SHA512/t IV Generation function pseudo-code - pseudocode

FIPS 180-4 Section 5.3.6, Page 16
Denote H(0)' to be the initial hash value of SHA-512 as specified in Section 5.3.5 above.
Denote H(0)'' to be the initial hash value computed below.
H(0) is the IV for SHA-512/t.
For i= 0 to 7{
Hi(0)'' = Hi(0)' XOR a5a5a5a5a5a5a5a5 (in hex).
}
H(0) = SHA-512 (“SHA-512/t”) using H(0)'' as the IV, where *t* is the specific truncation value.
This explanation is a little bit confusing if you ask me.

H(0)' = [
0x6a09e667f3bcc908,
0xbb67ae8584caa73b,
0x3c6ef372fe94f82b,
0xa54ff53a5f1d36f1,
0x510e527fade682d1,
0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b,
0x5be0cd19137e2179
]
H(0)'' = [
0x6a09e667f3bcc908 XOR 0xa5a5a5a5a5a5a5a5,
0xbb67ae8584caa73b XOR 0xa5a5a5a5a5a5a5a5,
0x3c6ef372fe94f82b XOR 0xa5a5a5a5a5a5a5a5,
0xa54ff53a5f1d36f1 XOR 0xa5a5a5a5a5a5a5a5,
0x510e527fade682d1 XOR 0xa5a5a5a5a5a5a5a5,
0x9b05688c2b3e6c1f XOR 0xa5a5a5a5a5a5a5a5,
0x1f83d9abfb41bd6b XOR 0xa5a5a5a5a5a5a5a5,
0x5be0cd19137e2179 XOR 0xa5a5a5a5a5a5a5a5
]
Which means, H(0)'' is now:
['cfac43c256196cad',
'1ec20b20216f029e',
'99cb56d75b315d8e',
'00ea509ffab89354',
'f4abf7da08432774',
'3ea0cd298e9bc9ba',
'ba267c0e5ee418ce',
'fe4568bcb6db84dc']
variable s = 'SHA-512/t' REPLACE t with value of t, for example 256:
variable s = 'SHA-512/256'
Now perform the normal SHA-512 algorithm on that string, but use the previously generated H(0)'' values as H for SHA-512
variable H(0) = SHA-512(s)
This results in 8 64 bit words, use thoose words as H values for your SHA-512/t algorithm.
For Example:
SHA-512 with H(0)'' as H on the string 'SHA-512/256' results in this string (In Hex):
22312194FC2BF72C9F555FA3C84C64C22393B86B6F53B151963877195940EABD96283EE2A88EFFE3BE5E1E25538639922B0199FC2C85B8AA0EB72DDC81C52CA2
Or in these 8 words (Also in hex):
22312194FC2BF72C
9F555FA3C84C64C2
2393B86B6F53B151
963877195940EABD
96283EE2A88EFFE3
BE5E1E2553863992
2B0199FC2C85B8AA
0EB72DDC81C52CA2
These are the H(0) values for SHA-512/256 specifed in FIPS 180-4 Section 5.3.6.2, Page 17.

Related

Understanding parity of a number

I'm going through "Elements of Programming Interviews" and the very first question is about computing the parity of a number ( whether the number of 1's in the binary representation is even or odd). The final solution provided does this:
short Parity(unsigned long x) {
x ^= x >> 32;
x ^= x >> 16;
x ^= x >> 8;
x ^= x >> 4;
x &= 0xf;
...
I understand that with that final value of x you can lookup the answer in a lookup table = 0x6996. But my question is why does the above code work? I've worked a 16 bit example out by hand and it does give the correct parity, I just don't understand it conceptually.
The lookup table is confusing. Let's drop it and keep going:
...
x ^= x >> 2;
x ^= x >> 1;
p = x&1;
To figure it out, let's start with the 1-bit case. In the 1-bit case, p=x, so if x is 1 the parity is odd, and if x is 0 the parity is even. Trivial.
Now the two bit case. You look at b0^b1 (bit 0 XOR bit 1) and that's the parity. If they're equal, the parity is even, otherwise it's odd. Simple, too.
Now let's add more bits. In the four bit example - b3 b2 b1 b0, we calculate x ^ (x>>2), which gives us a two bit number: b3^b1 b2^b0 . These are actual two parities - one for the odd bits of the original number, and one for the even bits of the original number. XOR the two parities and we get the original parity.
And now this goes on and on for us many bits as you want.
It works because,
the parity of a single bit is itself (base case)
the parity of the concatenation of bitstrings x and y is the xor of the parity of x and the parity of y
That gives a recursive algorithm by splitting every string down the middle until it's a base case, which you can then group by layer and flip upside down to get the code shown in the question .. sort of, because it ends early and apparently does the last step by lookup.
For an n bit number x, the answer is always in the rightmost n/(2 to the power z) bits of x after z iterations.
Let's take an example where n=8 and x=10110001 (b7, b6, b5, b4, b3, b2, b1, b0).
It's actual/correct answer is even_parity.
After 1 iteration
10110001
00001011
___________
x = 10111010
Rightmost 8/(2 to the power 1) = 4 digits of x = 1010(even parity)
After 2 iterations
10111010
00101110
___________
x = 10010100
Rightmost 8/(2 to the power 2) = 2 digits of x = 00(even parity)
After 3 iterations
10010100
01001010
___________
x = 11011110
Rightmost 8/(2 to the power 3) = 1 digit of x = 0(even parity)
Now we can extract any dth digit of a number b by ANDING it with a
number q in which only the dth digit is 1(one) and all other digits are 0(zero).
Here we want to extract the (0th digit)/(rightmost digit) of final value of x.
So let's AND it(i.e, ( final_value_of_x
(i.e, 11011110)
)
after (
2 to the power(
log n to the base 2
)
) iterations
) with 00000001 to get the answer.
11011110
00000001
_________________
00000000

Intuition behind this solution for "Maximising XOR"

Here is the problem statement:
Given two integers: L and R,
find the maximal values of A xor B given, L ≤ A ≤ B ≤ R
Input Format:
The input contains two lines, L is present in the first line.
R in the second line.
Constraints :
1 ≤ L ≤ R ≤ 1000
Output Format
The maximal value as mentioned in the problem statement.
Source:
Maximising XOR
Here is one unique solution to the above:
def maxXOR(L,R):
P = L^R
ret = 1
while(P): # this one takes (m+1) = O(logR) steps
ret <<= 1
P >>= 1
return (ret - 1)
print(maxXOR(int(input()),int(input())))
Could you please explain the intuition behind this solution?
Thank you.
There is one simple way using which you can solve the problem in O(1).
Let's start:
Do the bit-wise XOR of L and R and store it in a variable say xored.
Then take the MSB in the xored which is set and make all the bits from that MSB -----> LSB as 1 and that is the answer.
Following example which will make things clear.
L = 10111 --> (23)
R = 11100 --> (28)
_X___ <-- that's most significant differing bit
01111 <-- here's our final answer i.e. (15).
To set all the bits from MSB to LSB, first calculate the 2^n - 1 where n = number of bits required to represent L^R and then do L^R | (2^(n) - 1).
Solution in Python:
import math
def main():
xored = int(input().strip()) ^ int(input().strip())
print("{}".format(xored | ((1 << (1 + int(math.log2(xored)))) - 1)))
if __name__ == "__main__":
main()
NOTE: You can refer to solution in C and C++ here!.

Ruby: Flip characters bits

I am simply trying to flip the bits of a character. I can get it into a binary form, but when xoring that data with 0xff it seems to not be giving me what I want.
bin = "a".unpack("b*")[0].to_i # Will give me the binary value (10000110)
flip = bin ^ 0xff # this will give me 9999889, expecting (01111001)
Finally, I want to re-pack it as a "character"...
Any help would be appreciated.
You need to tell Ruby that the unpacked string is binary:
bin = "a".unpack("b*")[0].to_i(2) # => 134
flip = bin ^ 0xff # => 121
flip.to_s(2) # => "1111001"
[flip.to_s(2)].pack("b*") # => "O"
Couple of things:
You probably want unpack('B*'), not b* as b* gives you LSB first.
You probably don't need binary at all ("binary" is just a representation of a number, it doesn't need to be "a binary number" in order to XOR it). So you can do simply:
number = "a".unpack('C*')[0]
flip = number ^ 0xff
new_number = [flip].pack('C*')
or, even:
number = "a".ord
flip = number ^ 0xff
new_number = flip.chr
Oh, and the result should not be "O"

XOR two strings [duplicate]

This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Xor of string in ruby
I would like to make a XOR calculation between two strings.
irb(main):011:0> a = 11110000
=> 11110000
irb(main):014:0> b = 10111100
=> 10111100
irb(main):015:0> a ^ b
=> 3395084
I would like to do this: "hello" ^ "key"
class String
def ^( other )
b1 = self.unpack("U*")
b2 = other.unpack("U*")
longest = [b1.length,b2.length].max
b1 = [0]*(longest-b1.length) + b1
b2 = [0]*(longest-b2.length) + b2
b1.zip(b2).map{ |a,b| a^b }.pack("U*")
end
end
p "hello" ^ "key"
#=> "he\a\t\u0016"
If this isn't the result you want, then you need to be explicit about how you want to perform the calculation, or what result you expect.
convert both strings to byte arrays (take care with the character encoding, not everything can be represented with ASCII)
pad the shorter array with zeroes, so that they're both same size
for n from 0 to array size: XOR firstarray[n] with secondarray[n], probably store the result to result array
convert result byte array back into a string

Algorithm for functions permutating integers

I want to write some functions as follows
y = f(x) and another function,
x = g(y) that acts as a reversible, where
y = f(g(y)) and where x and y are permutated integers.
For very simple example in the range of integers in 0 to 10 it would look like this:
0->1
1->2
2->3
...
9->10
10->0
but this is the simplest method by adding 1 and reversing by subtracting 1.
I want to have a more sofisticated algorithm that can do the following,
234927773->4299
34->33928830
850033->23234243423
but the reverse can be obtained by conversion
The solution could be obtained with a huge table storing pairs of unique integers but this will not be correct. This must be a function.
You could just XOR.
y = x XOR p
x = y XOR p
Though not my area of expertise, I think that cryptography should provide some valuable answers to your question.
If the domain of your permutation is a power of 2, you can use any block cipher: 'f' is encryption with a specific key, and 'g' is decryption with the same key. If your domain is not a power of 2, you can probably still use a block cipher: see this article.
You could use polynomial interpolation methods to interpolate a function one way, then do reverse interpolation to find the inverse function.
Here is some example code in MATLAB:
function [a] = Coef(x, y)
n = length(x);
a = y;
for j = 2:n
for i = n:-1:j
a(i) = (a(i) - a(i-1)) / (x(i) - x(i-j+1));
end
end
end
function [val] = Eval(x, a, t)
n = length(x);
val = a(n);
for i = n-1:-1:1
val = a(i) + val*(t-x(i));
end
end
It builds a Divided Difference table and evaluates a function based on Newtons Interpolation.
Then if your sets of points are x, and y (as vectors of the same length, where x(i) matches to y(i), your forward interpolation function at value n would be Eval(x, Coef(x, y), n) and the reverse interpolation function would be Eval(y, Coef(y, x), n).
Depending on your language, there are probably much cleaner ways to do this, but this gets down and dirty with the maths.
Here is an excerpt from the Text Book which is used in my Numerical Methods class: Google Book Link

Resources