = ℎ + σ1(𝑒) + 𝐶ℎ 𝑒, 𝑓, 𝑔 + {256}
• 𝑇2 = σ0 𝑎 + 𝑀𝑎𝑗(𝑎, 𝑏, 𝑐)
𝐾0 + 𝑊0
• σ0(𝑎) = 𝑅𝑂𝑇𝑅2 𝑎 +
• σ1(𝑒) = 𝑅𝑂𝑇𝑅6 𝑒 + 𝑅𝑂𝑇𝑅13 𝑎 + 𝑅𝑂𝑇𝑅22 (𝑎)
𝑅𝑂𝑇𝑅11 𝑒 + 𝑅𝑂𝑇𝑅25 (𝑒)
• 𝑀𝑎𝑗 𝑎, 𝑏, 𝑐
• 𝐶ℎ(𝑒, 𝑓, 𝑔), 𝐶ℎ stands for choose
• The 𝑀𝑎𝑗 stands for majority and it
• The bits of 𝑒 is used to tell us which will select the bit from 𝑎, 𝑏, 𝑐 which
bit to select from 𝑓 𝑜𝑟 𝑔 is in majority
• If the bit of 𝑒 is a 0 then the bit of
𝑔 is selected
• But if the bit of 𝑒 is a 1 then the bit
from 𝑓 will be selected
SHA-256
• The steps in the previous slides will be performed for 𝑡 = 0 … 63
• This will result in calculating the values of 𝑎 … ℎ
• Every value from 𝑎 … ℎ will be a 32-bit numbers
• Now, calculate the hash values using the following
𝐻0 = 𝑎 + 𝐻0
𝐻1 = 𝑏 + 𝐻1
𝐻2 = 𝑐 + 𝐻2
𝐻3 = 𝑑 + 𝐻3
𝐻4 = 𝑒 + 𝐻4
𝐻5 = 𝑓 + 𝐻5
𝐻6 = 𝑔 + 𝐻6
𝐻7 = ℎ + 𝐻7
SHA-256
• The resulting 𝐻𝑖 values are appended together to receive the final
hash value
• 𝐻0 ∥ 𝐻1 ∥ 𝐻2 ∥ 𝐻3 ∥ 𝐻4 ∥ 𝐻5 ∥ 𝐻6 ∥ 𝐻7
SHA-512
• The algorithm takes as input a
message with a maximum length
of less than 2128 bits and
produces as output a 512-bit
message digest.
• The input is processed in 1024-
bit blocks.
SHA-512
1. Message Padding:
• The input message is divided into blocks of fixed size (1024 bits for SHA-512).
• Padding is applied to ensure that the message length is a multiple of the block
size.
• The padding includes a bit "1" followed by zeros
2. Length Padding
SHA-512
2. Initialization:
• SHA-512 uses a set of initial constant values, known as the initial hash values
(H), which are specific to the SHA-2 family.
SHA-512
2. Message Schedule:
• Each 1024-bit block of the padded message goes through a series of
transformations to generate the final hash value.
• Generate 80 words of 64 bits
SHA-512
2. Message Schedule:
• 80 Rounds performed for 80 words
• Initialization Vectors are used in each round
• Each round has its own round constant (𝐾0 , 𝐾9 ,…, 𝐾79 ,)
• Computing 𝑇1
SHA-512
• Computing 𝑇2