lOMoARcPSD|47768088

UNIT IV NOTES SHA- SECURE HASH ALGORITHM

 SHA was developed by the National Institute of Standards and Technology (NIST) and
published as a federal information processing standard (FIPS 180) in 1993.
 When weaknesses were discovered in SHA, now known as SHA-0, a revised version was
issued as FIPS 180-1 in 1995 and is referred to as SHA-1.
 The actual standards document is entitled “Secure Hash Standard.” SHA is based on the
hash function MD4, and its design closely models MD4.

SHA-512 Logic
 The algorithm takes as input a message with a maximum length of less than 2 128 bits and
produces as output a 512-bit message digest.
 The input is processed in 1024-bit blocks.
 Figure 11.9 depicts the overall processing of a message to produce a digest.
 This follows the general structure depicted in Figure 11.8.
 The processing consists of the following steps.
o Step 1: Append padding bits
o Step 2: Append length
o Step 3: Initialize hash buffer
o Step 4: Process message in 1024-bit (128-word) blocks
o Step 5: Output

Step 1 Append padding bits

 The message is padded so that its length is congruent to 896 modulo 1024 [length 
896(mod 1024)].
 Padding is always added, even if the message is already of the desired length.
 Thus, the number of padding bits is in the range of 1 to 1024.
 The padding consists of a single 1 bit followed by the necessary number of 0 bits.

21

Downloaded by 7.21E+11 MAHALAKSHMI P ([email protected])

 lOMoARcPSD|47768088

UNIT IV NOTES

Step 2 Append length.

 A block of 128 bits is appended to the message.
 This block is treated as an unsigned 128-bit integer (most significant byte first) and
contains the length of the original message (before the padding).
 The outcome of the first two steps yields a message that is an integer multiple of 1024
bits in length.
 In Figure 11.9, the expanded message is represented as the sequence of 1024-bit blocks
M1, M2,…..MN, so that the total length of the expanded message is N * 1024 bits.

Step 3 Initialize hash buffer.

 A 512-bit buffer is used to hold intermediate and final results of the hash function.
 The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h).
 These registers are initialized to the following 64-bit integers (hexadecimal values):

 These values are stored in big-endian format, which is the most significant byte of a
word in the low-address (leftmost) byte position.
22

Downloaded by 7.21E+11 MAHALAKSHMI P ([email protected])

 lOMoARcPSD|47768088

UNIT IV NOTES

 These words were obtained by taking the first sixty-four bits of the fractional parts of the
square roots of the first eight prime numbers.

Step 4 Process message in 1024-bit (128-word) blocks.

 The heart of the algorithm is a module that consists of 80 rounds; this module is labeled F
in Figure 11.9.
 The logic is illustrated in Figure 11.10.

 Each round takes as input the 512-bit buffer value, abcdefgh, and updates the contents of
the buffer.
 At input to the first round, the buffer has the value of the intermediate hash value, Hi-1.
 Each round t makes use of a 64-bit value Wt, derived from the current 1024-bit block
being processed (Mi).
 These values are derived using a message schedule described subsequently.
 Each round also makes use of an additive constant Kt, where 0 t 79 indicates one of
the 80 rounds.
 The output of the eightieth round is added to the input to the first round (Hi-1) to produce
Hi.

23

Downloaded by 7.21E+11 MAHALAKSHMI P ([email protected])

 lOMoARcPSD|47768088

UNIT IV NOTES

 The addition is done independently for each of the eight words in the buffer with each of
the corresponding words in Hi-1, using addition modulo 264.

Step 5 Output
 After all N 1024-bit blocks have been processed, the output from the Nth stage is the 512-
bit message digest.
 We can summarize the behavior of SHA-512 as follows:

Downloaded by 7.21E+11 MAHALAKSHMI P ([email protected])