# Computational Theory Assessment

In [73]:
import numpy as np

## Problem 1: Binary Words and Operations


In [74]:
#PROBLEM 1.1

U32 = np.uint32  # Unasigned 32-bit int

def Parity(x: np.uint32, y: np.uint32, z: np.uint32) -> np.uint32:
    """
    Compute the bitwise parity of three 32-bit words.

    Each output bit is 1 if an odd number of the corresponding input bits are 1.
    Equivalent to: x ^ y ^ z

    Args:
        x, y, z (np.uint32 or int): Input 32-bit words.

    Returns:
        np.uint32: Result of parity(x, y, z).

    References:
          I took the Parity function from page 10 section 4.1.1
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    return U32(x) ^ U32(y) ^ U32(z)

In [75]:
# Example test for the Parity function
x, y, z = U32(0b1010), U32(0b1100), U32(0b0110)

print("x:", bin(int(x)))
print("y:", bin(int(y)))
print("z:", bin(int(z)))
print("Parity:", bin(int(Parity(x,y,z))))  # expected: 0b0 (since XOR cancels all bits)



x: 0b1010
y: 0b1100
z: 0b110
Parity: 0b0


In [76]:
#PROBLEM 1.2

U32 = np.uint32  # Unasigned 32-bit int

def Ch(x: np.uint32, y: np.uint32, z: np.uint32) -> np.uint32:
    """

    For each bit position, output the bit from y if the corresponding bit of x is 1,
    otherwise the bit from z.

    Equivalent to: (x & y) ^ (~x & z)

    Args:
        x, y, z (np.uint32 or int): Input 32-bit words.

    Returns:
        np.uint32: Result of Ch(x, y, z).

    References:
          I took the Choose function from page 10 section 4.1.1
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x, y, z = U32(x), U32(y), U32(z)
    return U32((x & y) ^ (~x & z))

In [77]:
# Example test for the Choose function

x = U32(0b11110000)
y = U32(0b10101010)
z = U32(0b01010101)

print("x:", bin(int(x)))
print("y:", bin(int(y)))
print("z:", bin(int(z)))
print("Ch(x, y, z):", bin(int(Ch(x, y, z))))


x: 0b11110000
y: 0b10101010
z: 0b1010101
Ch(x, y, z): 0b10100101


In [78]:
#PROBLEM 1.3

U32 = np.uint32  # Unasigned 32-bit int

def Maj(x: np.uint32, y: np.uint32, z: np.uint32) -> np.uint32:
    """

    For each bit position, the output bit is 1 if at least two of
    the corresponding input bits (x, y, z) are 1.

    Equivalent to: (x & y) ^ (x & z) ^ (y & z)

    Args:
        x, y, z (np.uint32 or int): Input 32-bit words.

    Returns:
        np.uint32: Result of Maj(x, y, z).

    References:
          I took the Majority function from page 10 section 4.1.1
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x, y, z = U32(x), U32(y), U32(z)
    return U32((x & y) ^ (x & z) ^ (y & z))

In [79]:
# Example test for the Majority function

x = U32(0b11110000)
y = U32(0b10101010)
z = U32(0b01010101)

print("x:", bin(int(x)))
print("y:", bin(int(y)))
print("z:", bin(int(z)))

# For each bit position: output is 1 if at least two inputs have 1.
result = Maj(x, y, z)
print("Maj(x, y, z):", bin(int(result)))

# Expected output: 0b11100000
# Reasoning:
#   - In the first four bits, at least two inputs are 1 → 1
#   - In the last four bits, at most one input is 1 → 0


x: 0b11110000
y: 0b10101010
z: 0b1010101
Maj(x, y, z): 0b11110000


Helper Functions — ROTR and SHR
These two reusable helper functions perform 32-bit bitwise operations used throughout the SHA-256 algorithm:
- rotr(x, n): rotates bits to the right (wraps around)
- shr(x, n): shifts bits right (fills with zeros)
They are used in the Σ (big sigma) and σ (small sigma) functions across Problems 1.4–1.7.


In [80]:
U32 = np.uint32  # Define 32-bit unsigned integer type

def rotr(x: np.uint32, n: int) -> np.uint32:
    """
    Perform a right rotation on a 32-bit word.

    The bits that fall off the right end are wrapped around to the left side.
    Mixes bits without losing information.

    Args:
        x (np.uint32): 32-bit input word.
        n (int): Number of positions to rotate (0-31).

    Returns:
        np.uint32: Rotated 32-bit word.

    Example:
        rotr(0b1001, 1) -> 0b1100

    References:
          I took the ROTR n(x) operation from page 5, section 2.2.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §3.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x = U32(x)
    n = n % 32  # make sure rotation stays within 32 bits
    return U32((x >> n) | (x << (32 - n)))

# Test to confirm it wraps bits correctly
#x = U32(0b10010000)
#print("Input :", bin(int(x)))
#print("ROTR 1:", bin(int(rotr(x, 1))))   # Expect 0b01001000 (bits shift right by 1)
#print("ROTR 4:", bin(int(rotr(x, 4))))   # Expect 0b00001001 (wrap-around rotation)

def shr(x: np.uint32, n: int) -> np.uint32:
    """
    Perform a right shift on a 32-bit word.

    Bits shifted out on the right are discarded,
    and zeros fill from the left side.

    Args:
        x (np.uint32): 32-bit input word.
        n (int): Number of bits to shift (0-31).

    Returns:
        np.uint32: Shifted 32-bit word.

    References:
          I took the SHR n(x) operation from page 6 section 2.2.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §3.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    return U32(x) >> U32(n)

# Test to confirm shr() helper function


#x = U32(0b10010000)   # Input
#print("Input :", bin(int(x)))

# Test 1: shift right by 1
# Expect 0b01001000 (the rightmost bit 0 falls off, new 0 enters on left)
#print("SHR 1:", bin(int(shr(x, 1))))

# Test 2: shift right by 4
# Expect 0b00001001 (the four rightmost bits drop, zeros fill in)
#print("SHR 4:", bin(int(shr(x, 4))))

# Test 3: shift right by 8 (entire byte moves out)
# Expect 0b0 (all bits dropped)
#print("SHR 8:", bin(int(shr(x, 8))))

# !!! Remember the tests don't fill out all 8 bits 1001 is 00001001


In [81]:
#PROBLEM 1.4

U32 = np.uint32

def Sigma0(x: np.uint32) -> np.uint32:
    """
    Σ₀(x) = ROTR²(x) ^ ROTR¹³(x) ^ ROTR²²(x)

    Big Sigma 0.
    Performs three right rotations and XORs them together to provide strong bit diffusion.

    Args:
        x (np.uint32): 32-bit input word.

    Returns:
        np.uint32: Result of Σ₀(x).

    References:
          This reference showed me the exact amounts I needed to rotate. Page 10, section 4.1.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x = U32(x)
    return U32(rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22)) # I took these rotates from page 10 of the Secure Hash Standard. Section 4.1.2


#PROBLEM 1.5

def Sigma1(x: np.uint32) -> np.uint32:
    """
    Σ₁(x) = ROTR⁶(x) ^ ROTR¹¹(x) ^ ROTR²⁵(x)

    Big Sigma 1 function.
    Applies multiple rotations and XORs to further randomize bit positions.

    Args:
        x (np.uint32): 32-bit input word.

    Returns:
        np.uint32: Result of Σ₁(x).

    References:
          This reference showed me the exact amounts I needed to rotate. Page 10, section 4.1.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x = U32(x)
    return U32(rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25)) # I took these rotates from page 10 of the Secure Hash Standard. Section 4.1.2

In [82]:
# Example tests for Big Sigma functions 0 and 1
w = U32(0x12345678)

print("Input:", hex(int(w)))
print("Σ₀(x):", hex(int(Sigma0(w))))
print("Σ₁(x):", hex(int(Sigma1(w))))

Input: 0x12345678
Σ₀(x): 0x66146474
Σ₁(x): 0x3561abda


In [83]:
#PROBLEM 1.6

U32 = np.uint32

def sigma0(x: np.uint32) -> np.uint32:
    """
    σ₀(x) = ROTR⁷(x) ^ ROTR¹⁸(x) ^ SHR³(x)

    Small sigma 0 function.
    Combines rotations and a right shift to spread bit patterns.

    Args:
        x (np.uint32): 32-bit input word.

    Returns:
        np.uint32: Result of σ₀(x).

    References:
          This reference showed me the exact amounts I needed to rotate and shift right. Page 10, section 4.1.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x = U32(x)
    return U32(rotr(x, 7) ^ rotr(x, 18) ^ shr(x, 3)) # I took these rotates and shift right from page 10 of the Secure Hash Standard. Section 4.1.2

#PROBLEM 1.7

def sigma1(x: np.uint32) -> np.uint32:
    """
    σ₁(x) = ROTR¹⁷(x) ^ ROTR¹⁹(x) ^ SHR¹⁰(x)

    Small sigma 1 function.
    Combines rotations and a right shift to spread bit patterns.

    Args:
        x (np.uint32): 32-bit input word.

    Returns:
        np.uint32: Result of σ₁(x).

    References:
          This reference showed me the exact amounts I needed to rotate and shift right. Page 10, section 4.1.2
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015. §4.1.2.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9: Hash Functions and Data Integrity.
          https://cacr.uwaterloo.ca/hac/
    """
    x = U32(x)
    return U32(rotr(x, 17) ^ rotr(x, 19) ^ shr(x, 10)) # I took these rotates and shift right from page 10 of the Secure Hash Standard. Section 4.1.2

In [84]:
# Example tests for Small sigma 0 and 1
w = U32(0x12345678)

print("Input:", hex(int(w)))

print("σ₀(x):", hex(int(sigma0(w))))
print("σ₁(x):", hex(int(sigma1(w))))

Input: 0x12345678
σ₀(x): 0xe7fce6ee
σ₁(x): 0xa1f78649


## Problem 2: Fractional Parts of Cube Roots

In [85]:
#PROBLEM 2.1

def primes(n: int) -> np.ndarray:
    """
    Generate the first n prime numbers using a trial division algorithm.

    Each number starting from 2 is tested for divisibility by all previously found primes.
    This process continues until n primes are collected.

    Args:
        n (int): Number of prime numbers to generate.

    Returns:
        np.ndarray: Array of the first n prime numbers as 32-bit unsigned integers.

    References:
        - National Institute of Standards and Technology. Secure Hash Standard (SHS),
          FIPS PUB 180-4, 2015, §4.2.2 (p. 11).
          States that SHA-256 constants are derived from the first 64 prime numbers.
          Available at: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).
          *Handbook of Applied Cryptography*, CRC Press.
          Chapter 9, Section 9.4 (pp. 352-354).
          Discusses the use of prime numbers in cryptographic constant generation.
          Available at: https://cacr.uwaterloo.ca/hac/
    """

    primes_list = []        # Store prime numbers found so far
    num = 2                 # Start checking from the first prime number (2)

    # Continue until we find 'n' prime numbers
    while len(primes_list) < n:
        # Check if 'num' is divisible by any smaller prime
        for p in primes_list:
            if num % p == 0:  # If divisible, not a prime
                break
        else:
            # If not divisible by any previous primes, it's a new prime
            primes_list.append(num)

        num += 1  # Move to the next number and test again

    # Convert the list of primes into a NumPy array of 32-bit integers
    return np.array(primes_list, dtype=np.uint32)


In [86]:
# Generate and print the first 10 prime numbers
print(primes(10))

# Expected result [ 2  3  5  7 11 13 17 19 23 29]

[ 2  3  5  7 11 13 17 19 23 29]


In [87]:
#PROBLEM 2.2

def cube_root_fractions(prime_array: np.ndarray) -> np.ndarray:
    """
    Compute the fractional parts of the cube roots of given prime numbers.

    Each constant used in SHA-256 is derived from the fractional part of the
    cube root of a prime number. For each prime p:
        cube_root = p ** (1/3)
        fraction  = cube_root - floor(cube_root)

    Args:
        prime_array (np.ndarray): Array of prime numbers.

    Returns:
        np.ndarray: Fractional parts of cube roots as 64-bit floats.

    References:
        - National Institute of Standards and Technology.
          *Secure Hash Standard (SHS)*, FIPS PUB 180-4 (2015), §4.2.2, p. 11.  
          Describes the use of fractional parts of cube roots of the first 64 primes
          to derive SHA-256 constants.  
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

        - Menezes, A., van Oorschot, P., & Vanstone, S. (1996).  
          *Handbook of Applied Cryptography*, CRC Press, Chapter 9 (§9.4, pp. 352-354).  
          Explains the mathematical reasoning for using fractional parts of
          irrational roots in cryptographic constant generation.  
          https://cacr.uwaterloo.ca/hac/
    """
    # Compute cube roots for all primes
    cube_roots = np.cbrt(prime_array)

    # Extract the fractional part (decimal portion) of each cube root
    fractional_parts = cube_roots - np.floor(cube_roots)

    return fractional_parts

In [88]:
# Use first 10 primes from Problem 2.1
p = primes(10)
fractions = cube_root_fractions(p)

print("Primes:", p)
print("Fractional parts of cube roots:", fractions)

# Expected Results
#Primes: [ 2  3  5  7 11 13 17 19 23 29]


Primes: [ 2  3  5  7 11 13 17 19 23 29]
Fractional parts of cube roots: [0.25992105 0.44224957 0.70997595 0.91293118 0.22398009 0.35133469
 0.57128159 0.66840165 0.84386698 0.07231683]


In [89]:
#PROBLEM 2.3

# Use 32-bit unsigned integers
U32 = np.uint32


def fractions_to_u32(fractions):
    """
    Turn fractional cube-root values into 32-bit numbers.

    Steps:
    1. Multiply each fraction by 2^32 (shifts the decimal point 32 bits to the left).
    2. Keep only the whole number part (remove everything after the decimal).
    3. Convert the result to a 32-bit unsigned integer (same size SHA-256 uses).

    Args:
        fractions (np.ndarray): Array of fractional cube-root values between 0 and 1.

    Returns:
        np.ndarray: Array of 32-bit unsigned integers (np.uint32).
    """
    # Scale up the fractions so that their decimal parts become whole numbers
    scaled = fractions * (2 ** 32)

    # Floor removes the decimal part and keeps only the integer value
    integers = np.floor(scaled)

    # Cast to np.uint32 to make sure we only keep 32 bits
    constants = integers.astype(U32)

    # Return the array of 32-bit constants
    return constants


def sha256_constants_from_primes(n=64):
    """
    Make the SHA-256 constants (K values) from the first n primes.

    Steps:
    1. Get the first n prime numbers.
    2. Find the fractional parts of their cube roots.
    3. Convert the fractions into 32-bit numbers.

    Args:
        n (int): How many prime numbers to use. Default is 64.

    Returns:
        np.ndarray: Array of 32-bit SHA-256 constants (K[0..n-1]).
    """
    # Generate the first n prime numbers (Problem 2.1)
    primes_list = primes(n)

    # Get the fractional part of each cube root (Problem 2.2)
    fractions = cube_root_fractions(primes_list)

    # Then turn those fractions into 32-bit unsigned integers
    constants = fractions_to_u32(fractions)

    # Return all constants as a NumPy array
    return constants


def to_hex_words(numbers):
    """
    Change 32-bit numbers into 8-digit hexadecimal strings.

    Each constant is printed in the same format as in the FIPS standard.

    Args:
        numbers (np.ndarray): Array of 32-bit integers (np.uint32).

    Returns:
        list[str]: List of hexadecimal strings like '0x428a2f98'.
    """
    hex_list = []  # I used to store hex values

    # Loop through every number in the array
    for n in numbers:
        # int(n) converts from NumPy type to normal Python int
        # :08x turns the number into hex to 8 digits (32 bits)
        # Add the "0x" prefix so it looks like standard hex format
        hex_list.append(f"0x{int(n):08x}")

    # Return the list of formatted hex strings
    return hex_list

In [90]:
# Generate all 64 constants
K = sha256_constants_from_primes(64)

# Print the first 8 constants as hex to check they match the standard
print(to_hex_words(K[:8]))


['0x428a2f98', '0x71374491', '0xb5c0fbcf', '0xe9b5dba5', '0x3956c25b', '0x59f111f1', '0x923f82a4', '0xab1c5ed5']


In [91]:
#PROBLEM 2.4

def display_sha256_constants():
    """
    Display all 64 SHA-256 constants in 8-digit hexadecimal format.

    This function:
    1. Generates the 64 constants using the cube roots of the first 64 primes.
    2. Converts each 32-bit constant to hexadecimal (0xXXXXXXXX).
    3. Prints the constants 8 per line, with their index labels.

    Each constant matches the official K values listed in FIPS PUB 180-4, Table 4 (p. 12).

    References:
        - National Institute of Standards and Technology.
          *Secure Hash Standard (SHS)*, FIPS PUB 180-4 (2015),
          §4.2.2 (p. 11) and Table 4 (p. 12).  
          This standard defines how the 64 SHA-256 constants (K₀-K₆₃) are created
          from the fractional parts of the cube roots to the first 64 prime numbers
          and provides their official 8-digit hexadecimal values.
          https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
    """

    # Generate the 64 constants (uses functions from Problems 2.1 and 2.2)
    K = sha256_constants_from_primes(64)

    # Convert each 32-bit value to an 8-digit hexadecimal string
    hex_K = to_hex_words(K)

    # Print the constants neatly: 8 per row with their index numbers
    print("SHA-256 Constants (K[0..63]) in Hex:\n")
    for i in range(0, 64, 8):
        # Build one row of 8 constants with their indices (e.g., K[00]=0x428a2f98)
        row_items = [f"K[{i+j:02d}]={hex_K[i+j]}" for j in range(8)]
        print("  " + "  ".join(row_items))


# Run the display function
display_sha256_constants()


SHA-256 Constants (K[0..63]) in Hex:

  K[00]=0x428a2f98  K[01]=0x71374491  K[02]=0xb5c0fbcf  K[03]=0xe9b5dba5  K[04]=0x3956c25b  K[05]=0x59f111f1  K[06]=0x923f82a4  K[07]=0xab1c5ed5
  K[08]=0xd807aa98  K[09]=0x12835b01  K[10]=0x243185be  K[11]=0x550c7dc3  K[12]=0x72be5d74  K[13]=0x80deb1fe  K[14]=0x9bdc06a7  K[15]=0xc19bf174
  K[16]=0xe49b69c1  K[17]=0xefbe4786  K[18]=0x0fc19dc6  K[19]=0x240ca1cc  K[20]=0x2de92c6f  K[21]=0x4a7484aa  K[22]=0x5cb0a9dc  K[23]=0x76f988da
  K[24]=0x983e5152  K[25]=0xa831c66d  K[26]=0xb00327c8  K[27]=0xbf597fc7  K[28]=0xc6e00bf3  K[29]=0xd5a79147  K[30]=0x06ca6351  K[31]=0x14292967
  K[32]=0x27b70a85  K[33]=0x2e1b2138  K[34]=0x4d2c6dfc  K[35]=0x53380d13  K[36]=0x650a7354  K[37]=0x766a0abb  K[38]=0x81c2c92e  K[39]=0x92722c85
  K[40]=0xa2bfe8a1  K[41]=0xa81a664b  K[42]=0xc24b8b70  K[43]=0xc76c51a3  K[44]=0xd192e819  K[45]=0xd6990624  K[46]=0xf40e3585  K[47]=0x106aa070
  K[48]=0x19a4c116  K[49]=0x1e376c08  K[50]=0x2748774c  K[51]=0x34b0bcb5  K[52]=0x391c0cb3  

In [92]:
def verify_sha256_constants():
    """
    Compare the generated SHA-256 constants with the official ones from FIPS 180-4.

    Steps:
    1. Generate the 64 constants using the earlier functions.
    2. Define the official constants directly from FIPS 180-4 Table 4.
    3. Check if every constant matches the official value.
    4. Print the result (all match or mismatch found).

    Returns:
        None - Prints a message showing whether all constants match.

    References:
        - National Institute of Standards and Technology.
          *Secure Hash Standard (SHS)*, FIPS PUB 180-4 (2015),
          §4.2.2 (p. 11) and Table 4 (p. 12).
          I used this because it lists the official SHA-256 constants I am trying to verify against.
    """

    # Generate the 64 constants using our own implementation
    generated = sha256_constants_from_primes(64)

    # The 64 constants officially listed in the Secure Hash Standard (FIPS 180-4)
    hex_vals = [
        0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
        0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
        0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
        0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
        0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
        0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
        0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
        0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
        0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
        0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
        0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
        0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
        0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
        0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
        0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
        0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
    ]
    # Convert to 32-bit unsigned integers for comparison
    official = np.array(hex_vals, dtype=U32)

    # Check if the two sets of constants are the same
    if np.array_equal(generated, official):
        # If everything matches the success message gets printed
        print(" All 64 SHA-256 constants match the official FIPS 180-4 values.")
    else:
        # If there are differences the failure message gets printed
        print(" Mismatch found between generated and official constants.")

        # Show where the mismatches occurred
        # I changed a value in hex_vals to test this
        for i, (g, o) in enumerate(zip(generated, official)):
            if g != o:
                print(f"  K[{i:02d}]: 0x{int(g):08x} != 0x{int(o):08x}")


In [93]:
# 2.4 – display
display_sha256_constants()

# 2.5 – verify
ok = verify_sha256_constants()


SHA-256 Constants (K[0..63]) in Hex:

  K[00]=0x428a2f98  K[01]=0x71374491  K[02]=0xb5c0fbcf  K[03]=0xe9b5dba5  K[04]=0x3956c25b  K[05]=0x59f111f1  K[06]=0x923f82a4  K[07]=0xab1c5ed5
  K[08]=0xd807aa98  K[09]=0x12835b01  K[10]=0x243185be  K[11]=0x550c7dc3  K[12]=0x72be5d74  K[13]=0x80deb1fe  K[14]=0x9bdc06a7  K[15]=0xc19bf174
  K[16]=0xe49b69c1  K[17]=0xefbe4786  K[18]=0x0fc19dc6  K[19]=0x240ca1cc  K[20]=0x2de92c6f  K[21]=0x4a7484aa  K[22]=0x5cb0a9dc  K[23]=0x76f988da
  K[24]=0x983e5152  K[25]=0xa831c66d  K[26]=0xb00327c8  K[27]=0xbf597fc7  K[28]=0xc6e00bf3  K[29]=0xd5a79147  K[30]=0x06ca6351  K[31]=0x14292967
  K[32]=0x27b70a85  K[33]=0x2e1b2138  K[34]=0x4d2c6dfc  K[35]=0x53380d13  K[36]=0x650a7354  K[37]=0x766a0abb  K[38]=0x81c2c92e  K[39]=0x92722c85
  K[40]=0xa2bfe8a1  K[41]=0xa81a664b  K[42]=0xc24b8b70  K[43]=0xc76c51a3  K[44]=0xd192e819  K[45]=0xd6990624  K[46]=0xf40e3585  K[47]=0x106aa070
  K[48]=0x19a4c116  K[49]=0x1e376c08  K[50]=0x2748774c  K[51]=0x34b0bcb5  K[52]=0x391c0cb3  

## Problem 3: Padding

### Problem 3.1 – Message Length and Conversion

This part calculates the length of the input message in **bits (ℓ)**, as required by the SHA-256 standard.

- The message is received as a bytes object.
- The length in bits is found by multiplying the number of bytes by 8.
- This value (ℓ) is later appended as a 64-bit big-endian integer during the final padding step.

In [94]:
# Problem 3.1 – Message Length and Conversion

def message_length_bits(msg: bytes) -> int:
    """
    Calculate the length of the input message in bits.

    Steps:
    1. Take the input message (bytes object).
    2. Find its length in bytes.
    3. Multiply by 8 to get the length in bits.
    4. Return the length as an integer.

    Args:
        msg (bytes): The input message.

    Returns:
        int: The message length in bits.

    Example:
        b"abc" → 3 bytes x 8 = 24 bits.

    References:
        - FIPS PUB 180-4 (2015), §5.1.1 - Message Padding, p. 14:
          "Suppose that the length of the message, M, is ℓ bits."
          This value (ℓ) represents the original message length in bits,
          which must later be appended as a 64-bit integer during padding.
    """

    # Get message length in bytes
    msg_len_bytes = len(msg)

    # Convert to bits
    msg_len_bits = msg_len_bytes * 8

    # Return the bit length
    return msg_len_bits


# Example test:
print(message_length_bits(b"abc"))  # Expected output: 24

# I used this to test my function message "abc" returns 24
#msg1 = b"abc"
#print("Test – 'abc'")
#print("Expected bit length:", len(msg1) * 8)
#print("Actual bit length:  ", message_length_bits(msg1))
#print()


24


### Problem 3.2 – Append the '1' Bit and Zero Padding

This part adds the padding bits as defined in the SHA-256 standard:

1. Append a single '1' bit (0x80 in hex) to mark the end of the message.
2. Add '0' bits (0x00 bytes) until the message length (in bits) is **congruent to 448 mod 512**.
3. The final 64 bits (representing the original message length) will be added later.

This ensures the padded message leaves exactly **64 bits** at the end of each 512-bit block for the message length.

In [95]:
# Problem 3.2 – Append the '1' Bit and Zero Padding

def pad_message(msg: bytes) -> bytes:
    """
    Pad the input message according to FIPS PUB 180-4 §5.1.1.

    Steps:
    1. Append a single '1' bit to the message (0x80 in hex).
    2. Append '0' bits (0x00 bytes) until the message length (in bits)
       is congruent to 448 modulo 512.
    3. The final 64 bits (for the message length) will be added in Problem 3.3.

    Args:
        msg (bytes): The input message.

    Returns:
        bytes: The padded message (without the length field).

    Example:
        b"abc" → b"abc" + 0x80 + 423 zero bits (until length ≡ 448 mod 512)

    References:
        - FIPS PUB 180-4 (2015), §5.1.1 - Message Padding, p. 14:
          "Append the bit '1' to the end of the message, followed by k zero bits,
          where k is the smallest, non-negative solution to the equation
          ℓ + 1 + k ≡ 448 mod 512."
    """

    # Current message length in bits
    msg_len_bits = len(msg) * 8

    # Append the single '1' bit (0x80)
    padded = msg + b'\x80'

    # Compute how many zero bytes (0x00) to add -
    # (Total bits so far + 64 for the length) ≡ 0 mod 512
    while ((len(padded) * 8) % 512) != 448:
        padded += b'\x00'

    # Return padded message (without final 64-bit length)
    return padded


# I used this to test so the total message length would end at 448. 
# This leaves the message length of 64 bits that will be added in the next part to make 512 bits

# Example test:
#test_msg = b"abc"
#padded = pad_message(test_msg)
#print("Original length (bits):", len(test_msg) * 8)
#print("Padded length (bits):  ", len(padded) * 8)
#print("Remainder mod 512:     ", (len(padded) * 8) % 512)


### Problem 3.3 – Append the 64-bit Message Length

This part completes the SHA-256 padding process by appending the **64-bit big-endian representation** of the original message length (ℓ) to the padded message.

1. Compute the original message length in bits using `message_length_bits()`.
2. Apply the `'1'` bit and zero padding from `pad_message()` until the message length ≡ 448 mod 512.
3. Convert the bit length (ℓ) into an 8-byte (64-bit) big-endian integer.
4. Append this to the end of the padded message.

The final message length will now be a **multiple of 512 bits**, ready to be split into 512-bit blocks in Problem 3.4.

In [96]:
# Problem 3.3 – Append the 64-bit Message Length

def append_length_field(msg: bytes) -> bytes:
    """
    Complete the padding by appending the 64-bit message length (ℓ).

    Steps:
    1. Get the original message length in bits.
    2. Apply padding using pad_message() (adds '1' and '0' bits until 448 mod 512).
    3. Append the 64-bit big-endian representation of the message length.
    4. Return the fully padded message, now a multiple of 512 bits.

    Args:
        msg (bytes): The input message.

    Returns:
        bytes: The fully padded message (including 64-bit length field).

    Example:
        b"abc" → 512-bit (64-byte) padded message ready for block parsing.

    References:
        - FIPS PUB 180-4 (2015), §5.1.1 - Message Padding, p. 14:
          "Then append the 64-bit block that is equal to the number ℓ expressed using a binary representation.
          ... The length of the padded message should now be a multiple of 512 bits."
          This section was used to implement the final step of padding, ensuring the message length
          is correctly stored as a 64-bit integer for SHA-256 processing.
    """

    # Get original message length in bits
    msg_len_bits = message_length_bits(msg)

    # Apply '1' bit and zero padding
    padded = pad_message(msg)

    # Convert the length to 64-bit bytes
    length_field = msg_len_bits.to_bytes(8, byteorder='big')

    # Append the length field to the end of the padded message
    final_padded = padded + length_field

    return final_padded

# I used this to test the fully padded message is 512 bits
# It confirms the last 8 bytes store the original message length in bits

# Example test:
# msg = b"abc"
# final_block = append_length_field(msg)

# print("Final padded length (bits):", len(final_block) * 8)
# print("Multiple of 512:", (len(final_block) * 8) % 512 == 0)
# print("Last 8 bytes (length field):", final_block[-8:].hex())


### Problem 3.4 – Message Parsing into 512-bit Blocks

This part finalizes the SHA-256 message preparation process by splitting the **fully padded message** into 512-bit (64-byte) blocks.

Steps:
1. The message is fully padded using `append_length_field()`, which ensures the message is a multiple of 512 bits.
2. The generator `block_parse()` iterates through the padded message in 64-byte chunks.
3. Each 512-bit block is yielded as a separate bytes object, ready for the SHA-256 compression function.

For example, the message `b"abc"` produces one 64-byte (512-bit) block.

In [97]:
# Problem 3.4 – Message Parsing into 512-bit Blocks

def block_parse(msg: bytes):
    """
    Generator function processes the input message into 512-bit (64-byte) blocks.

    Steps:
    1. Fully pad the message using append_length_field().
    2. Split the padded message into 64-byte (512-bit) chunks.
    3. Yield each block as a bytes object for processing in later steps.

    Args:
        msg (bytes): The original unpadded message.

    Yields:
        bytes: The next 512-bit (64-byte) block of the padded message.

    Example:
        For a short message like b"abc", this will yield one 64-byte block.

    References:
        - FIPS PUB 180-4 (2015), §5.2.1 - Message Parsing, p. 15:
          "The message and its padding are parsed into N 512-bit blocks,
          M(1), M(2), …, M(N), where the number of blocks N = L / 512."
          This section was used to guide the block generation process,
          ensuring the padded message is correctly split into 512-bit chunks.
    """

    # Fully pad the message (adds '1' bit, zeros, and length)
    padded = append_length_field(msg)

    # Yield each 512-bit (64-byte) block
    for i in range(0, len(padded), 64):
        yield padded[i:i + 64]


# Tests that block_parse() correctly pads and splits "abc" into a single 512-bit block.
# Prints the block in hex to confirm the expected SHA-256 format (61626380...0018)

# Example test:

# Define a short test message (3 bytes = 24 bits)
msg = b"abc"

# Print the original message before padding
print("Original message:", msg)

# Display each 512-bit (64-byte) block generated by block_parse()
print("\nGenerated 512-bit blocks:")
for i, block in enumerate(block_parse(msg), start=1):
    # Print the block number, size, and its contents in hexadecimal
    print(f"Block {i} ({len(block)} bytes): {block.hex()}")


Original message: b'abc'

Generated 512-bit blocks:
Block 1 (64 bytes): 61626380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018


## Problem 4: Hashes

## Problem 5: Passwords
